-
Notifications
You must be signed in to change notification settings - Fork 35
How to use the scripts
Shell functions to help you with some BBRF repetitive tasks
Use addProgram [(h1/bugcrowd/intigriti/self/other) author]
This command is used to add a program to the database. The addPrograms command receives two parameters:
-
The first one is the place where you will report the bugs you find in that program. It can be h1 (hackerone), bugcrowd, intigriti, selfhosted, etc.
-
The second is the name of the person who added the program to the database.
Example:
addProgram h1 hacker001 (in case we want to add a hackerone program and register that hacker001 added it. This is useful if you work with more people adding programs).
After that, the command will ask for information about the program:
> addPrograms h1
Program name: Test
Reward? (1:money[default:press Enter], 2:points, 3:thanks) 1
Url? https://hackerone.com/test?type=team
Recon? (1:false, 2:true) 2
Android app? (1:false[default:press Enter], 2:true) 1
iOS app? (1:false[default:press Enter], 2:true) 1
Source code? (1:false[default:press Enter], 2:true) 1
Add IN scope:
*.test.com *.test-payment.example.com *.example.com domain.com
inscope:
*.test.com
*.test-payment.example.com
*.example.com
domain.com
Add OUT scope: noTest.example.com payment.example.com www.test.comOnce we have provided the data that addPrograms asks for, it will start finding all possible subdomains of the supplied domains, verify that they are alive and that they have an HTTP service enabled and finally return all URLs ready to be audited.
For example, this returns addPrograms when we add a program like Trustpilot:
> addPrograms h1
Program name: Trustpilot
Reward? (1:money[default:press Enter], 2:points, 3:thanks) 1
Url? https://hackerone.com/trustpilot?type=team
Recon? (1:false, 2:true) 2
Android app? (1:false[default:press Enter], 2:true) 1
iOS app? (1:false[default:press Enter], 2:true) 1
Source code? (1:false[default:press Enter], 2:true) 1
Add IN scope:
*.truspilot.com
inscope:
*.truspilot.com
Add OUT scope: *.apidoc.trustpilot.com *.apps.trustpilot.com *.press.trustpilot.com *.support.trustpilot.com trustpilot.com
Running bbrf mode
Running subfinder
[NEW] fr.truspilot.com
[NEW] widget.truspilot.com
[NEW] ns2.truspilot.com
[NEW] mx0.truspilot.com
[NEW] mail2.truspilot.com
[NEW] ww2.truspilot.com
...TRUNCATED...
[NEW] smtp2.truspilot.com
Running assetfinder
httpx domains
[NEW] http://ww25.nl-be.truspilot.com
[NEW] http://ww25.business.truspilot.com
[NEW] https://ww25.trustlytics.truspilot.com
[NEW] http://ww25.fr.truspilot.com
...TRUNCATED...
[NEW] https://mailout.truspilot.com
[NEW] https://mail01.truspilot.com
httprobe domainsNote that if addProgram finds new URL's it will mark them as [new], but if it finds URL's that were already registered in the database, then it will mark them as [update].
Now you have a good amount of URL's on which to start looking for bugs 😎
This command is used to check if we already have a program in your BBRF/Couch database. It is usually used before the addProgram command.
Use: checkProgram program
Example:
> checkProgram att
Programs found:
ATT
Automattic
Mattermost
As you can see the command returns 3 results:
- ATT
- Automattic
- Mattermost
For our case, the program we wanted to check if it existed was ATT.
The function is case insensitive, so we don't have to worry about typing the name correctly. It will return any program whose name contains att. This is helpful if we don't remember the exact name of the program, but we know a part of its name.
You just give the command a hint and it does the rest!