├── LICENSE
├── README.md
├── Recon.sh
└── bug_bounty_script.sh


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Shubham Rooter   -  Shubham Tiwari
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | ## Bug Bounty Script
  2 | 
  3 | Bug Bounty Script is a powerful and versatile Bash script designed to automate security testing tasks for bug bounty hunting. This script streamlines the process of reconnaissance, port scanning, vulnerability scanning, and more, helping security researchers and bug bounty hunters efficiently identify potential security vulnerabilities in target domains.
  4 | 
  5 | 
  6 | ## Prerequisites
  7 | 
  8 | Before running the script, ensure that you have the following tools installed on your system:
  9 | 
 10 | - Nmap
 11 | - Dirb
 12 | - DNSenum
 13 | - Whois
 14 | - WhatWeb
 15 | - Wappalyzer
 16 | - Nikto
 17 | - Sublist3r
 18 | - Xsser
 19 | - SQLMap
 20 | - Nuclei
 21 | - Amass
 22 | 
 23 | Refer to the respective tool documentation for installation instructions.
 24 | 
 25 | 
 26 | ## Features
 27 | 
 28 | - Automates various security testing tasks, including DNS enumeration, whois lookup, HTTP fingerprinting, and technology stack detection.
 29 | - Performs comprehensive port scanning using Nmap to identify open ports and gather information about the target system.
 30 | - Conducts thorough web server scanning with Nikto, uncovering potential vulnerabilities in the target's web applications.
 31 | - Scans for subdomains using Sublist3r, enabling the discovery of additional attack vectors.
 32 | - Performs directory enumeration with Dirb to identify hidden directories and files on the target's web server.
 33 | - Checks for XSS vulnerabilities using Xsser, a powerful cross-site scripting (XSS) scanner.
 34 | - Detects SQL injection vulnerabilities using SQLMap, a popular tool for automated SQL injection detection and exploitation.
 35 | - Conducts vulnerability scanning with Nuclei, a highly extensible and fast scanner for detecting potential vulnerabilities.
 36 | - Performs automated reconnaissance with Amass, a versatile and comprehensive tool for discovering subdomains, domain names, and associated IP addresses.
 37 | 
 38 | ## Options
 39 | 
 40 |     -h or --help: Display the usage instructions.
 41 |     -l <file> or --list <file>: Specify a file containing target domain(s) to scan.
 42 |     -d <domain> or --domain <domain>: Specify a single target domain to scan.
 43 |     -o <directory> or --output <directory>: Specify the output directory path.
 44 |     -nt <threads> or --nmap-threads <threads>: Specify the number of threads for Nmap (default: 100).
 45 |     -dt <threads> or --dirb-threads <threads>: Specify the number of threads for Dirb (default: 10).
 46 | 
 47 | ## Usage
 48 | 
 49 | 1. Clone the repository:
 50 | 
 51 |    ```shell
 52 |    git clone https://github.com/your-username/bug-bounty-script.git
 53 |    
 54 |    ```
 55 |    ```
 56 |    cd bug-bounty-script
 57 |     ```
 58 |     ```
 59 |    chmod +x bug_bounty_script.sh
 60 |     ```
 61 |    
 62 |     
 63 |     To scan multiple target domains listed in a file:
 64 |     ```
 65 |    ./bug_bounty_script.sh -l domains.txt
 66 |    ```
 67 |    To scan a single target domain and specify the output directory:
 68 |    ```
 69 |    ./bug_bounty_script.sh -d example.com -o output_directory
 70 |    ```
 71 |    To scan a single target domain and specify the output directory:
 72 |    ```
 73 |    ./bug_bounty_script.sh -d example.com -o output_directory
 74 | 
 75 |  
 76 |   To adjust the number of threads for Nmap and Dirb:
 77 |   ```
 78 |    ./bug_bounty_script.sh -nt 50 -dt 5
 79 |  ```
 80 |    
 81 | 
 82 | ## Contribution
 83 | 
 84 | Contributions are welcome! If you have any suggestions, bug reports, or feature requests, please open an issue or submit a pull request.
 85 | 
 86 | ## Maintainers :
 87 | 
 88 | `This Repo is maintained by : `
 89 | 
 90 | - [Shubham Rooter](https://github.com/shubham-rooter)
 91 | 
 92 | ### Author :
 93 | 
 94 | **Shubham Rooter**
 95 | 
 96 | * [Github](https://www.github.com/shubham-rooter)
 97 | * [Twitter](https://www.twitter.com/shubhamtiwari_r)
 98 | * [Instagram](https://www.instagram.com/shubham_rooter)
 99 | * [Linkdin](https://www.linkedin.com/in/shubham-tiwari09/)  
100 | 
101 | ### License :
102 | 
103 | Copyright © 2023, [Shubham Rooter](https://github.com/Shubham-Rooter).
104 | Released under the [MIT License](LICENSE).
105 | 
106 | ***Thankyou.***
107 | ***Happy Hunting..***
108 | 


--------------------------------------------------------------------------------
/Recon.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Set the target URL
 4 | url="https://example.com"
 5 | 
 6 | # Set the output file
 7 | output_file="recon_results.txt"
 8 | 
 9 | # Perform subdomain enumeration
10 | echo "Performing subdomain enumeration..."
11 | subdomains=$(subfinder -d $url)
12 | subdomains+=$(sublist3r -d $url)
13 | subdomains+=$(massdns -d $url)
14 | echo $subdomains >> $output_file
15 | 
16 | # Perform directory and file discovery
17 | echo "Performing directory and file discovery..."
18 | dirsearch -u $url -e * >> $output_file
19 | 
20 | # Check for open ports and running services
21 | echo "Performing port scan..."
22 | nmap -sC -sV $url >> $output_file
23 | 
24 | # Check for known vulnerabilities
25 | echo "Checking for known vulnerabilities..."
26 | vulners -s $url >> $output_file
27 | 
28 | # Retrieve JavaScript files
29 | echo "Retrieving JavaScript files..."
30 | GetJS -u $url >> $output_file
31 | 
32 | # Find links
33 | echo "Finding links..."
34 | GoLinkFinder -u $url >> $output_file
35 | 
36 | # Get all URLs
37 | echo "Retrieving all URLs..."
38 | getallurls -u $url >> $output_file
39 | 
40 | # Check for URLs in Wayback Machine
41 | echo "Checking for URLs in Wayback Machine..."
42 | WayBackUrls -u $url >> $output_file
43 | 
44 | # Check for robots.txt in Wayback Machine
45 | echo "Checking for robots.txt in Wayback Machine..."
46 | WayBackRobots -u $url >> $output_file
47 | 
48 | # Check for Forced Browsing vulnerabilities
49 | echo "Checking for Forced Browsing vulnerabilities..."
50 | FFuF -u $url >> $output_file
51 | 
52 | # Check for XSS vulnerabilities
53 | echo "Checking for XSS vulnerabilities..."
54 | XSSHunter -u $url >> $output_file
55 | 
56 | # Check for SQL injection vulnerabilities
57 | echo "Checking for SQL injection vulnerabilities..."
58 | SQLMap -u $url >> $output_file
59 | 
60 | # Check for XXE vulnerabilities
61 | echo "Checking for XXE vulnerabilities..."
62 | XXEInjector -u $url >> $output_file
63 | 
64 | # Check for SSRF vulnerabilities
65 | echo "Checking for SSRF vulnerabilities..."
66 | SSRFDetector -u $url >> $output_file
67 | 
68 | # Check for secrets in Git repository
69 | echo "Checking for secrets in Git repository..."
70 | GitTools -u $url >> $output_file
71 | gitallsecrets -u $url >> $output_file
72 | 
73 | # Check for race condition vulnerabilities
74 | echo "Checking for race condition vulnerabilities..."
75 | RaceTheWeb -u $url >> $output_file
76 | 
77 | # Check for CORS misconfigurations
78 | echo "Checking for CORS misconfigurations..."
79 | CORStest -u $url >> $output_file
80 | 
81 | # Take screenshots
82 | echo "Taking screenshots..."
83 | EyeWitness -u $url >> $output_file
84 | 
85 | # Check for parameter tampering vulnerabilities
86 | echo "Checking for parameter tampering vulnerabilities..."
87 | parameth -u $url >> $output_file
88 | 
89 | echo "Recon complete!" 
90 | 


--------------------------------------------------------------------------------
/bug_bounty_script.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Bug Bounty Script
  4 | 
  5 | # Configuration
  6 | target_urls=()
  7 | output_directory="<output_directory>"
  8 | nmap_threads=100
  9 | dirb_threads=10
 10 | 
 11 | # Colors for formatting
 12 | GREEN='\033[0;32m'
 13 | CYAN='\033[0;36m'
 14 | RED='\033[0;31m'
 15 | NC='\033[0m' # No Color
 16 | 
 17 | # Display banner
 18 | display_banner() {
 19 |     echo -e "${CYAN}"
 20 | echo -e "██████╗░██╗░░░██╗░██████╗░  ██████╗░░█████╗░██╗░░░██╗███╗░░██╗████████╗██╗░░░██╗"
 21 | echo -e "██╔══██╗██║░░░██║██╔════╝░  ██╔══██╗██╔══██╗██║░░░██║████╗░██║╚══██╔══╝╚██╗░██╔╝"
 22 | echo -e "██████╦╝██║░░░██║██║░░██╗░  ██████╦╝██║░░██║██║░░░██║██╔██╗██║░░░██║░░░░╚████╔╝░"
 23 | echo -e "██╔══██╗██║░░░██║██║░░╚██╗  ██╔══██╗██║░░██║██║░░░██║██║╚████║░░░██║░░░░░╚██╔╝░░"
 24 | echo -e "██████╦╝╚██████╔╝╚██████╔╝  ██████╦╝╚█████╔╝╚██████╔╝██║░╚███║░░░██║░░░░░░██║░░░"
 25 | echo -e "╚═════╝░░╚═════╝░░╚═════╝░  ╚═════╝░░╚════╝░░╚═════╝░╚═╝░░╚══╝░░░╚═╝░░░░░░╚═╝░░░"
 26 | 
 27 |     echo -e "${NC}"
 28 | }
 29 | 
 30 | # Function to display usage instructions
 31 | display_help() {
 32 |     echo -e "Bug Bounty Script By Shubham Tiwari"
 33 |     echo -e "Usage: ./bug_bounty_script.sh [OPTIONS]"
 34 |     echo -e "Options:"
 35 |     echo -e "  -h, --help\t\tDisplay usage instructions"
 36 |     echo -e "  -l, --list\t\tSpecify a file containing target domain(s)"
 37 |     echo -e "  -d, --domain\t\tSpecify a single target domain"
 38 |     echo -e "  -o, --output\t\tSpecify the output directory path"
 39 |     echo -e "  -nt, --nmap-threads\tSpecify the number of threads for Nmap (default: 100)"
 40 |     echo -e "  -dt, --dirb-threads\tSpecify the number of threads for Dirb (default: 10)"
 41 |     echo
 42 |     echo -e "Social Media:"
 43 |     echo -e "  Twitter:   https://twitter.com/shubhamtiwari_r"
 44 |     echo -e "  LinkedIn:  https://www.linkedin.com/in/shubham-tiwari09"
 45 |     echo -e "  GitHub:    https://github.com/shubham-rooter"
 46 | }
 47 | 
 48 | # Parse command line arguments
 49 | while [[ $# -gt 0 ]]; do
 50 |     case "$1" in
 51 |         -h|--help)
 52 |             display_help
 53 |             exit 0
 54 |             ;;
 55 |         -l|--list)
 56 |             if [[ -n "$2" ]]; then
 57 |                 while IFS= read -r domain || [[ -n "$domain" ]]; do
 58 |                     target_urls+=("$domain")
 59 |                 done < "$2"
 60 |                 shift 2
 61 |             else
 62 |                 echo -e "${RED}Error: File not specified.${NC}"
 63 |                 exit 1
 64 |             fi
 65 |             ;;
 66 |         -d|--domain)
 67 |             if [[ -n "$2" ]]; then
 68 |                 target_urls+=("$2")
 69 |                 shift 2
 70 |             else
 71 |                 echo -e "${RED}Error: Domain not specified.${NC}"
 72 |                 exit 1
 73 |             fi
 74 |             ;;
 75 |         -o|--output)
 76 |             if [[ -n "$2" ]]; then
 77 |                 output_directory="$2"
 78 |                 shift 2
 79 |             else
 80 |                 echo -e "${RED}Error: Output directory not specified.${NC}"
 81 |                 exit 1
 82 |             fi
 83 |             ;;
 84 |         -nt|--nmap-threads)
 85 |             if [[ -n "$2" ]]; then
 86 |                 nmap_threads="$2"
 87 |                 shift 2
 88 |             else
 89 |                 echo -e "${RED}Error: Number of threads for Nmap not specified.${NC}"
 90 |                 exit 1
 91 |             fi
 92 |             ;;
 93 |         -dt|--dirb-threads)
 94 |             if [[ -n "$2" ]]; then
 95 |                 dirb_threads="$2"
 96 |                 shift 2
 97 |             else
 98 |                 echo -e "${RED}Error: Number of threads for Dirb not specified.${NC}"
 99 |                 exit 1
100 |             fi
101 |             ;;
102 |         *)
103 |             echo -e "${RED}Error: Invalid option: $1${NC}"
104 |             exit 1
105 |             ;;
106 |     esac
107 | done
108 | 
109 | # Display banner
110 | display_banner
111 | 
112 | # Perform bug bounty scanning for each target URL
113 | for target_url in "${target_urls[@]}"; do
114 |      # Additional reconnaissance tools
115 |     echo -e "${GREEN}Running additional reconnaissance tools${NC}"
116 | 
117 |     # Perform DNS enumeration with DNSenum
118 |     echo -e "${GREEN}Performing DNS enumeration with DNSenum${NC}"
119 |     dnsenum "$target_url"
120 | 
121 |     # Perform whois lookup with Whois
122 |     echo -e "${GREEN}Performing whois lookup with Whois${NC}"
123 |     whois "$target_url"
124 | 
125 |     # Perform HTTP fingerprinting with WhatWeb
126 |     echo -e "${GREEN}Performing HTTP fingerprinting with WhatWeb${NC}"
127 |     whatweb "$target_url"
128 | 
129 |     # Perform technology stack detection with Wappalyzer
130 |     echo -e "${GREEN}Performing technology stack detection with Wappalyzer${NC}"
131 |     wappalyzer "$target_url"
132 | 
133 |     echo -e "${GREEN}Scanning target: $target_url${NC}"
134 |     nmap -p 80,443 -T4 -A -Pn --max-parallelism $nmap_threads $target_url
135 | 
136 |     echo -e "${GREEN}Checking for open ports${NC}"
137 |     nmap -p- -T4 -Pn --max-parallelism $nmap_threads $target_url
138 | 
139 |     echo -e "${GREEN}Running Nikto web server scanner${NC}"
140 |     nikto -h $target_url
141 | 
142 |     echo -e "${GREEN}Scanning for subdomains using Sublist3r${NC}"
143 |     sublist3r -d $target_url -o "$output_directory/$target_url-subdomains.txt"
144 | 
145 |     echo -e "${GREEN}Performing directory enumeration with Dirb${NC}"
146 |     dirb "http://$target_url" -r -o "$output_directory/$target_url-dirb.txt" -t $dirb_threads
147 | 
148 |     echo -e "${GREEN}Scanning for XSS vulnerabilities with Xsser${NC}"
149 |     xsser -u $target_url
150 | 
151 |     echo -e "${GREEN}Checking for SQL injection with SQLMap${NC}"
152 |     sqlmap -u $target_url --batch
153 | 
154 |     echo -e "${GREEN}Running Nuclei for vulnerability scanning${NC}"
155 |     nuclei -l "$output_directory/$target_url-subdomains.txt" -t vulnerabilities/ -o "$output_directory/$target_url-nuclei.txt"
156 | 
157 |     echo -e "${GREEN}Performing automated reconnaissance with Amass${NC}"
158 |     amass enum -d $target_url -o "$output_directory/$target_url-amass.txt"
159 | 
160 |     echo -e "${GREEN}Completed bug bounty scan for $target_url${NC}"
161 |     echo
162 | done
163 | 


--------------------------------------------------------------------------------