Aziz Hakim

This article is for newbies like me whom are interested in building their own automation process in bug bounty. If you're a PRO you shouldn't waste your time by reading this article.

$1.337

Summary:

In InfoSec industry, there are numerous lazy people like me. Most of the time I become too lazy to manually hunt a program and I bet most of the InfoSec folks are on my side. We all know Jason Haddix right ? I call him one of the automation monster in bug bounty community. He's my one of the inspiration of starting create my own automation process and obviously Tom Hudson (@tomnomnom) && Ben Sadeghipour (@nahamsec) are too.

In this article, I will try to explain about "starting build your own automation tool".

If we can learn some languages, we can make our bug bounty life more easier. For instance, Python and Bash will be a good choice of starting.

After gathering basic informations of a target my first approach of automate to a program is with one of my own created sub-domain automation tool named Automator v1. Basically with help of this tool I can do a full sub-domains enumeration on a target. Generally I put some best public tools ( There may have some underrated tools too ) with some of my own methodologies and ideas in a bash script and run it. ( We can say this is like @nahamsec's LazyRecon )

More frankly, I use several tools for enumerating sub-domains. Let's assume sublist3r, assetfinder, subfinder and amass etc. I am too lazy to run these tools one by one. So, here I can write a simple bash script to run all of these tools one by one on a specified target.

Approach:

This simple bash script will run on a target and save outputs in a specified folder. We do not need to run these tools one by one ( manually ).

A simple bash script

#!/bin/bash
#Automator by @4z1zu 
 
domain=$1 
 
echo "sublist3r by @aboul3la"
sublist3r -d $domain -n -o sublist3r.txt
echo "Subfinder by @projectdiscovery"
subfinder -silent -d $domain | tee subfinder.txt
echo "Assetfinder by @tomnomnom"
assetfinder --subs-only $domain | tee assetfinder.txt
echo "Amass by @owasp"
amass enum -src -ip -active -brute -w ~/wordlists/hugedns.txt -d $domain -o amass.txt
echo "Saving amass hosts"
cat amass.txt | cut -d']' -f 2 | awk '{print $1}' | sort -u | tee hosts-amass.txt
echo "Putting all sub-domains together"
cat sublist3r.txt subfinder.txt assetfinder.txt hosts-amass.txt | sort -u | tee hosts.txt
echo "End of Automation v1"

Okay, that was out first approach. Now let's move further.

Live subdomain scanning, port scanning, directory scanning and sub-domain takeover finding.

We got all sub domains, now let's check if they are live or not. If they are, we can do a port scan on all of the sub-domains and then we will go for directory scanning.

#!/bin/bash
#Automator by @4z1zu
echo "httprobe by @tomnomnom"
cat hosts.txt | httprobe -prefer-https | tee https.txt
echo "Mass title checker by @tomnomnom"
cat https.txt | get-title
echo "mass PORT scanning"
cat https.txt dnsprobe -silent -f ip | tee output.txt ; sudo masscan -iL output.txt --rate 10000 -p1-65535 -Pn -oL result.txt
echo "subtake0ver checker"
cat https.txt | nuclei -t ~/tools/nuclei-templates/subdomain-takeover/detect-all-takeovers.yaml
echo "Meg & mass directory scan"
meg -d 1000 -v ~/Desktop/sttafs/wordlists/private-wordlists/meg.txt https.txt meg-output.txt 
echo "Screenshots"
cat https.txt | aquatone -out $domain
echo "End of Automation"

Usage: ./automator_v2.sh

This bash script will run on previous script's output file.

What if we have huge target lists and we want to run a tool on it?

#!/bin/bash
#Automator by @4z1zu
while read line; do subfinder -d $line; done < $1

USAGE: automator.sh input-targets.txt

There are huge awesome tools on internet. The main reason of this article is trying to explain about pairing tools to a single script. These are few idea about writing your own Automation script. You can choose and add your favourite tools.

#BugBountyTip: In twitter, many researchers share their techniques, methodologies. You can grab them and add to your automation script.

You do not need to be PRO on Bash or Python to write your Automation tool. Pick some best tools that you're using already. You may know some underrated tools or you got some private tools from a researcher. You may have a good wordlist. Why you just don't put all together and build your own Automation process ?