Monitoring your targets for bug bounties
Hi there,
This is gonna be one of my favorite articles I’ve ever written. Automation, that’s a pretty familiar word. Maybe you’ve heard people saying that they got some bounties by just using some simple automation. So in this article, I will be discussing bug bounty automation.
Requirements
A VPS server or a Raspberry Pi (I use Raspberry Pi as one can also use it for other purposes)
Knowledge of some programming language (of course, python preferred)
LINUX as its powerful
And CRON (crontab), the backbone
So starting with the backbone, the CRON. So if you don’t know about crontab, here’s a brief description:-
Cron is a command line utility, which schedules the tasks and runs them automatically as specified.
The way you can access it on your Linux machine is by using sudo crontab -e. If you’re running it for the first time, it will ask you for the text editor of your choice. You could use anyone according to your needs.
So I’ve selected nano and if you see my scheduled jobs, you will find multiple things (I know you might be wondering about CRYPTO MINING, but that’s not the part of this article but still I will talk about this at the end.
So you can see that I’ve deployed many scripts from the ‘bots’ folder in the user directory. You could specify multiple commands to be run at a particular time. So let’s start with the syntax of CRON
Crontab
So, if you open crontab for the first time, you’ll find the basic syntax, PLEASE, DON’T REMOVE THE PART DISCUSSING THE SYNTAX, IT WILL HELP YOU IN THE FUTURE, and I’ve dropped it below for your reference
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').
#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
So the basic syntax is
m h dom mon dow command
Where ‘m’ is minute
‘h’ is the hour
‘dom’ is the day of the week
‘mon’ is month and
‘dow’ is a day of the week
So now let’s do some practicals:-
Run nuclei scan in /home/user/nuclei-scans/directory for target https://www.example.com with ‘-as’ (automatic scan flag) and output the results to ‘nuclei-scan.txt’ everyday at 12:00 AM
So, let’s do it step by step. First of all, you have to go to the directory specified, so the command would be cd /home/user/nuclei-scans/ . So now, once we’ve switched to the directory, we need to build the command for nuclei. Assuming that the nuclei binary is set to path (or in /usr/bin directory), the command will be nuclei -t https://www.example.com -as -o nuclei-scan.txt. Now once we’ve built two commands, let’s combine them, so the final command will be:-
cd /home/user/nuclei-scans/ && nuclei -t https://www.example.com -as -o nuclei-scan.txt So now, once we’ve build the command, let’s add it to crontab.
So the first thing in crontab syntax is minute. So the minute here is ‘00′ (12:00 AM) the next thing is the hour, so since here it is 12:00 AM, we will convert it to 24-hour format, so it will become ‘00’. The next thing is dom, mon, and dow, so since we are running it everyday, it will be ‘*’ (asterisk, for wildcard). So finally, the line we would add to crontab would be:-
00 00 * * * cd /home/user/nuclei-scans/ && nuclei -t https://www.example.com -as -o nuclei-scan.txt Adding this line to crontab would run nuclei scan automatically at 12 AM every day
Channel to send messages to
For this, simply head over to Slack (sending message to email is easier but not that suitable for this task, as you could end up messing up your inbox), and create a workspace and channels for different tasks. You could use the guide here for setting up an app and how to use it to send messages to Slack channels.
The python/bash script
So, you could use any script of your choice, but I use Python for this because it is powerful and easy (bash is also easy, but I feel more comfortable while scripting in Python, so we’ll talk about Python).
So assuming that you’ve a bit of experience in Python programming and you’ve created a Slack webhook
You could use the following code for sending messages to Slack (sorry for using this poor method 😅)
import os
slack_webhook = "<slack_webhook_URL>"
def sendMsg(msg):
if slack_send_msg == True:
os.system("curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"" + msg + "\"}' " + slack_webhook)
else:
print(msg)
So, I’ve deployed three bots, The first is to look for new subdomains, next to check subdomain takeover, and one to run nuclei.
So since I am on a metered connection, I scan only a few targets (5–7 domains)
You can see the algorithm in the file below:-
What if I don’t want to buy/rent a raspberry-pi/VPS server?
You could do the same with your laptop/PC. Just at the place of time, you could use @reboot , so it would run the scan every time your machine is rebooted/started. The example command below will run nuclei every time the laptop is rebooted:-
@reboot cd /home/user/nuclei-scans/ && nuclei -t https://www.example.com -as -o nuclei-scan.txt
And the crypto mining (not related to this topic but for fun)
Since the task won’t be running all the time, we should utilize it for something. So, I do crypto mining. There are multiple coins available but the coin best suitable for raspberry-pi/VPS is Duino-Coin. You could explore its website and start mining (you won’t get rich by this mining, but it will give you some experience with crypto mining, which could be a good investment).
Important: Make sure you don’t mine with the machine you do your work on as it consumes a lot of processing power of your machine.
I hope that this article will help you set up your monitoring machine. Feel free to comment on this article your thoughts 🙂