-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathbug_bounty_script.sh
More file actions
162 lines (139 loc) · 6.31 KB
/
bug_bounty_script.sh
File metadata and controls
162 lines (139 loc) · 6.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#!/bin/bash
# Bug Bounty Script
# Configuration
target_urls=()
output_directory="<output_directory>"
nmap_threads=100
dirb_threads=10
# Colors for formatting
GREEN='\033[0;32m'
CYAN='\033[0;36m'
RED='\033[0;31m'
NC='\033[0m' # No Color
# Display banner
display_banner() {
echo -e "${CYAN}"
echo -e "██████╗░██╗░░░██╗░██████╗░ ██████╗░░█████╗░██╗░░░██╗███╗░░██╗████████╗██╗░░░██╗"
echo -e "██╔══██╗██║░░░██║██╔════╝░ ██╔══██╗██╔══██╗██║░░░██║████╗░██║╚══██╔══╝╚██╗░██╔╝"
echo -e "██████╦╝██║░░░██║██║░░██╗░ ██████╦╝██║░░██║██║░░░██║██╔██╗██║░░░██║░░░░╚████╔╝░"
echo -e "██╔══██╗██║░░░██║██║░░╚██╗ ██╔══██╗██║░░██║██║░░░██║██║╚████║░░░██║░░░░░╚██╔╝░░"
echo -e "██████╦╝╚██████╔╝╚██████╔╝ ██████╦╝╚█████╔╝╚██████╔╝██║░╚███║░░░██║░░░░░░██║░░░"
echo -e "╚═════╝░░╚═════╝░░╚═════╝░ ╚═════╝░░╚════╝░░╚═════╝░╚═╝░░╚══╝░░░╚═╝░░░░░░╚═╝░░░"
echo -e "${NC}"
}
# Function to display usage instructions
display_help() {
echo -e "Bug Bounty Script By Shubham Tiwari"
echo -e "Usage: ./bug_bounty_script.sh [OPTIONS]"
echo -e "Options:"
echo -e " -h, --help\t\tDisplay usage instructions"
echo -e " -l, --list\t\tSpecify a file containing target domain(s)"
echo -e " -d, --domain\t\tSpecify a single target domain"
echo -e " -o, --output\t\tSpecify the output directory path"
echo -e " -nt, --nmap-threads\tSpecify the number of threads for Nmap (default: 100)"
echo -e " -dt, --dirb-threads\tSpecify the number of threads for Dirb (default: 10)"
echo
echo -e "Social Media:"
echo -e " Twitter: https://twitter.com/shubhamtiwari_r"
echo -e " LinkedIn: https://www.linkedin.com/in/shubham-tiwari09"
echo -e " GitHub: https://github.com/shubham-rooter"
}
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case "$1" in
-h|--help)
display_help
exit 0
;;
-l|--list)
if [[ -n "$2" ]]; then
while IFS= read -r domain || [[ -n "$domain" ]]; do
target_urls+=("$domain")
done < "$2"
shift 2
else
echo -e "${RED}Error: File not specified.${NC}"
exit 1
fi
;;
-d|--domain)
if [[ -n "$2" ]]; then
target_urls+=("$2")
shift 2
else
echo -e "${RED}Error: Domain not specified.${NC}"
exit 1
fi
;;
-o|--output)
if [[ -n "$2" ]]; then
output_directory="$2"
shift 2
else
echo -e "${RED}Error: Output directory not specified.${NC}"
exit 1
fi
;;
-nt|--nmap-threads)
if [[ -n "$2" ]]; then
nmap_threads="$2"
shift 2
else
echo -e "${RED}Error: Number of threads for Nmap not specified.${NC}"
exit 1
fi
;;
-dt|--dirb-threads)
if [[ -n "$2" ]]; then
dirb_threads="$2"
shift 2
else
echo -e "${RED}Error: Number of threads for Dirb not specified.${NC}"
exit 1
fi
;;
*)
echo -e "${RED}Error: Invalid option: $1${NC}"
exit 1
;;
esac
done
# Display banner
display_banner
# Perform bug bounty scanning for each target URL
for target_url in "${target_urls[@]}"; do
# Additional reconnaissance tools
echo -e "${GREEN}Running additional reconnaissance tools${NC}"
# Perform DNS enumeration with DNSenum
echo -e "${GREEN}Performing DNS enumeration with DNSenum${NC}"
dnsenum "$target_url"
# Perform whois lookup with Whois
echo -e "${GREEN}Performing whois lookup with Whois${NC}"
whois "$target_url"
# Perform HTTP fingerprinting with WhatWeb
echo -e "${GREEN}Performing HTTP fingerprinting with WhatWeb${NC}"
whatweb "$target_url"
# Perform technology stack detection with Wappalyzer
echo -e "${GREEN}Performing technology stack detection with Wappalyzer${NC}"
wappalyzer "$target_url"
echo -e "${GREEN}Scanning target: $target_url${NC}"
nmap -p 80,443 -T4 -A -Pn --max-parallelism $nmap_threads $target_url
echo -e "${GREEN}Checking for open ports${NC}"
nmap -p- -T4 -Pn --max-parallelism $nmap_threads $target_url
echo -e "${GREEN}Running Nikto web server scanner${NC}"
nikto -h $target_url
echo -e "${GREEN}Scanning for subdomains using Sublist3r${NC}"
sublist3r -d $target_url -o "$output_directory/$target_url-subdomains.txt"
echo -e "${GREEN}Performing directory enumeration with Dirb${NC}"
dirb "http://$target_url" -r -o "$output_directory/$target_url-dirb.txt" -t $dirb_threads
echo -e "${GREEN}Scanning for XSS vulnerabilities with Xsser${NC}"
xsser -u $target_url
echo -e "${GREEN}Checking for SQL injection with SQLMap${NC}"
sqlmap -u $target_url --batch
echo -e "${GREEN}Running Nuclei for vulnerability scanning${NC}"
nuclei -l "$output_directory/$target_url-subdomains.txt" -t vulnerabilities/ -o "$output_directory/$target_url-nuclei.txt"
echo -e "${GREEN}Performing automated reconnaissance with Amass${NC}"
amass enum -d $target_url -o "$output_directory/$target_url-amass.txt"
echo -e "${GREEN}Completed bug bounty scan for $target_url${NC}"
echo
done