Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Automation for Bug Hunters

9732cd910e0047fcdd40b1d765bbc84a?s=47 Mohammed Diaa
November 29, 2017
Technology
1
2.6k

Automation for Bug Hunters

9732cd910e0047fcdd40b1d765bbc84a?s=128

Mohammed Diaa

November 29, 2017
Tweet

Other Decks in Technology

See All in Technology
SRE_チーム立ち上げから1年_気づいたら_SRE_っぽくない仕事まで貢献しちゃってる説
B35fa97f982d550e358a8c689c3f0fef?s=48 bitkey
PRO
0
2.1k
Nutanix_Meetup_20220511
0fca98ba59a23fc0a4a2a53701a2bae1?s=48 keigotomomatsu
0
150
JAWS-UG 朝会 #33 登壇資料
08dd0b93e011904f40d60d5a1b54c671?s=48 takakuni
0
380
街じゅうを"駅前化"する電動マイクロモビリティのシェアサービス「LUUP」のIoTとSRE
1333e8256b0ba80c369f4bcc98a839d7?s=48 0gm
1
590
E2E自動テスト導入・運用をめぐる先入観と実際に起きたこと / Preconceptions and What Happened with E2E Testing
77fa3ebbf229a884c74c905034b1f4c2?s=48 ak1210
1
180
暗号資産ウォレット入門(MetaMaskの入門~NFTの購入~詐欺の注意事項など)
37f853c24b8c02fed3bc1b4dee46bf3e?s=48 kayato
2
190
技術広報の役割を定義してみた 2022年春
E2b467a18ec383cfa0068207e43df7fa?s=48 afroscript
3
2.4k
実験!カオスエンジニアリング / How to Chaos Engineering
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
0
140
CTOのためのQAのつくりかた #scrumniigata / SigSQA How to create QA for CTOs and VPoEs
63d1e567c2c7b1dbf340f7bea9a92876?s=48 caori_t
0
110
How We Foster Reliability in Diversity
Ed424b1e857828ce69b0fdf4c3291d2e?s=48 nari_ex
PRO
9
2.5k
20220510_簡単にできるコスト異常検出(Cost Anomaly Detection) /jaws-ug-asa-cost-anomaly-detection-20220510
97b3cca999b52cb5296675ac0a5c12cd?s=48 emiki
2
320
srenext2022-skaru
B16717ef4b7aab0b253d933c3934f280?s=48 mixi_engineers
1
490

Featured

See All Featured
Why You Should Never Use an ORM
88bc30284c6a424b63a92aad27d0ba36?s=48 jnunemaker
PRO
47
5.5k
VelocityConf: Rendering Performance Case Studies
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
316
22k
Bash Introduction
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
596
210k
GraphQLとの向き合い方2022年版
893f54413c2bd9ba41d11d753aacaf2c?s=48 quramy
16
8.1k
The Invisible Customer
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
110
11k
The Most Common Mistakes in Cover Letters
1ce0eb06fd6a9e9566a0cb310cfee635?s=48 jrick
PRO
4
24k
The Brand Is Dead. Long Live the Brand.
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
45
2.7k
Reflections from 52 weeks, 52 projects
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
337
17k
How GitHub Uses GitHub to Build GitHub
78b475797a14c84799063c7cd073962f?s=48 holman
465
280k
Large-scale JavaScript Application Architecture
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
499
110k
GitHub's CSS Performance
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1020
410k
Faster Mobile Websites
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
294
28k

Transcript

  1. Automation for Bug Hunters Never send a human to do

    a machine’s job

  2. Who am I? • Mohammed Diaa / @mhmdiaa • Bug

    hunter • Web developer • Tool creator

  3. Outline • Why do we need automation? • What can

    we automate? • Monitoring (the past & the future) • How to do it? • Introducing Bounty Machine • How can the community be more efficient? • Takeaways

  4. Why do we need automation?

  5. Why? Boredom and drudgery are evil http://www.catb.org/esr/faqs/hacker-howto.html#believe3

  6. Why? Repetitive work may exhaust you away from doing what’s

    really worth your time https://bugbountyforum.com/blog/ama/avlidienbrunn/

  7. Why? Automation can help you test a theory quickly http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html

  8. Why? Keep an eye out for changes / new assets

    https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY

  9. What can we automate?

  10. What? Environment setup • Kali rolling on AWS • Docker

    • Shell scripts Reporting • Template Generator • Bug Bounty Templates • Bounty Report Generator Recon and basic testing There are many tools; the trick is to make them work together.

  11. Monitoring

  12. Monitoring the past • Google time filter (thanks almoroot and

    avlidienbrunn) • WaybackMachine (WaybackUnifier) ◦ robots.txt (thanks zseano) ◦ API documentation (thanks filedescriptor) ◦ JS files ◦ HTML (comments / more JS / endpoints / input names) • Old mobile app versions ◦ Creds ◦ Endpoints

  13. Monitoring the future • API documentation • JS code (thanks

    Jobert) • Mobile app updates (thanks Arne) • Dev blogs • Google News • Everything else (more on that later)

  14. How to do it?

  15. = tool = portion of info = group of tools

    = info How?

  16. How?

  17. How?

  18. How?

  19. How?

  20. How?

  21. How?

  22. How?

  23. Introducing Bounty Machine

  24. Bounty Machine Anshuman Bhartiya and I are working on a

    cool project. Project objective: allow researchers to compose complex workflows in a modular fashion. It will implement all the mentioned workflows and more. We will hopefully demo it soon.

  25. Features • Runs multiple tools in a chain • Fully

    modular (you can plug in the new hot tool) • Monitoring • Customized notifications (get notified only when something interesting comes up)

  26. How to add a new tool 1. Build a Docker

    image for your tool. 2. Define what data it needs. 3. Define what data it produces. 4. Specify whether you want to get notified when it finds something. 5. Find a place for it in the workflow where it can play with other tools (optional).

  27. What happens behind the scenes 1. Run the tool 2.

    Translate its output into something that other tools can use. 3. Check if the output has changed since the last time. 4. Notify the user about newly-found results. 5. Pass it to other tools to perform further checks. 6. Do this all the time for all targets.

  28. How can the community be more efficient?

  29. What we do wrong The community rebuilds existing tools too

    often. If your new tool isn’t more helpful, you’re probably wasting your time. We should focus more on building new tools and extending existing ones.

  30. Why do we rebuild tools? • Unawareness of the existence

    of a tool • Boredom • Unmaintained projects • Different requirements

  31. List of tools we have https://bugbountyforum.com/tools/ Purpose: 1. Help beginners

    and experts alike find new tools to add to their arsenal. 2. Inform tool developers about existing tools so they don’t set out to build them. Updated regularly

  32. List of tools we need https://ideas.bugbountyforum.com Contribute new ideas. If

    you like an idea, build a new tool for it. You can find interesting problems to solve. No more Less duplicate tools!

  33. Takeaways • If something can be automated, automate it. •

    Always monitor your target’s online assets. • Dig into the past of your target. • Your tools are good, but they’re better together. • If you have a tool suggestion, share it. • Tools should be easily connectable. • Don’t reinvent the wheel (unless your wheel is rounder).