Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Automation for Bug Hunters

9732cd910e0047fcdd40b1d765bbc84a?s=47 Mohammed Diaa
November 29, 2017
Technology
1
2k

Automation for Bug Hunters

9732cd910e0047fcdd40b1d765bbc84a?s=128

Mohammed Diaa

November 29, 2017
Tweet

Other Decks in Technology

See All in Technology
9b63847a4c413a2604e1d64e5d595dab?s=48 humank
0
220
4649f3418cb4e7b951ca28e65003c7ac?s=48 sumi
0
490
79c9f45e8a3cd4bfa9d7292adb3a6dc0?s=48 kraj
0
3.9k
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
0
120
762c4094331850bef09278aae28f1a32?s=48 unifa_dev
0
390
5825781c988a48130bb0db577f5c0e09?s=48 soachr
1
150
9e4ea8b3f81c2acc322cc6ed0db32be9?s=48 satoshirobatofujimoto
0
110
35f1e35d8c02c612e281c6c7a9d22341?s=48 hirosys
0
140
D7f27502ce4dfef29afae545df767b27?s=48 hsano
0
130
3115a782126be714b5f94d24073c957d?s=48 oracle4engineer
0
2.7k
Dca4f8abd1e78940052ee52c85c4d2ed?s=48 shimacos
2
340
E8fe0220162ea15aab7ec96690cc437a?s=48 pinboro
0
2.2k

Featured

See All Featured
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
4
550
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
81
3.3k
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
318
18k
C86443373fbfe92996aa882d0d7a59f8?s=48 imathis
478
150k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
18
780
282d599b414022eba5096510f675b6e2?s=48 chrislema
173
14k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
168
7.1k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
66
3k
24fc194843a71f10949be18d5a692682?s=48 gr2m
83
11k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
5
650
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
127
20k
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
220
15k

Transcript

  1. Automation for Bug Hunters Never send a human to do

    a machine’s job

  2. Who am I? • Mohammed Diaa / @mhmdiaa • Bug

    hunter • Web developer • Tool creator

  3. Outline • Why do we need automation? • What can

    we automate? • Monitoring (the past & the future) • How to do it? • Introducing Bounty Machine • How can the community be more efficient? • Takeaways

  4. Why do we need automation?

  5. Why? Boredom and drudgery are evil http://www.catb.org/esr/faqs/hacker-howto.html#believe3

  6. Why? Repetitive work may exhaust you away from doing what’s

    really worth your time https://bugbountyforum.com/blog/ama/avlidienbrunn/

  7. Why? Automation can help you test a theory quickly http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html

  8. Why? Keep an eye out for changes / new assets

    https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY

  9. What can we automate?

  10. What? Environment setup • Kali rolling on AWS • Docker

    • Shell scripts Reporting • Template Generator • Bug Bounty Templates • Bounty Report Generator Recon and basic testing There are many tools; the trick is to make them work together.

  11. Monitoring

  12. Monitoring the past • Google time filter (thanks almoroot and

    avlidienbrunn) • WaybackMachine (WaybackUnifier) ◦ robots.txt (thanks zseano) ◦ API documentation (thanks filedescriptor) ◦ JS files ◦ HTML (comments / more JS / endpoints / input names) • Old mobile app versions ◦ Creds ◦ Endpoints

  13. Monitoring the future • API documentation • JS code (thanks

    Jobert) • Mobile app updates (thanks Arne) • Dev blogs • Google News • Everything else (more on that later)

  14. How to do it?

  15. = tool = portion of info = group of tools

    = info How?

  16. How?

  17. How?

  18. How?

  19. How?

  20. How?

  21. How?

  22. How?

  23. Introducing Bounty Machine

  24. Bounty Machine Anshuman Bhartiya and I are working on a

    cool project. Project objective: allow researchers to compose complex workflows in a modular fashion. It will implement all the mentioned workflows and more. We will hopefully demo it soon.

  25. Features • Runs multiple tools in a chain • Fully

    modular (you can plug in the new hot tool) • Monitoring • Customized notifications (get notified only when something interesting comes up)

  26. How to add a new tool 1. Build a Docker

    image for your tool. 2. Define what data it needs. 3. Define what data it produces. 4. Specify whether you want to get notified when it finds something. 5. Find a place for it in the workflow where it can play with other tools (optional).

  27. What happens behind the scenes 1. Run the tool 2.

    Translate its output into something that other tools can use. 3. Check if the output has changed since the last time. 4. Notify the user about newly-found results. 5. Pass it to other tools to perform further checks. 6. Do this all the time for all targets.

  28. How can the community be more efficient?

  29. What we do wrong The community rebuilds existing tools too

    often. If your new tool isn’t more helpful, you’re probably wasting your time. We should focus more on building new tools and extending existing ones.

  30. Why do we rebuild tools? • Unawareness of the existence

    of a tool • Boredom • Unmaintained projects • Different requirements

  31. List of tools we have https://bugbountyforum.com/tools/ Purpose: 1. Help beginners

    and experts alike find new tools to add to their arsenal. 2. Inform tool developers about existing tools so they don’t set out to build them. Updated regularly

  32. List of tools we need https://ideas.bugbountyforum.com Contribute new ideas. If

    you like an idea, build a new tool for it. You can find interesting problems to solve. No more Less duplicate tools!

  33. Takeaways • If something can be automated, automate it. •

    Always monitor your target’s online assets. • Dig into the past of your target. • Your tools are good, but they’re better together. • If you have a tool suggestion, share it. • Tools should be easily connectable. • Don’t reinvent the wheel (unless your wheel is rounder).