Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Automation for Bug Hunters

9732cd910e0047fcdd40b1d765bbc84a?s=47 Mohammed Diaa
November 29, 2017
Technology
1
2.1k

Automation for Bug Hunters

9732cd910e0047fcdd40b1d765bbc84a?s=128

Mohammed Diaa

November 29, 2017
Tweet

Other Decks in Technology

See All in Technology
61e7dc2e84a1a1c4ac1a8e2c552fee07?s=48 tutsunom
1
330
73dfdf58c8072916f1b4c62c93279fd7?s=48 yuzoiwasaki
0
170
94870c02836167043f37f05ae1032690?s=48 tatsy
0
130
97d180294474e9df01503148f3b11f39?s=48 lambda
0
230
098ad475722e3697ec2fba28c8654f9f?s=48 yuhta28
0
150
8aba6de431668fc8d09977c0e33c63c1?s=48 jaguar_imo
0
120
1e4cac300be32ee4c840c1e69a5cb2e3?s=48 junendo
0
170
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
0
430
5c3556b7c8c0ab6bc90a62161a8315f8?s=48 gracia
0
980
B1dca90d4b3ffd2ccd918774e1ba170d?s=48 hmatsu47
2
150
C265a1a7dadb2713ff2262025e91d133?s=48 akabekobeko
0
210
19fc8f6113c5c3d86e6176362ff29479?s=48 kanaugust
PRO
0
120

Featured

See All Featured
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
166
19k
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
54
2k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
73
7.5k
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
72
270k
7fa6101cd43067653cf4ac6c7ca54305?s=48 akmur
252
19k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
11
1.7k
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
56
9.4k
245cee81a9c424266e5e401d844ea881?s=48 lara
17
2.9k
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
146
12k
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
502
36k
Ae14cc4491ac334f9cd23f9f93b4305e?s=48 orderedlist
PRO
330
36k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
2
560

Transcript

  1. Automation for Bug Hunters Never send a human to do

    a machine’s job

  2. Who am I? • Mohammed Diaa / @mhmdiaa • Bug

    hunter • Web developer • Tool creator

  3. Outline • Why do we need automation? • What can

    we automate? • Monitoring (the past & the future) • How to do it? • Introducing Bounty Machine • How can the community be more efficient? • Takeaways

  4. Why do we need automation?

  5. Why? Boredom and drudgery are evil http://www.catb.org/esr/faqs/hacker-howto.html#believe3

  6. Why? Repetitive work may exhaust you away from doing what’s

    really worth your time https://bugbountyforum.com/blog/ama/avlidienbrunn/

  7. Why? Automation can help you test a theory quickly http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html

  8. Why? Keep an eye out for changes / new assets

    https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY

  9. What can we automate?

  10. What? Environment setup • Kali rolling on AWS • Docker

    • Shell scripts Reporting • Template Generator • Bug Bounty Templates • Bounty Report Generator Recon and basic testing There are many tools; the trick is to make them work together.

  11. Monitoring

  12. Monitoring the past • Google time filter (thanks almoroot and

    avlidienbrunn) • WaybackMachine (WaybackUnifier) ◦ robots.txt (thanks zseano) ◦ API documentation (thanks filedescriptor) ◦ JS files ◦ HTML (comments / more JS / endpoints / input names) • Old mobile app versions ◦ Creds ◦ Endpoints

  13. Monitoring the future • API documentation • JS code (thanks

    Jobert) • Mobile app updates (thanks Arne) • Dev blogs • Google News • Everything else (more on that later)

  14. How to do it?

  15. = tool = portion of info = group of tools

    = info How?

  16. How?

  17. How?

  18. How?

  19. How?

  20. How?

  21. How?

  22. How?

  23. Introducing Bounty Machine

  24. Bounty Machine Anshuman Bhartiya and I are working on a

    cool project. Project objective: allow researchers to compose complex workflows in a modular fashion. It will implement all the mentioned workflows and more. We will hopefully demo it soon.

  25. Features • Runs multiple tools in a chain • Fully

    modular (you can plug in the new hot tool) • Monitoring • Customized notifications (get notified only when something interesting comes up)

  26. How to add a new tool 1. Build a Docker

    image for your tool. 2. Define what data it needs. 3. Define what data it produces. 4. Specify whether you want to get notified when it finds something. 5. Find a place for it in the workflow where it can play with other tools (optional).

  27. What happens behind the scenes 1. Run the tool 2.

    Translate its output into something that other tools can use. 3. Check if the output has changed since the last time. 4. Notify the user about newly-found results. 5. Pass it to other tools to perform further checks. 6. Do this all the time for all targets.

  28. How can the community be more efficient?

  29. What we do wrong The community rebuilds existing tools too

    often. If your new tool isn’t more helpful, you’re probably wasting your time. We should focus more on building new tools and extending existing ones.

  30. Why do we rebuild tools? • Unawareness of the existence

    of a tool • Boredom • Unmaintained projects • Different requirements

  31. List of tools we have https://bugbountyforum.com/tools/ Purpose: 1. Help beginners

    and experts alike find new tools to add to their arsenal. 2. Inform tool developers about existing tools so they don’t set out to build them. Updated regularly

  32. List of tools we need https://ideas.bugbountyforum.com Contribute new ideas. If

    you like an idea, build a new tool for it. You can find interesting problems to solve. No more Less duplicate tools!

  33. Takeaways • If something can be automated, automate it. •

    Always monitor your target’s online assets. • Dig into the past of your target. • Your tools are good, but they’re better together. • If you have a tool suggestion, share it. • Tools should be easily connectable. • Don’t reinvent the wheel (unless your wheel is rounder).