Automation for Bug Hunters
Never send a human to do a machine’s job
Who am I?
● Mohammed Diaa / @mhmdiaa
● Bug hunter
● Web developer
● Tool creator
● Why do we need automation?
● What can we automate?
● Monitoring (the past & the future)
● How to do it?
● Introducing Bounty Machine
● How can the community be more efficient?
Why do we need automation?
Boredom and drudgery are evil
Repetitive work may exhaust you away from doing
what’s really worth your time
Automation can help you test a theory quickly
Keep an eye out for changes / new assets
What can we automate?
● Kali rolling on AWS
● Shell scripts
● Template Generator
● Bug Bounty Templates
● Bounty Report
Recon and basic testing
There are many tools;
the trick is to make them
Monitoring the past
● Google time filter (thanks almoroot and avlidienbrunn)
● WaybackMachine (WaybackUnifier)
○ robots.txt (thanks zseano)
○ API documentation (thanks filedescriptor)
○ JS files
○ HTML (comments / more JS / endpoints / input names)
● Old mobile app versions
Monitoring the future
● API documentation
● JS code (thanks Jobert)
● Mobile app updates (thanks Arne)
● Dev blogs
● Google News
● Everything else (more on that later)
How to do it?
= portion of info
= group of tools
Introducing Bounty Machine
Anshuman Bhartiya and I are working on a cool project.
Project objective: allow researchers to compose complex
workflows in a modular fashion.
It will implement all the mentioned workflows and more.
We will hopefully demo it soon.
● Runs multiple tools in a chain
● Fully modular (you can plug in the new hot tool)
● Customized notifications (get notified only when
something interesting comes up)
How to add a new tool
1. Build a Docker image for your tool.
2. Define what data it needs.
3. Define what data it produces.
4. Specify whether you want to get notified when it finds
5. Find a place for it in the workflow where it can play
with other tools (optional).
What happens behind the scenes
1. Run the tool
2. Translate its output into something that other tools can
3. Check if the output has changed since the last time.
4. Notify the user about newly-found results.
5. Pass it to other tools to perform further checks.
6. Do this all the time for all targets.
How can the community be
What we do wrong
The community rebuilds existing tools too often.
If your new tool isn’t more helpful, you’re probably wasting
We should focus more on building new tools and extending
Why do we rebuild tools?
● Unawareness of the existence of a tool
● Unmaintained projects
● Different requirements
List of tools we have
1. Help beginners and experts alike find new tools to add to their
2. Inform tool developers about existing tools so they don’t set out to
List of tools we need
Contribute new ideas.
If you like an idea, build a new tool for it.
You can find interesting problems to solve.
No more Less duplicate tools!
● If something can be automated, automate it.
● Always monitor your target’s online assets.
● Dig into the past of your target.
● Your tools are good, but they’re better together.
● If you have a tool suggestion, share it.
● Tools should be easily connectable.
● Don’t reinvent the wheel (unless your wheel is