$30 off During Our Annual Pro Sale. View Details »

Automation for Bug Hunters

Mohammed Diaa
November 29, 2017
Technology
1
4.1k

Automation for Bug Hunters

Mohammed Diaa

November 29, 2017
Tweet

Other Decks in Technology

See All in Technology
いにしえのエンプラ情シスが内製化ではなくアーキテクトの「手の内化」を推進した話
minorun365
1
320
【全7回】グラフはなぜ使われていない?どうやって使われている?グラフデータベース活用事例 #1
oracle4engineer
PRO
3
140
Securing CI/CD Systems Through eBPF (recap)
whywaita
PRO
0
370
SLO策定までの道とChaosEngineeringを使った最適解の見つけ方 / SLO ChaosEngineering
taishin
0
130
謎は全て解けた!安楽椅子探偵に捧げる AWS ネットワーク分析入門 #CNDT2022 / CloudNative Days Tokyo 2022
ytaka23
0
460
「どうでしょうエアキャラバン」における ライブコマースシステムの開発
miu_crescent
0
330
DevOps実装初期フェーズの組織がTerraformとecspressoで求めるAmazon ECS CICDの最適解/AWS ECS CICD with Terraform and ecspresso
tocyuki
8
1k
SwiftUI in LINE LIVE iOS - Technology Selection and Implementation
techverse_2022
PRO
0
200
Cloud Native NFV がチームにもたらしたもの / Cloud Native NFV Changed Our Team
line_developers
PRO
1
290
ROSCon 2023に発表提案しませんか?
takasehideki
0
310
i3DESIGN_Culture_Book / for Engineer
i3design
0
170
2022技育祭_映写資料②
techtekt
0
170

Featured

See All Featured
Atom: Resistance is Futile
akmur
256
24k
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Building Adaptive Systems
keathley
25
1.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
4
3.6k
Producing Creativity
orderedlist
PRO
335
37k
Intergalactic Javascript Robots from Outer Space
tanoku
260
25k
The Illustrated Children's Guide to Kubernetes
chrisshort
22
42k
What the flash - Photography Introduction
edds
64
10k
Gamification - CAS2011
davidbonilla
75
4k
Six Lessons from altMBA
skipperchong
15
1.6k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
12
1.1k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k

Transcript

  1. Automation for Bug Hunters Never send a human to do

    a machine’s job

  2. Who am I? • Mohammed Diaa / @mhmdiaa • Bug

    hunter • Web developer • Tool creator

  3. Outline • Why do we need automation? • What can

    we automate? • Monitoring (the past & the future) • How to do it? • Introducing Bounty Machine • How can the community be more efficient? • Takeaways

  4. Why do we need automation?

  5. Why? Boredom and drudgery are evil http://www.catb.org/esr/faqs/hacker-howto.html#believe3

  6. Why? Repetitive work may exhaust you away from doing what’s

    really worth your time https://bugbountyforum.com/blog/ama/avlidienbrunn/

  7. Why? Automation can help you test a theory quickly http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html

  8. Why? Keep an eye out for changes / new assets

    https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY

  9. What can we automate?

  10. What? Environment setup • Kali rolling on AWS • Docker

    • Shell scripts Reporting • Template Generator • Bug Bounty Templates • Bounty Report Generator Recon and basic testing There are many tools; the trick is to make them work together.

  11. Monitoring

  12. Monitoring the past • Google time filter (thanks almoroot and

    avlidienbrunn) • WaybackMachine (WaybackUnifier) ◦ robots.txt (thanks zseano) ◦ API documentation (thanks filedescriptor) ◦ JS files ◦ HTML (comments / more JS / endpoints / input names) • Old mobile app versions ◦ Creds ◦ Endpoints

  13. Monitoring the future • API documentation • JS code (thanks

    Jobert) • Mobile app updates (thanks Arne) • Dev blogs • Google News • Everything else (more on that later)

  14. How to do it?

  15. = tool = portion of info = group of tools

    = info How?

  16. How?

  17. How?

  18. How?

  19. How?

  20. How?

  21. How?

  22. How?

  23. Introducing Bounty Machine

  24. Bounty Machine Anshuman Bhartiya and I are working on a

    cool project. Project objective: allow researchers to compose complex workflows in a modular fashion. It will implement all the mentioned workflows and more. We will hopefully demo it soon.

  25. Features • Runs multiple tools in a chain • Fully

    modular (you can plug in the new hot tool) • Monitoring • Customized notifications (get notified only when something interesting comes up)

  26. How to add a new tool 1. Build a Docker

    image for your tool. 2. Define what data it needs. 3. Define what data it produces. 4. Specify whether you want to get notified when it finds something. 5. Find a place for it in the workflow where it can play with other tools (optional).

  27. What happens behind the scenes 1. Run the tool 2.

    Translate its output into something that other tools can use. 3. Check if the output has changed since the last time. 4. Notify the user about newly-found results. 5. Pass it to other tools to perform further checks. 6. Do this all the time for all targets.

  28. How can the community be more efficient?

  29. What we do wrong The community rebuilds existing tools too

    often. If your new tool isn’t more helpful, you’re probably wasting your time. We should focus more on building new tools and extending existing ones.

  30. Why do we rebuild tools? • Unawareness of the existence

    of a tool • Boredom • Unmaintained projects • Different requirements

  31. List of tools we have https://bugbountyforum.com/tools/ Purpose: 1. Help beginners

    and experts alike find new tools to add to their arsenal. 2. Inform tool developers about existing tools so they don’t set out to build them. Updated regularly

  32. List of tools we need https://ideas.bugbountyforum.com Contribute new ideas. If

    you like an idea, build a new tool for it. You can find interesting problems to solve. No more Less duplicate tools!

  33. Takeaways • If something can be automated, automate it. •

    Always monitor your target’s online assets. • Dig into the past of your target. • Your tools are good, but they’re better together. • If you have a tool suggestion, share it. • Tools should be easily connectable. • Don’t reinvent the wheel (unless your wheel is rounder).