Automation for Bug Hunters

by Mohammed Diaa

Slide 1

Slide 1 text

Automation for Bug Hunters Never send a human to do a machine’s job

Slide 2

Slide 2 text

Who am I? ● Mohammed Diaa / @mhmdiaa ● Bug hunter ● Web developer ● Tool creator

Slide 3

Slide 3 text

Outline ● Why do we need automation? ● What can we automate? ● Monitoring (the past & the future) ● How to do it? ● Introducing Bounty Machine ● How can the community be more efficient? ● Takeaways

Slide 4

Slide 4 text

Why do we need automation?

Slide 5

Slide 5 text

Why? Boredom and drudgery are evil http://www.catb.org/esr/faqs/hacker-howto.html#believe3

Slide 6

Slide 6 text

Why? Repetitive work may exhaust you away from doing what’s really worth your time https://bugbountyforum.com/blog/ama/avlidienbrunn/

Slide 7

Slide 7 text

Why? Automation can help you test a theory quickly http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html

Slide 8

Slide 8 text

Why? Keep an eye out for changes / new assets https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY

Slide 9

Slide 9 text

What can we automate?

Slide 10

Slide 10 text

What? Environment setup ● Kali rolling on AWS ● Docker ● Shell scripts Reporting ● Template Generator ● Bug Bounty Templates ● Bounty Report Generator Recon and basic testing There are many tools; the trick is to make them work together.

Slide 11

Slide 11 text

Monitoring

Slide 12

Slide 12 text

Monitoring the past ● Google time filter (thanks almoroot and avlidienbrunn) ● WaybackMachine (WaybackUnifier) ○ robots.txt (thanks zseano) ○ API documentation (thanks filedescriptor) ○ JS files ○ HTML (comments / more JS / endpoints / input names) ● Old mobile app versions ○ Creds ○ Endpoints

Slide 13

Slide 13 text

Monitoring the future ● API documentation ● JS code (thanks Jobert) ● Mobile app updates (thanks Arne) ● Dev blogs ● Google News ● Everything else (more on that later)

Slide 14

Slide 14 text

How to do it?

Slide 15

Slide 15 text

= tool = portion of info = group of tools = info How?

Slide 16

Slide 16 text

How?

Slide 17

Slide 17 text

How?

Slide 18

Slide 18 text

How?

Slide 19

Slide 19 text

How?

Slide 20

Slide 20 text

How?

Slide 21

Slide 21 text

How?

Slide 22

Slide 22 text

How?

Slide 23

Slide 23 text

Introducing Bounty Machine

Slide 24

Slide 24 text

Bounty Machine Anshuman Bhartiya and I are working on a cool project. Project objective: allow researchers to compose complex workflows in a modular fashion. It will implement all the mentioned workflows and more. We will hopefully demo it soon.

Slide 25

Slide 25 text

Features ● Runs multiple tools in a chain ● Fully modular (you can plug in the new hot tool) ● Monitoring ● Customized notifications (get notified only when something interesting comes up)

Slide 26

Slide 26 text

How to add a new tool 1. Build a Docker image for your tool. 2. Define what data it needs. 3. Define what data it produces. 4. Specify whether you want to get notified when it finds something. 5. Find a place for it in the workflow where it can play with other tools (optional).

Slide 27

Slide 27 text

What happens behind the scenes 1. Run the tool 2. Translate its output into something that other tools can use. 3. Check if the output has changed since the last time. 4. Notify the user about newly-found results. 5. Pass it to other tools to perform further checks. 6. Do this all the time for all targets.

Slide 28

Slide 28 text

How can the community be more efficient?

Slide 29

Slide 29 text

What we do wrong The community rebuilds existing tools too often. If your new tool isn’t more helpful, you’re probably wasting your time. We should focus more on building new tools and extending existing ones.

Slide 30

Slide 30 text

Why do we rebuild tools? ● Unawareness of the existence of a tool ● Boredom ● Unmaintained projects ● Different requirements

Slide 31

Slide 31 text

List of tools we have https://bugbountyforum.com/tools/ Purpose: 1. Help beginners and experts alike find new tools to add to their arsenal. 2. Inform tool developers about existing tools so they don’t set out to build them. Updated regularly

Slide 32

Slide 32 text

List of tools we need https://ideas.bugbountyforum.com Contribute new ideas. If you like an idea, build a new tool for it. You can find interesting problems to solve. No more Less duplicate tools!

Slide 33

Slide 33 text

Takeaways ● If something can be automated, automate it. ● Always monitor your target’s online assets. ● Dig into the past of your target. ● Your tools are good, but they’re better together. ● If you have a tool suggestion, share it. ● Tools should be easily connectable. ● Don’t reinvent the wheel (unless your wheel is rounder).