alexisahmed / bugbountytoolkit Goto Github PK
View Code? Open in Web Editor NEWA multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.
Home Page: https://hub.docker.com/r/hackersploit/bugbountytoolkit
A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.
Home Page: https://hub.docker.com/r/hackersploit/bugbountytoolkit
Adding a feature request to build a CI/CD pipeline for dockerfile building. This will alleviate the issue of pull requests breaking the build status by providing feedback in the request on whether or not it built.
I am not able to use wordlists with tools such gobuster,dirb or any other tool which requires the use of it.
For instance when I tried trying to using it with dirb,it gets stuck at * Generating Wordlist...
dirb http://192.168.43.27 ~/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
START_TIME: Sun Jul 5 13:22:52 2020
URL_BASE: http://192.168.43.27/
WORDLIST_FILES: /root/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
^C* Generating Wordlist...
The tools that are being added can we also add from which user we will be adding the tool.
as the same tool exists with multiple users.
It will be great if docker Includes the famous Metasploit framework as well?
What are your thoughts @AlexisAhmed ?
XSRFProbe is a really solid tool to perform xsrf exploits and perl is used by a few tools that I am know of !!!
#perl
RUN cd ${HOME}/ && \
curl -O https://www.cpan.org/src/5.0/perl-5.32.0.tar.gz && \
tar -xzf perl-5.32.0.tar.gz && \
rm perl-5.32.0.tar.gz && \
cd perl-5.32.0 && \
./Configure -de
# XSRFProbe
RUN cd ${HOME}/toolkit && \
git clone https://github.com/0xInfection/XSRFProbe.git && \
cd XSRFProbe && \
python3 setup.py install
bb97695 removes "$@" in the bootloader joomscan script which no longer passes arguments to the called perl script.
Fetched 43.2 MB in 13s (3321 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 28381 files and directories currently installed.)
Preparing to unpack .../libc6-dev_2.27-3ubuntu1.2_amd64.deb ...
Unpacking libc6-dev:amd64 (2.27-3ubuntu1.2) over (2.27-3ubuntu1) ...
Preparing to unpack .../libc-dev-bin_2.27-3ubuntu1.2_amd64.deb ...
Unpacking libc-dev-bin (2.27-3ubuntu1.2) over (2.27-3ubuntu1) ...
Preparing to unpack .../linux-libc-dev_4.15.0-111.112_amd64.deb ...
Unpacking linux-libc-dev:amd64 (4.15.0-111.112) over (4.15.0-106.107) ...
Preparing to unpack .../libc6_2.27-3ubuntu1.2_amd64.deb ...
Unpacking libc6:amd64 (2.27-3ubuntu1.2) over (2.27-3ubuntu1) ...
Setting up libc6:amd64 (2.27-3ubuntu1.2) ...
(Reading database ... 28381 files and directories currently installed.)
Preparing to unpack .../libc-bin_2.27-3ubuntu1.2_amd64.deb ...
Unpacking libc-bin (2.27-3ubuntu1.2) over (2.27-3ubuntu1) ...
Setting up libc-bin (2.27-3ubuntu1.2) ...
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
dpkg: error processing package libc-bin (--configure):
installed libc-bin package post-installation script subprocess returned error exit status 139
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@43e421ca836b:~/toolkit#
Why not use the kali rolling or Parrot OS base image?
While using the docker image:
DIRB v2.22
By The Dark Raver
START_TIME: Sun Jul 5 15:25:26 2020
URL_BASE: https://www.hackersploit.org/
WORDLIST_FILES: /root/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
*** Generating Wordlist...
Joomscan must be executed manually from the toolkit directory. Use the following commands.
perl joomscan.pl
I have issues in the building because of issues on
CloudFlair
No matching distribution found for censys==2.0.9
and
droopescan
Add more tools like:
gau
ffuf
john
hashcat
waybackurls
kxss
httprobe
httpx
gf
nuclei
dalfox
fping
metasploit
qsreplace
impacket
gitgrabber
xsshunter
gdb
I suggest you to add the tool 'httpx' from ProjectDiscovery.
Github url: https://github.com/projectdiscovery/httpx
while running on nmap or something it takes time and we can use tmux to switch between the terminal easily.
The container was pulled directly from docker hub
[ 9:24AM ] [ root@70cce5c4a3f5:~/toolkit ]
$ wfuzz
/usr/local/lib/python2.7/dist-packages/wfuzz/__init__.py:35: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
Traceback (most recent call last):
File "/usr/local/bin/wfuzz", line 11, in <module>
load_entry_point('wfuzz==3.1.0', 'console_scripts', 'wfuzz')()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2852, in load_entry_point
return ep.load()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2443, in load
return self.resolve()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2449, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/local/lib/python2.7/dist-packages/wfuzz/__init__.py", line 55, in <module>
from .options import FuzzSession
File "/usr/local/lib/python2.7/dist-packages/wfuzz/options.py", line 6, in <module>
from .facade import (
File "/usr/local/lib/python2.7/dist-packages/wfuzz/facade.py", line 65
class Facade(metaclass=Singleton):
^
SyntaxError: invalid syntax
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.