Suite of programs meant to aid in bug hunting and security assessments
Just because I heard it first here so I thought this meaningless word would be fitting name of a repository I don't know what I'm going to do with.
This repository contains scripts that I wrote or modified other pre-existing scripts, which are useful in Bug Bounty Hunting and Security Assessments of websites.
Flumberbuckets is a multi-threaded tool to automate S3 bucket hunting. I actually got my first bounty through this script so decided develop it further and to further open source it, essentially flumberbuckets takes in a word as argument creates huge list of possible bucket names then finds the buckets that exist & performs tests that you want on those buckets. It provides a good visual overview of buckets that were found and what misconfiguration they have.
Portboozle is a script I wrote as a substitute for masscan as it wasn't working as intended on my machine it wasn't showing the ports that were open on the targets I was scanning while, nmap was showing it properly. I tried to change the config of masscan but it still showed unreliable results, so I decied to write my own script to fix my problems. I know this script is no match for masscan's speed but it's okay for me as it at least shows all ports that were open. If you're facing the same problem with masscan then you could be missing on some open ports try running masscan & nmap on scanme.nmap.org
and compare the results.
If you earned a bounty through use of this script do share the story with me I will be happy to hear that my script was of use to you. You can contact me over twitter @fellchase
If you want to thank me monetarily or want to donate to this project you can do so on paypal.me/fellchase I'll be happy to hear your bug bounty story if you got any bounty with this script.