/gerobug

The First Open Source Bug Bounty Platform

Primary LanguageHTMLGNU Affero General Public License v3.0AGPL-3.0

Gerobug: The First Open Source Bug Bounty Platform.

gerobugLogo

CodeQL License Black Hat Arsenal Black Hat Arsenal

Gerobug

The first open source self-managed bug bounty platform.

Are you a company, planning to have your own bug bounty program, with minimum budget?

WE GOT YOU!

We are aware that some organizations have had difficulty establishing their own bug bounty program.
Using a third-party managed platform usually comes with a hefty price tag and security risks. (If you know, you know...)
In the other hand, creating your own self-managed platform will take time and effort to build and maintain it.


Why Gerobug?

  • EASY                     : Have your bug bounty program running with just single line of command
  • SECURE                 : Gerobug uses email parser and network segregation to minimize security risks.
  • OPEN SOURCE     : It is FREE.

(Minimum) Recommended Specification

  • Ubuntu 24.04
  • vCPU 2 Core
  • RAM 2 GB
  • HDD 16 GB

Requirements

  • Gmail or Outlook Email with App password implemented
  • VPN Server (Recommended for Production Server)
  • Domain for HTTPS (Recommended for Production Server)
  • Port 80, 443, 6320
  • Python 3.x
  • Docker
  • Docker Compose v2

(You don't need to install anything manually, we'll do it for you!)


Deployment and Usage

To deploy gerobug:

  1. Clone this repository
git clone https://github.com/gerobug/gerobug
cd gerobug
  1. Run the Setup Script:
./gerobug.sh
  1. Follow the setup instructions (Read the documentation for details)
  2. By default, Gerobug Dashboard will listen at port 6320

Access the login page at http://[Domain/IP]:6320/login

Credential
Username  : geromin
Password   : Randomly generated at gerobug/gerobug_dashboard/secrets/gerobug_secret.env


You can read the detailed documentation here


Main Features

  • Network Segregation
    All services are running on seperate containers. Public users should only able to access the static page (Rules and guidelines).

  • Easy and Quick Installation
    Use our run script to install Gerobug, its quick and easy!

  • HTTPS Implementation
    Automated HTTPS configuration using NGINX and Let's Encrypt.

  • Homepage
    This should be the only page accessible by public, which contains Rules and Guidelines for your bug bounty program.

  • Email Parser
    Bug Hunter will submit their findings by email, which Gerobug will parse, filter, and show them on dashboard.

  • Auto Reply and Notification for Bug Hunters
    Bug Hunter's inquiries will be automatically replied and notified if there any updates on their report.

  • Notification Channel
    Company will also be notified via Slack/Telegram if there any new report.

  • User Management
    Gerobug has a role-based user management.

  • Report Management
    Manage reports easily using a kanban model dashboard.

  • Report Filtering and Flagging
    Reports from Bug Hunter will be filtered and flagged if there are duplicate indication.

  • CVSS / OWASP Risk Calculator
    Gerobug has an integrated CVSS / OWASP Risk Calculator to support the bug review process.

  • Email Blacklisting
    Gerobug can temporarily block and release emails that conducted spam activity.

  • Auto Generate Certificate
    We can generate certificate of appreciations for bug hunters so you don't have to ;)

  • Personalization
    You can customize Gerobug to fit your brand colors

  • Logging and Log Rotation
    Gerobug have internal audit log with log rotation enabled

  • Hall of Fame / Wall of fame / Leaderboard
    Yeah we have it too


Authors


Feedback

If you have any feedback, please reach out to us at gerobug.id@gmail.com