Bagley is a tool made for bug bounty environments to automate the finding of vulnerabilities in web applications
- Clone this repository
- Configure discord connection in docker-compose.yml
- Run
docker-compose up
help Print this message
start Start execution
stop Stop execution
restart Restart execution
add Add a new domain (add help for more info)
rm Removes a domain
getDomains Print all domains
getPaths Print all paths for a domain
getScript Get script information
getTechnology Get technolofy information
query Query directly to database
getRPS Print current requests per second
setRPS Set requests per second
getActive Print active modules
Each modules runs in a different thread
-
Crawler: Crawls all resources rendering JavaScript (including dynamic requests made to APIs, other domains inside the scope, etc.).
-
Finder: Looks for resources and subdomains in the server and sends discovered assets to the crawler:
-
Injector: Tests different injection vectors:
-
Static Analyzer: Performs local analysis among obtained data, without generating network traffic:
-
Searches for API keys with a pattern list mainly obtained from dora
-
Searches for links inside the scope with linkfinder
-
Looks for vulnerabilities with static analysis with CodeQL
-
-
Dynamic Analyzer: Performs lightweighted analysis among discovered assets, generating network traffic:
-
Gets technologies used by the application with Wappalyzer
-
Check know vulnerabilities of technologies used in the NVD via its API
-
Subdomain Takeover with Subjack
-
Tries to bypass 403 responses by tampering headers
-