/Bountystrike-sh

Poor (rich?) man's bug bounty pipeline https://dubell.io

Primary LanguageShellGNU General Public License v3.0GPL-3.0

Bountystrike-sh

Bountystrike-sh is a collection of bash and python scripts that installs common bug bounty tools, performs recon scans and continous asset discovery.

Bountystrike-sh is opensource but belongs to the BountyStrike project, self-hosted bug bounty management system.

  ____   ____  _    _ _   _ _________     _______ _______ _____  _____ _  ________
 |  _ \ / __ \| |  | | \ | |__   __\ \   / / ____|__   __|  __ \|_   _| |/ /  ____|
 | |_) | |  | | |  | |  \| |  | |   \ \_/ / (___    | |  | |__) | | | | ' /| |__
 |  _ <| |  | | |  | | . ` |  | |    \   / \___ \   | |  |  _  /  | | |  < |  __|
 | |_) | |__| | |__| | |\  |  | |     | |  ____) |  | |  | | \ \ _| |_| . \| |____
 |____/ \____/ \____/|_| \_|  |_|     |_| |_____/   |_|  |_|  \_\_____|_|\_\______|

________________________________ WHAT THE SHELL?__________________________________

== Info
 Bountystrike-sh is a simple bash pipeline script
 containing a bunch tools piping data between each other.
 No need for any fancy setup ^_^

 Stiched together by @dubs3c.

== Usage:
        bstrike.sh <action> [project] [domain]
            bstrike.sh install                       (Install tooling)
            bstrike.sh run fra fra.se                (Run pipeline)
            bstrike.sh [assetdiscovery|ad]   fra.se  (Run only asset discovery)
            bstrike.sh [contentdiscovery|cd] fra.se  (Run only content discovery)
            bstrike.sh [networkdiscovery|nd] fra.se  (Run only network discovery)
            bstrike.sh [visualdiscovery|vd]  fra.se  (Run only visual discovery)
            bstrike.sh [vulndiscovery|vvd]   fra.se  (Run only vulnerability discovery)

Tools

The following tools and worldlists will be installed:

Other stuff that will be installed as well:

  • Python 3.7.6
  • NodeJS
  • npm
  • Docker CE
  • Ruby

Install

Just run bash install.sh to get the bug hunting environment. So far only tested for Ubuntu 22.04.

Vagrant

You also the have the option to use vagrant with virtualbox, just runt vagrant up && vagrant ssh. Create a folder called data in the root directory, vagrant will map it to /vagrant_data inside the VM.

Running

Simply run ./bstrike.sh <project> <domain>.

Contributing

Any feedback or ideas are welcome! Want to improve something? Create a pull request!

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

License

Bountystrike-sh is made with ♥ by @dubs3c and is released under the GNU General Public License v3.0.