{"id":13581041,"url":"https://github.com/chvancooten/BugBountyScanner","last_synced_at":"2025-04-06T06:32:25.153Z","repository":{"id":41406758,"uuid":"293140268","full_name":"chvancooten/BugBountyScanner","owner":"chvancooten","description":"A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.","archived":false,"fork":false,"pushed_at":"2023-12-15T22:21:47.000Z","size":121,"stargazers_count":898,"open_issues_count":3,"forks_count":125,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-04-03T13:17:31.599Z","etag":null,"topics":["bug-bounty-reconnaissance","bugbounty","docker-image","hacking","hacktoberfest","reconnaissance"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chvancooten.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"github":["chvancooten"]}},"created_at":"2020-09-05T19:20:56.000Z","updated_at":"2025-04-01T08:51:13.000Z","dependencies_parsed_at":"2024-04-10T05:38:36.276Z","dependency_job_id":"b72c54df-2b45-45b9-85ce-7ed83e59d706","html_url":"https://github.com/chvancooten/BugBountyScanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chvancooten%2FBugBountyScanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chvancooten%2FBugBountyScanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chvancooten%2FBugBountyScanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chvancooten%2FBugBountyScanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chvancooten","download_url":"https://codeload.github.com/chvancooten/BugBountyScanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247445652,"owners_count":20939952,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty-reconnaissance","bugbounty","docker-image","hacking","hacktoberfest","reconnaissance"],"created_at":"2024-08-01T15:01:57.500Z","updated_at":"2025-04-06T06:32:24.870Z","avatar_url":"https://github.com/chvancooten.png","language":"Shell","funding_links":["https://github.com/sponsors/chvancooten"],"categories":["Shell","Weapons","Shell (473)","Pentesting"],"sub_categories":["Tools","Payloads"],"readme":"# BugBountyScanner\n\n[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/chvancooten/BugBountyScanner/main.yml)](https://github.com/chvancooten/BugBountyScanner/actions)\n[![Docker Pulls Badge](https://img.shields.io/docker/pulls/chvancooten/bugbountyscanner)](https://hub.docker.com/r/chvancooten/bugbountyscanner/)\n[![Docker Image Size Badge](https://img.shields.io/docker/image-size/chvancooten/bugbountyscanner)](https://hub.docker.com/r/chvancooten/bugbountyscanner/)\n[![PRs Welcome](https://img.shields.io/badge/Contributions-Welcome-brightgreen.svg)](http://makeapullrequest.com)\n\nA Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information output.\n\nHelpful? BugBountyScanner helped you net a bounty?\n\n[![Sponsor on GitHub](https://img.shields.io/badge/%F0%9F%A5%B0-Sponsor%20me%20on%20github-red)](https://github.com/sponsors/chvancooten)\n\n## Description\n\n\u003e ⚠ Note: Using the script over a VPN is highly recommended.\n\nIt's recommended to run BugBountyScanner from a server (VPS or home server), and _not_ from your terminal. It is programmed to be low on resources, with potentially multiple days of scanning in mind for bigger scopes. The script functions on a stand-alone basis.\n\nYou can run the script either as a docker image or from your preferred Debian/Ubuntu system (see below). All that is required is kicking off the script and forgetting all about it! Running the script takes anywhere in between several minutes (for very small scopes \u003c 10 subdomains) and several days (for very large scopes \u003e 20000 subdomains). A 'quick mode' flag is present, which drops some time-consuming tasks such as vulnerability identification, port scanning, and web endpoint crawling.\n\n## Installation\n\n### Docker\n\nDocker Hub Link: https://hub.docker.com/r/chvancooten/bugbountyscanner. Images are pushed to the `:latest` tag by CI/CD whenever an update to BugBountyScanner is pushed and all tests pass.\n\nYou can pull and run the Docker image from Docker Hub as below.\n\n```\ndocker pull chvancooten/bugbountyscanner\ndocker run -v $(pwd):/root/bugbounty -it chvancooten/bugbountyscanner /bin/bash\n```\n\nDocker-Compose can also be used.\n\n```\nversion: \"3\"\nservices:\n  bugbountybox:\n    container_name: BugBountyBox\n    stdin_open: true\n    tty: true\n    image: chvancooten/bugbountyscanner:latest\n    environment:\n    - telegram_api_key=X\n    - telegram_chat_id=X\n    volumes:\n      - ${USERDIR}/docker/bugbountybox:/root/bugbounty\n    # VPN recommended :)\n    network_mode: service:your_vpn_container\n    depends_on:\n      - your_vpn_container\n```\n\nAlternatively, you can build the image from source.\n\n```\ngit clone https://github.com/chvancooten/BugBountyScanner.git\ncd BugBountyScanner\ndocker build .\n```\n\n### Manual\n\nIf you prefer running the script manually, you can do so.\n\n\u003e ℹ Note: The script has been built on -and tested for- Ubuntu 20.04. Your mileage may vary with other distro's, but it should work on most Debian-based installs (such as Kali Linux).\n\n```\ngit clone https://github.com/chvancooten/BugBountyScanner.git\ncd BugBountyScanner\ncp .env.example .env # Edit accordingly\nchmod +x BugBountyScanner.sh setup.sh\n./setup.sh -t /custom/tools/dir # Setup is automatically triggered, but can be manually run\n./BugBountyScanner.sh --help\n./BugBountyScanner.sh -d target1.com -d target2.net -t /custom/tools/dir --quick\n```\n\n## Usage\n\nUse `--help` or `-h` for a brief help menu.\n\n```\nroot@dockerhost:~# ./BugBountyScanner.sh -h\nBugBountyHunter - Automated Bug Bounty reconnaissance script\n \n./BugBountyScanner.sh [options]\n \noptions:\n-h, --help                show brief help\n-t, --toolsdir            tools directory (no trailing /), defaults to '/opt'\n-q, --quick               perform quick recon only (default: false)\n-d, --domain \u003cdomain\u003e     top domain to scan, can take multiple\n-o, --outputdirectory     parent output directory, defaults to current directory (subfolders will be created per domain)\n-w, --overwrite           overwrite existing files. Skip steps with existing files if not provided (default: false)\n \nNote: 'ToolsDir', 'telegram_api_key' and 'telegram_chat_id' can be defined in .env or through Docker environment variables.\n \nexample:\n./BugBountyScanner.sh --quick -d google.com -d uber.com -t /opt\n```\n\n## Features\n\n- Resource-efficient, suitable for running in the background for a prolonged period of time on a low-resource VPS, home server, or Raspberry Pi\n- Telegram status notifications with per-command results\n- Extensive CVE and misconfiguration detection with Nuclei (no intrusive or informational checks)\n- Subdomain enumeration and live webserver detection\n- Web screenshotting and crawling, HTML screenshot report generation\n- Retrieving (hopefully sensitive) endpoints from the Wayback Machine\n- Identification of interesting parameterized URLs with Gf\n- Enumeration of common \"temporary\" and forgotten files with Ffuf\n- Automatic detection of LFI, SSTI, and Open Redirects in URL parameters\n- Subdomain takeover detection\n- Port scanning (Top 1000 TCP + SNMP)\n- 'Quick Mode' for opsec-safe (ish) infrastructure reconnaissance\n\n## Tools\n\n- `amass`\n- `aquatone`\n- `dnsutils`\n- `ffuf`\n- `gau`\n- `Gf` (with `Gf-Patterns`)\n- `Go`\n- `gospider`\n- `httpx`\n- `nmap`\n- `Nuclei` (with `Nuclei-Templates`)\n- `qsreplace`\n- `subjack`\n\n## Contributers\nA big thanks to all the contributors who have helped improve. Your contributions are highly appreciated.\n\u003ca href=\"https://github.com/chvancooten/BugBountyScanner/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=chvancooten/BugBountyScanner\" /\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchvancooten%2FBugBountyScanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchvancooten%2FBugBountyScanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchvancooten%2FBugBountyScanner/lists"}