Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gerosecurity/gerobug

The First Open Source Bug Bounty Platform
https://github.com/gerosecurity/gerobug

bounty-hunting bug-bounty bug-bounty-platform bugbounty bugbounty-platform bugbounty-tool cybersecurity infosec vdp vulnerability-disclosure

Last synced: 3 months ago
JSON representation

The First Open Source Bug Bounty Platform

Host: GitHub
URL: https://github.com/gerosecurity/gerobug
Owner: gerosecurity
License: agpl-3.0
Created: 2023-01-11T18:33:33.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-05-31T13:30:37.000Z (7 months ago)
Last Synced: 2024-06-09T13:21:40.647Z (6 months ago)
Topics: bounty-hunting, bug-bounty, bug-bounty-platform, bugbounty, bugbounty-platform, bugbounty-tool, cybersecurity, infosec, vdp, vulnerability-disclosure
Language: HTML
Homepage: https://www.gerobug.com
Size: 11.4 MB
Stars: 57
Watchers: 1
Forks: 9
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - gerosecurity/gerobug - The First Open Source Bug Bounty Platform (HTML)

README

# Gerobug: The First Open Source Bug Bounty Platform.

![gerobugLogo](https://raw.githubusercontent.com/gerobug/gerobug-docs-images/main/logo.png)

![CodeQL](https://github.com/gerobug/gerobug/actions/workflows/github-code-scanning/codeql/badge.svg)
[![License](https://img.shields.io/badge/License-AGPLv3-red.svg?&logo=none)](https://www.gnu.org/licenses/agpl-3.0)
[![Black Hat Arsenal](https://raw.githubusercontent.com/toolswatch/badges/master/arsenal/asia/2023.svg?sanitize=true)](https://www.blackhat.com/asia-23/arsenal/schedule/index.html#gerobug-open-source-private-self-managed-bug-bounty-platform-31241)
[![Black Hat Arsenal](https://raw.githubusercontent.com/toolswatch/badges/master/arsenal/asia/2024.svg?sanitize=true)](https://www.blackhat.com/asia-24/arsenal/schedule/#gerobug-the-first-open-source-bug-bounty-platform-37538)

# Gerobug
__The first open source self-managed bug bounty platform.__

Are you a company, planning to have your own bug bounty program, with minimum budget?

__WE GOT YOU!__

We are aware that some organizations have had difficulty establishing their own bug bounty program.

Using a third-party managed platform usually comes with a hefty price tag and security risks. _(If you know, you know...)_

In the other hand, creating your own self-managed platform will take time and effort to build and maintain it.

## Why Gerobug?
- __EASY                     :__ Have your bug bounty program running with just single line of command
- __SECURE                 :__ Gerobug uses email parser and network segregation to minimize security risks.
- __OPEN SOURCE     :__ It is FREE.

## (Minimum) Recommended Specification
* Ubuntu 24.04
* vCPU 2 Core
* RAM 2 GB
* HDD 16 GB

## Requirements
* Gmail or Outlook Email with App password implemented
* VPN Server (Recommended for Production Server)
* Domain for HTTPS (Recommended for Production Server)
* Port 80, 443, 6320
* Python 3.x
* Docker
* Docker Compose v2

__(You don't need to install anything manually, we'll do it for you!)__

## Deployment and Usage
To deploy gerobug:
1. Clone this repository
```bash
git clone https://github.com/gerobug/gerobug
cd gerobug
```
2. Run the Setup Script:
```bash
./gerobug.sh
```
3. Follow the setup instructions (Read the [documentation](https://gerobug.gitbook.io/documentation/) for details)
4. By default, Gerobug Dashboard will listen at port __6320__

Access the login page at `http://[Domain/IP]:6320/login`

__Credential__

Username : `geromin`

Password : Randomly generated at `gerobug/gerobug_dashboard/secrets/gerobug_secret.env`

You can read the __detailed documentation [here](https://gerobug.gitbook.io/documentation/)__

## Main Features
- Network Segregation

All services are running on seperate containers. Public users should only able to access the static page (Rules and guidelines).

- Easy and Quick Installation

Use our run script to install Gerobug, its quick and easy!

- HTTPS Implementation

Automated HTTPS configuration using NGINX and Let's Encrypt.

- Homepage

This should be the only page accessible by public, which contains Rules and Guidelines for your bug bounty program.

- Email Parser

Bug Hunter will submit their findings by email, which Gerobug will parse, filter, and show them on dashboard.

- Auto Reply and Notification for Bug Hunters

Bug Hunter's inquiries will be automatically replied and notified if there any updates on their report.

- Notification Channel

Company will also be notified via Slack/Telegram if there any new report.

- User Management

Gerobug has a role-based user management.

- Report Management

Manage reports easily using a kanban model dashboard.

- Report Filtering and Flagging

Reports from Bug Hunter will be filtered and flagged if there are duplicate indication.

- CVSS / OWASP Risk Calculator

Gerobug has an integrated CVSS / OWASP Risk Calculator to support the bug review process.

- Email Blacklisting

Gerobug can temporarily block and release emails that conducted spam activity.

- Auto Generate Certificate

We can generate certificate of appreciations for bug hunters so you don't have to ;)

- Personalization

You can customize Gerobug to fit your brand colors

- Logging and Log Rotation

Gerobug have internal audit log with log rotation enabled

- Hall of Fame / Wall of fame / Leaderboard

Yeah we have it too

## Authors
- [@VGR6479](https://github.com/VGR6479)
- [@as3ng](https://github.com/as3ng)
- [@jessicaggan](https://github.com/jessicaggan)

## Feedback
If you have any feedback, please reach out to us at [email protected]__