Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/honoki/bbrf-server

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
https://github.com/honoki/bbrf-server

Last synced: 3 months ago
JSON representation

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

Host: GitHub
URL: https://github.com/honoki/bbrf-server
Owner: honoki
Created: 2021-01-29T10:47:41.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2023-02-02T12:50:21.000Z (almost 2 years ago)
Last Synced: 2024-04-10T05:44:55.684Z (7 months ago)
Language: Shell
Homepage:
Size: 23.4 KB
Stars: 266
Watchers: 11
Forks: 42
Open Issues: 6
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - honoki/bbrf-server - The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices (Shell)

README

[![Docker Pulls](https://img.shields.io/docker/pulls/honoki/bbrf-server?style=flat-square)](https://hub.docker.com/r/honoki/bbrf-server)
[![Mastodon](https://img.shields.io/mastodon/follow/108729222194496362?domain=https%3A%2F%2Fmastodon.social&style=flat-square)](https://mastodon.social/@honoki)

## Introduction

The Bug Bounty Reconnaissance Framework (BBRF) is intended to facilitate the workflows of security researchers across multiple devices. This repository contains the source files to deploy a BBRF server.

For more information about BBRF, read the blog post on https://honoki.net/2020/10/08/introducing-bbrf-yet-another-bug-bounty-reconnaissance-framework/

Once you have deployed a BBRF server, move on to [install the BBRF client here](https://github.com/honoki/bbrf-client/)

## Installation

Start by cloning this repository:

```bash
git clone https://github.com/honoki/bbrf-server/
cd bbrf-server
```

Next, make the required changes to the `docker-compose.yml` by which I mean CHANGE THE DEFAULT PASSWORDS FOR THE LOVE OF GOD!

And finally, run

```bash
sudo docker-compose up -d
```

Note that this will expose port 443 (https) on your BBRF server to the internet. Docker Compose generates a self-signed certificate for the reverse proxy which it persists to the volume `./keys/`. You can replace them with a valid certificate if you want to avoid certificate warnings, see the instructions below.

Verify your installation by browsing to https://127.0.0.1/_utils/#database/bbrf/_all_docs

## Generate certificate with Letsencrypt

To configure your BBRF server with a valid certificate, it suffices to generate the cert files with `certbot` and place them in the `keys` directory. The keys will be picked up when you next start the containers.

The following steps should get you up and running:

1. Ensure you have a domain name pointed to your BBRF server;
2. If you are still in docker-compose, stop the containers with `ctrl+C`;
3. Install certbot: `sudo apt install certbot`
4. If necessary, allow HTTP traffic e.g: `ufw allow 80/tcp`
5. Run `certbot -d yourdomain.com certonly` and follow the steps;
6. Copy the generated certificate files to the keys volume: `cp /etc/letsencrypt/live/yourdomain.com/{fullchain.pem,privkey.pem} ./proxy/keys/`
7. Restart your containers: `sudo docker-compose up -d`

Browse to `https://yourdomain.com/_utils/#database/bbrf/_all_docs` to validate the setup.