bug_hunter_tool
demand
As a bug hunter, we must firstly sbumit the report to earn the ez bounty.
so I need to build the tool to do my recon work automatically and timing
- enmurate the subdomain
- scan ip port open state
- fingerprint of the web system
the best plan is the system info me the new assets or port online, I can start to work.
- log my burp
I have the bunch endpoint and parameter from burpsuit, I need to store for future work, especially some key request and response which are I consider had the vuln or will have the vuln.
- automatically upload the assest from burp
there are so many tool for collecting the subdomain, Amass,aquatone,Fuzz domain and so on. but I find that the tool miss some subdomain, especially from the APP, I want to one click to upload the new assets.
- plugin scan
yes, the web application vulnerability scanner(Nessus,AWVS,AppScan) can’t found the awesome vuln, but I still need it to help me reduce the heavy work. For example, the Jira had the unauth CVE, once I get the POC, I can start scanning the project.
plugin scan just scan quite vuln.
- proving system
this is for me write down some scripts to comfrim or test something, I need a system to store the response, elasticsearch will be chosen to store the data.
Finally
as a part time bug hunter, I want to reduce the heavy and repetitive work, I can just focus on the vuln search, mostly, this is not a easy work, because I see most web system just had the login page. challenge work deserve big bounty.