From 870d0a6b52592127fc2de93ef642df6bce2b8b6f Mon Sep 17 00:00:00 2001 From: Anisha Date: Thu, 24 Oct 2024 11:28:54 +0530 Subject: [PATCH 1/4] Updated README --- README.md | 187 +++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 135 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index b5e1f1d..b1ce3da 100644 --- a/README.md +++ b/README.md @@ -1,78 +1,133 @@ -# Overview +# BugRecon -BugRecon is an automated bug hunting tool designed to streamline the reconnaissance phase of bug bounty hunting and penetration testing. It performs essential tasks such as subdomain enumeration, port scanning, directory brute-forcing, vulnerability scanning, and screenshot capturing. By automating these tasks, BugRecon allows security researchers to focus on deeper analysis and exploitation, enhancing efficiency and effectiveness in identifying vulnerabilities. +**BugRecon** is an automated bug-hunting tool designed to streamline the reconnaissance phase of bug bounty hunting and penetration testing. It automates essential tasks like subdomain enumeration, port scanning, directory brute-forcing, vulnerability scanning, and screenshot capturing. This allows security researchers to focus on deeper analysis and exploitation, increasing both efficiency and effectiveness in identifying vulnerabilities. -# Features +--- -1. Target Input: Prompts the user to enter the target domain. -2. Reconnaissance Depth: Allows selection of recon depth (shallow, medium, deep) to customize the extent of scanning. -3. Subdomain Enumeration: Retrieves subdomains using crt.sh. -4. Port Scanning: Identifies open ports using nmap. -5. Directory Brute-Forcing: Discovers hidden directories using ffuf. -6. Vulnerability Scanning: Checks for common vulnerabilities like SQL Injection (SQLi) and Cross-Site Scripting (XSS). -7. Screenshot Capturing: Takes screenshots of discovered web applications using EyeWitness. -8. Report Generation: Compiles findings into a comprehensive report. -9. Modular Design: Although provided as a single script, the tool is structured for easy expansion and integration of additional features. +## ๐Ÿš€ Features - -# Prerequisites -Before using BugRecon, ensure that the following tools and dependencies are installed on your system: +1. **Target Input**: Prompts the user to enter the target domain. +2. **Reconnaissance Depth**: Allows you to choose between shallow, medium, or deep scanning levels. +3. **Subdomain Enumeration**: Retrieves subdomains using crt.sh. +4. **Port Scanning**: Identifies open ports with `nmap`. +5. **Directory Brute-Forcing**: Discovers hidden directories using `ffuf`. +6. **Vulnerability Scanning**: Detects common vulnerabilities like SQL Injection (SQLi) and Cross-Site Scripting (XSS). +7. **Screenshot Capturing**: Captures screenshots of discovered web applications using `EyeWitness`. +8. **Report Generation**: Compiles all findings into a comprehensive, easy-to-read report. +9. **Modular Design**: Structured for easy expansion, allowing for the integration of additional features as needed. -## External Tools -1. Python 3.6+ - - [Download Python](https://www.python.org/downloads/) -2. Nmap Install +--- - `go install github.com/ffuf/ffuf@latest` -3. ffuf (Fuzz Faster U Fool) +## ๐Ÿ“‹ Prerequisites - `go install github.com/ffuf/ffuf@latest` +Ensure that the following dependencies are installed on your system before using BugRecon: -4. EyeWitness +### External Tools - ``` +1. **Python 3.6+** + - [Download Python](https://www.python.org/downloads/) + +2. **Nmap** + - Installation: + ```bash + sudo apt-get install nmap + ``` + +3. **ffuf (Fuzz Faster U Fool)** + - Installation: + ```bash + go install github.com/ffuf/ffuf@latest + ``` + +4. **EyeWitness** + - Installation: + ```bash git clone https://github.com/FortyNorthSecurity/EyeWitness.git cd EyeWitness/Python/setup python setup.py install - ``` + ``` -# Python Packages +### Python Packages -Install the required Python packages using pip +Install the required Python packages by running: -`pip install -r requirements.txt -` +```bash +pip install -r requirements.txt +``` -# Installation +--- -1. Clone the Repository -2. Install Python Dependencies -3. Ensure External Tools are Installed - Make sure that nmap, ffuf, and EyeWitness are installed and added to your system's PATH. +## ๐Ÿ› ๏ธ Installation -# Usage (update it) -Run the bug_recon.py script using Python +1. **Clone the Repository** + Clone the BugRecon repository to your local machine: + ```bash + git clone https://github.com/yourusername/BugRecon.git + cd BugRecon + ``` -# Step-by-Step Guide (comming soon) +2. **Install Python Dependencies** + Use `pip` to install all necessary Python dependencies: + ```bash + pip install -r requirements.txt + ``` -# Recon Depth Levels (comming soon) +3. **Ensure External Tools are Installed** + Make sure that `nmap`, `ffuf`, and `EyeWitness` are installed and added to your system's PATH. -# Example (comming soon) +--- -# Generated Report (example.com_report.txt) +## ๐Ÿš€ Usage -(comming soon) -something like this +To run BugRecon, execute the following: + +```bash +python bug_recon.py +``` + +You will be prompted to enter the target domain and select the reconnaissance depth (shallow, medium, deep). + +--- + +## ๐Ÿ“Š Recon Depth Levels (Coming Soon) + +Detailed explanation on what each recon depth level (shallow, medium, deep) covers and how it customizes your scans. + +--- + +## ๐Ÿ“ Example (Coming Soon) + +An example of BugRecon in action: + +```bash +BugRecon Report for example.com + +Subdomains Found: +- subdomain1.example.com +- subdomain2.example.com + +Open Ports: +- 80 +- 443 + +Vulnerabilities: +- subdomain1.example.com (Port 80) + - Possible SQL Injection + - Possible XSS +``` + +--- + +## ๐Ÿงพ Generated Report (example.com_report.txt) + +A detailed report will be generated after the scan in the following format: ``` Bug Recon Report for example.com + Subdomains Found: - subdomain1.example.com - subdomain2.example.com -- subdomain3.example.com -- subdomain4.example.com -- subdomain5.example.com Open Ports: - 80 @@ -80,19 +135,47 @@ Open Ports: - 8080 Vulnerabilities: -- subdomain1.example.com:80 +- subdomain1.example.com (Port 80) - Possible SQL Injection - Possible XSS -- subdomain3.example.com:443 +- subdomain3.example.com (Port 443) - Possible XSS ``` +--- + +## ๐Ÿ› ๏ธ Contributing (Coming Soon) + +Contributions are welcome! Feel free to submit pull requests to enhance BugRecon. Follow these steps: + +1. Fork the repository. +2. Create a new branch (`git checkout -b feature-branch`). +3. Make your changes. +4. Push to the branch (`git push origin feature-branch`). +5. Submit a pull request. + +--- + +## ๐Ÿ“„ License + +This project is licensed under the MIT License. + +--- + +## ๐ŸŽ‰ Contributors + +Special thanks to all the contributors who have helped improve BugRecon! + + + + + -# Contributing (comming soon) +--- -Contributions are welcome! If you'd like to enhance BugRecon, follow these steps: +Feel free to update the README and contribute to BugRecon! -# License +--- +By including badges, adding a visually appealing structure, and using GitHub avatars for contributors, this README can become more interactive and engaging. -Note :- feel free to update and contribute From 9cfbcd25a9992ba5ba61259e3734a493d62cdf14 Mon Sep 17 00:00:00 2001 From: Anisha Date: Thu, 24 Oct 2024 11:32:23 +0530 Subject: [PATCH 2/4] Updated README --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b1ce3da..f496a56 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ pip install -r requirements.txt 1. **Clone the Repository** Clone the BugRecon repository to your local machine: ```bash - git clone https://github.com/yourusername/BugRecon.git + git clone https://github.com/freyxfi/BugRecon cd BugRecon ``` @@ -167,8 +167,8 @@ This project is licensed under the MIT License. Special thanks to all the contributors who have helped improve BugRecon! - - + + --- From 1b2e45aca0485def02acd5a0d4cded54e4a7a683 Mon Sep 17 00:00:00 2001 From: Anisha Date: Thu, 24 Oct 2024 11:34:09 +0530 Subject: [PATCH 3/4] upgraded README --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index f496a56..f171822 100644 --- a/README.md +++ b/README.md @@ -176,6 +176,3 @@ Special thanks to all the contributors who have helped improve BugRecon! Feel free to update the README and contribute to BugRecon! --- - -By including badges, adding a visually appealing structure, and using GitHub avatars for contributors, this README can become more interactive and engaging. - From 5745f5590e64645fddb9d38951d670d09f369581 Mon Sep 17 00:00:00 2001 From: Anisha Date: Thu, 24 Oct 2024 11:37:08 +0530 Subject: [PATCH 4/4] fixed README --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index f171822..a63d7b0 100644 --- a/README.md +++ b/README.md @@ -172,7 +172,3 @@ Special thanks to all the contributors who have helped improve BugRecon! --- - -Feel free to update the README and contribute to BugRecon! - ----