This setup assumes you have a directory structure like:
/home/user/bugbounty/bugbountyProgramName/public-or-private/programName
To get started, create the bugbounty program in your home folder, and then create subfolders for each of public and private, and then finally subfolders for each program you are working on.
# Examples: prog1,prog2,etc should be company names whose bug bounty program you are participating in
mkdir -p ~/bugbounty/{bugcrowd,h1}/{public,private}
mkdir -p ~/bugbounty/bugcrowd/public/{prog1,prog2,etc}
mkdir -p ~/bugbounty/bugcrowd/private/{prog1,prog2,etc}
mkdir -p ~/bugbounty/h1/public/{prog1,prog2,etc}
mkdir -p ~/bugbounty/h1/private/{prog1,prog2,etc}
Once you've done that, add the root-domains file to each program you'd like to scan for.
Also, you will need to update the locations of your wordlist files in each of the config ini files.
wordlist_file = /home/darkmage/SecLists/Discovery/DNS/subdomains-top1million-20000.txt
If you'd like to tweak config-bruteforce.ini and config-alterations.ini, I recommend it.
Finally, run ./scan-passive.sh perform your first scan.
# Examples
./scan-passive.sh bugcrowd public programName
./scan-passive.sh h1 private programName
./scan-passive.sh integrity public programName
The same pattern applies to scan-alterations.sh and scan-bruteforce.sh.
If the program has blacklisted domains, add them to the program subfolder as a file named blacklisted, comment-out the inappropriate line in each scan script, and un-comment the appropriate one (the one with BLFILE).
- Get one month FREE of Skillshare Premium!
- Get $10 FREE when you join Coinbase!
- Get $5 FREE when you join Privacy.com!
- Save $25 on your next Ting device!
- Get $100 for your next Virtual Private Server at Vultr Hosting!
- https://streamlabs.com/darkmage666
- https://evildojo.com
- https://linktr.ee/evildojo
- https://twitch.tv/darkmage666
- https://patreon.com/darkmage
- https://twitter.com/therealdarkmage
- https://gettr.com/user/darkmage
Support the stream by donating cryptocurrency via Coinbase to: https://commerce.coinbase.com/checkout/5b7a1edc-d454-4533-a24d-c7e15517de72
- Why would you delete the ~/.config/amass folder?
Perform of amass has historically degraded for me as its own internal database grows. To overcome exponential lagging, I simply wipe the database on every run and manage my own subdomain lists.