Home

Awesome

<h1 align="center">Inventory <a href="https://twitter.com/intent/tweet?text=Inventory%20-%20Asset%20Inventory%20of%20public%20bug%20bounty%20programs.%20https://github.com/trickest/inventory%20by%20%40trick3st&hashtags=security,bugbounty,bugbountytips,assets,infosec,cybersecurity,recon,reconnaissance"><img src="https://img.shields.io/badge/Tweet--lightgrey?logo=twitter&style=social" alt="Tweet" height="20"/></a></h1> <h3 align="center">Attack Surface Management of public bug bounty programs.</h3>

The data we collect here includes DNS and Web Server data of public bug bounty programs.

Our aim with this project is to:

<img src="screenshots/banner.png" />

How it works

The setup consists of two workflows

Inventory 3.0 - Targets

This workflow streamlines the consolidation of bug bounty program data from various sources, ensuring a comprehensive and organized view. Let's break it down:

  1. Data collection: The workflow fetches data from two important sources:

  2. Data transformation: The collected data undergoes transformation using Python scripts. The scripts convert the data into a specific format, ensuring consistency and ease of analysis. You can find the detailed data format in the targets.json file.

  3. Program merging: To avoid duplication, the workflow merges programs with the same URL together. This consolidation eliminates redundancies and presents a unified view of bug bounty programs.

  4. Community program inclusion: The workflow incorporates an additional set of programs from the community.json file. These programs are merged with the existing dataset, enhancing its coverage and diversity.

  5. Final output: The workflow generates a final consolidated JSON file, targets.json, which encompasses all the merged bug bounty program data. This file serves as a valuable resource for bug bounty researchers, providing a centralized and comprehensive view of programs.

Trickest Targets

Note: The screenshot above provides a visual representation of the workflow.

Inventory 3.0

  1. Gathering the tagets: Get the list of domains from targets.json, and extract program names.

  2. Making workflow run in parallel: Extracted program names are connected file-splitter node to make the whole workflow distributed per program

Trickest Parsing Targets

  1. Passive Enumeration:

Trickest Passive Enumeration

  1. Active Enumeration
    • Use passive enumeration data and create a new bruteforce wordlist
    • Use dsieve to get environments per subdomain level
    • Generate new potential subdomains with mksub and custom wordlist, with additional level2.txt wordlist
    • Resolve again with puredns

Trickest Active Enumeration

  1. Permutations
    • Merge active and passive results from previous steps
    • Extract environments per subdomain level again
    • Use alterx to generate permutations and resolve with puredns

Trickest Permutations

  1. Collecting previous results
    • Use python script that will get all of the previous hostnames.txt per program
    • Use anew to get the new hostnames found
    • zip active, passive, permutations per program to be pushed to repository

Trickest Previous Results

  1. Reporting
    • Use dnsx to resolve found hostnames and python script for dns-report.csv; mark newly found domains coming from anew with [x]
    • Use httpx to gather web servers and python script for `server-report.csv
    • Push to the repository

Trickest Reporting

Final workflow

Trickest Inventory 3.0 Workflow

Note: As described, almost everything in this repository is generated automatically. We carefully designed the workflows (and continue to develop them) to ensure the results are as accurate as possible.

Contribution

All contributions/ideas/suggestions are welcome! If you want to add/edit a target/workflow, feel free to send us a PR with new targets through community.json, tweet at us @trick3st, or join the conversation on Discord.

Build your own workflows!

We believe in the value of tinkering. Sign up for a demo on trickest.com to customize this workflow to your use case, get access to many more workflows, or build your own from scratch!

<img src="screenshots/banner.png" />