easyrecon / hunt3r Goto Github PK

Hello,

I think it would be better if the search was not case sensitive

param : programm

request :
/api/programs?name=yeswehack&program=ProgramName

Using the leaks filtering feature, the value of the field is added as a parameter name instead of the value of the domain field.
Example :

https://hunt3r.domain.tld/api/leaks?domain.tld=&page=1&limit=10

Add a param to filter vulnerabilities by criticity

Redirect the user to the login page if he is not logged in

When updating Hackerone statistics, currently the collaborative reports are not managed and are natively tagged at false.
It would be necessary to submit 1 or more reports in collaboration to have a data set to make this update.

See : https://github.com/EasyRecon/Hunt3r/blob/master/backend/app/controllers/admin/platformstats_controller.rb#L81

  ...
  currency: 'USD',
  collab: false
}

The report by criticity card is empty

Hello, even if notification is disable on scan, missing slack webhook url seem provoc an error

When you launch a scan, instead of displaying a success message, an error indicating that you have to select an engine is displayed, while the scan is launched anyway

In addition to displaying the cost on a server it would be interesting to display the cost directly on the page of scans.

Because when a server is deleted, it is no longer present in the UI and therefore we lose the information while at the base this information is well attached to a scan.

It is currently possible to send your custom Nuclei configuration but it is not taken into account.

Like Amass, you should check that the configuration file exists before launching a scan with Nuclei even if it doesn't contain any custom parameter and add the config parameter in the lib

Add field for vulnerability filtering by criticity

At the moment, engines are necessarily either AWS or scaleway? The server/VPS where hunt3r is installed can't launch the recon or nuclei scans?

Add the URLs tab in the UI

Since it is now necessary to have a Nuclei configuration to use the tool via Hunt3r, some users would be likely to use the default configuration, i.e. with all the commented lines.

Except that Nuclei does not handle this case, displays an error and stops, which also stops the scan.

There are two solutions for this problem:

• Check if the file is empty
• Catch the Nuclei error and act on it

I have got 500 error on the endpoint /api/admin/platforms/yeswehack/stats simple GET witout paramq

{"status":500,"error":"Internal Server Error","exception":"#\u003cTypeError: no implicit conversion of Symbol into Integer\u003e","traces":{"Application Trace":[{"exception_object_id":91800,"id":0,"trace":"app/models/platform_stat.rb:4:in `[]'"},{"exception_object_id":91800,"id":1,"trace":"app/models/platform_stat.rb:4:in `block in \u003cclass:PlatformStat\u003e'"},{"exception_object_id":91800,"id":12,"trace":"app/controllers/admin/platformstats_controller.rb:11:in `index'"}],"Framework Trace":[{"exception_object_id":91800,"id":2,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:435:in `instance_exec'"},{"exception_object_id":91800,"id":3,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:435:in `block in _exec_scope'"},{"exception_object_id":91800,"id":4,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:880:in `_scoping'"},{"exception_object_id":91800,"id":5,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:435:in `_exec_scope'"},{"exception_object_id":91800,"id":6,"trace":"activerecord (7.0.2.4) lib/active_record/scoping/named.rb:175:in `block in scope'"},{"exception_object_id":91800,"id":7,"trace":"activerecord (7.0.2.4) lib/active_record/relation/delegation.rb:67:in `block in filtered'"},{"exception_object_id":91800,"id":8,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:880:in `_scoping'"},{"exception_object_id":91800,"id":9,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:428:in `scoping'"},{"exception_object_id":91800,"id":10,"trace":"activerecord (7.0.2.4) lib/active_record/associations/collection_proxy.rb:1114:in `scoping'"},{"exception_object_id":91800,"id":11,"trace":"activerecord (7.0.2.4) lib/active_record/relation/delegation.rb:67:in `filtered'"},{"exception_object_id":91800,"id":13,"trace":"actionpack (7.0.2.4) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'"},{"exception_object_id":91800,"id":14,"trace":"actionpack (7.0.2.4) lib/abstract_controller/base.rb:214:in 

NS input seems to be a good source of data when the company has its own nameserver. The results of SecurityTrails & WhoisXMLAPI should be compared before making an implementation.

For WhoisXMLAPI :

require 'typhoeus'
require 'json'

OPTIONS = {
  whoisxmlapi_token: '',
  domain: ''
}

def intel(domains, from=1)
  response = Typhoeus::Request.get(
    "https://reverse-ns.whoisxmlapi.com/api/v1?apiKey=#{OPTIONS[:whoisxmlapi_token]}&ns=#{OPTIONS[:domain]}&from=#{from}"
  )
  return unless response&.code == 200

  response_json = JSON.parse(response.body)
  return unless response_json.key?('result')

  i = 0
  response_json['result'].each do |result|
    domains << result['name']
    i += 1
  end
  return unless i == 300

  intel(domains, domains.last)
end

domains = []
intel(domains)

File.open("whoisxml_intel.txt", 'w+') do |f|
  f.puts(domains)
end

The request https://domain.tld/api/vulnerabilities?limit=-1&page=1&severity= throw an error

It seems that there are missing statuses for the status of the intigriti reports.
A report can have one of the following status :

NA
Spam
Out Of Scope
Informative
Accepted Risk
Duplicate
Resolved
Accepted
Triaged
Draft

Add rel="noreferrer" to hide the Hunt3r dashboard from the request inside Referer Header

Add statistics for Hackerone like YesWeHack & Intigriti

When a Hunt3r instance is created without a domain name, the NDD that is sent during a scan is backend.local which obviously does not allow a scan to trace its information back to the instance

Currently only Scaleway is managed as a Cloud Provider.
It would be interesting to add others, notably AWS, as a first step

Backend seem not accept hackerone connection i try with email & api token generated from my hackerone profil.

Backend response:

Normalize YesWeHack scopes to avoid things like the following in output

*.domain.(com|fr)

The size of the notification box is too small and does not allow to display the error message

The following error appear when trying to delete a Nuclei template :

Because the request sent is a GET request and not DELETE

Started GET "/api/nuclei/cve-2001-1473.yaml" for 83.205.138.16 at 2022-05-21 11:57:21 +0000
ActionController::RoutingError (No route matches [GET] "/api/nuclei/cve-2001-1473.yaml"):

In case the domain has a redirection status code (301,302,303,307,308), do not try to get the screenshot on the API

I have lauch a scan on domain.tld a first time at 2022-05-16 and i have lauch a second time the scan on the same domain at 2022-05-22 and the return field updated_at stay on the first scan date (2022-05-16)

Add a new tab to allow domains synchronisation through meshs without launching a new recon scan

As requested, the connection part is not necessarily clear in part the use of the OTP.

Todo : Update the doc by explaining that it is the OTP key that must be filled in and not the unique code

Small problem with the filtering on the subdomains :

• The domain field is useless ?
• The status_code field is not sent in the request

When you select a platform in the UI, the request is sent and the back answers the programs associated to a platform but as the UI does not refresh, you always see all the programs.

The filters circled in red should not be present on this page :

Following the integration of WappaGo, the structure has changed slightly and currently the technologies are no longer displayed.
The new structure is :

{
	"id": 1,
	"url": "https://xyz.domain.tld",
	"infos": {
		"ip": "192.168.1.1",
		"cdn": null,
		"cname": null,
		"ports": [
			"443",
			"80"
		],
		"title": "TITLE",
		"location": "https://www.domain.tld/",
		"status_code": 302,
		"technologies": [
			{
				"cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
				"name": "Apache"
			},
			{
				"name": "webpack"
			},
			{
				"name": "Gatsby",
				"version": "4.17.1"
			}
		],
		"content_length": 204
	}
}