easyrecon / hunt3r Goto Github PK
View Code? Open in Web Editor NEWMade your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework
Home Page: https://docs.hunt3r.ovh
License: MIT License
Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework
Home Page: https://docs.hunt3r.ovh
License: MIT License
Hello,
I think it would be better if the search was not case sensitive
param : programm
request :
/api/programs?name=yeswehack&program=ProgramName
Using the leaks filtering feature, the value of the field is added as a parameter name instead of the value of the domain field.
Example :
https://hunt3r.domain.tld/api/leaks?domain.tld=&page=1&limit=10
Add a param to filter vulnerabilities by criticity
Redirect the user to the login page if he is not logged in
When updating Hackerone statistics, currently the collaborative reports are not managed and are natively tagged at false.
It would be necessary to submit 1 or more reports in collaboration to have a data set to make this update.
...
currency: 'USD',
collab: false
}
It is currently possible to send your custom Nuclei configuration but it is not taken into account.
Like Amass, you should check that the configuration file exists before launching a scan with Nuclei even if it doesn't contain any custom parameter and add the config parameter in the lib
Add field for vulnerability filtering by criticity
At the moment, engines are necessarily either AWS or scaleway? The server/VPS where hunt3r is installed can't launch the recon or nuclei scans?
Add the URLs tab in the UI
Since it is now necessary to have a Nuclei configuration to use the tool via Hunt3r, some users would be likely to use the default configuration, i.e. with all the commented lines.
Except that Nuclei does not handle this case, displays an error and stops, which also stops the scan.
There are two solutions for this problem:
I have got 500 error on the endpoint /api/admin/platforms/yeswehack/stats
simple GET witout paramq
{"status":500,"error":"Internal Server Error","exception":"#\u003cTypeError: no implicit conversion of Symbol into Integer\u003e","traces":{"Application Trace":[{"exception_object_id":91800,"id":0,"trace":"app/models/platform_stat.rb:4:in `[]'"},{"exception_object_id":91800,"id":1,"trace":"app/models/platform_stat.rb:4:in `block in \u003cclass:PlatformStat\u003e'"},{"exception_object_id":91800,"id":12,"trace":"app/controllers/admin/platformstats_controller.rb:11:in `index'"}],"Framework Trace":[{"exception_object_id":91800,"id":2,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:435:in `instance_exec'"},{"exception_object_id":91800,"id":3,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:435:in `block in _exec_scope'"},{"exception_object_id":91800,"id":4,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:880:in `_scoping'"},{"exception_object_id":91800,"id":5,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:435:in `_exec_scope'"},{"exception_object_id":91800,"id":6,"trace":"activerecord (7.0.2.4) lib/active_record/scoping/named.rb:175:in `block in scope'"},{"exception_object_id":91800,"id":7,"trace":"activerecord (7.0.2.4) lib/active_record/relation/delegation.rb:67:in `block in filtered'"},{"exception_object_id":91800,"id":8,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:880:in `_scoping'"},{"exception_object_id":91800,"id":9,"trace":"activerecord (7.0.2.4) lib/active_record/relation.rb:428:in `scoping'"},{"exception_object_id":91800,"id":10,"trace":"activerecord (7.0.2.4) lib/active_record/associations/collection_proxy.rb:1114:in `scoping'"},{"exception_object_id":91800,"id":11,"trace":"activerecord (7.0.2.4) lib/active_record/relation/delegation.rb:67:in `filtered'"},{"exception_object_id":91800,"id":13,"trace":"actionpack (7.0.2.4) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'"},{"exception_object_id":91800,"id":14,"trace":"actionpack (7.0.2.4) lib/abstract_controller/base.rb:214:in
NS input seems to be a good source of data when the company has its own nameserver. The results of SecurityTrails & WhoisXMLAPI should be compared before making an implementation.
For WhoisXMLAPI :
require 'typhoeus'
require 'json'
OPTIONS = {
whoisxmlapi_token: '',
domain: ''
}
def intel(domains, from=1)
response = Typhoeus::Request.get(
"https://reverse-ns.whoisxmlapi.com/api/v1?apiKey=#{OPTIONS[:whoisxmlapi_token]}&ns=#{OPTIONS[:domain]}&from=#{from}"
)
return unless response&.code == 200
response_json = JSON.parse(response.body)
return unless response_json.key?('result')
i = 0
response_json['result'].each do |result|
domains << result['name']
i += 1
end
return unless i == 300
intel(domains, domains.last)
end
domains = []
intel(domains)
File.open("whoisxml_intel.txt", 'w+') do |f|
f.puts(domains)
end
It seems that there are missing statuses for the status of the intigriti reports.
A report can have one of the following status :
NA
Spam
Out Of Scope
Informative
Accepted Risk
Duplicate
Resolved
Accepted
Triaged
Draft
Add rel="noreferrer"
to hide the Hunt3r dashboard from the request inside Referer
Header
Add statistics for Hackerone like YesWeHack & Intigriti
When a Hunt3r instance is created without a domain name, the NDD that is sent during a scan is backend.local
which obviously does not allow a scan to trace its information back to the instance
Currently only Scaleway is managed as a Cloud Provider.
It would be interesting to add others, notably AWS, as a first step
Normalize YesWeHack scopes to avoid things like the following in output
*.domain.(com|fr)
The following error appear when trying to delete a Nuclei template :
Because the request sent is a GET request and not DELETE
Started GET "/api/nuclei/cve-2001-1473.yaml" for 83.205.138.16 at 2022-05-21 11:57:21 +0000
ActionController::RoutingError (No route matches [GET] "/api/nuclei/cve-2001-1473.yaml"):
In case the domain has a redirection status code (301,302,303,307,308), do not try to get the screenshot on the API
I have lauch a scan on domain.tld a first time at 2022-05-16 and i have lauch a second time the scan on the same domain at 2022-05-22 and the return field updated_at
stay on the first scan date (2022-05-16)
Add a new tab to allow domains synchronisation through meshs without launching a new recon scan
As requested, the connection part is not necessarily clear in part the use of the OTP.
Todo : Update the doc by explaining that it is the OTP key that must be filled in and not the unique code
Small problem with the filtering on the subdomains :
Following the integration of WappaGo, the structure has changed slightly and currently the technologies are no longer displayed.
The new structure is :
{
"id": 1,
"url": "https://xyz.domain.tld",
"infos": {
"ip": "192.168.1.1",
"cdn": null,
"cname": null,
"ports": [
"443",
"80"
],
"title": "TITLE",
"location": "https://www.domain.tld/",
"status_code": 302,
"technologies": [
{
"cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"name": "Apache"
},
{
"name": "webpack"
},
{
"name": "Gatsby",
"version": "4.17.1"
}
],
"content_length": 204
}
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.