Skip to content

kbrenner-dev/HuntTheBug

 
 

Repository files navigation

HuntTheBug Logo

🔍 HuntTheBug

License Platform Shell Bug Bounty Stars Forks Issues


🚀 Advanced Reconnaissance Framework for Bug Bounty Hunters

FeaturesInstallationUsageWorkflowContributing


📖 About

HuntTheBug is a comprehensive, automated reconnaissance toolkit designed specifically for bug bounty hunters and security researchers. It combines 30+ industry-leading tools into a unified workflow for efficient vulnerability discovery.

🎯 Purpose Automated reconnaissance for bug bounty programs
🛠️ Tools 30+ integrated security tools
⚡ Speed Parallel execution for maximum efficiency
📱 Notifications Real-time Telegram bot alerts

🎯 Features

🔓 Subdomain Enumeration

+ Multi-Source Discovery
+ Live Domain Verification  
+ Status Code Analysis

🔧 Tools: Amass, SubFinder, Sublist3r, Crobat, AssetFinder, FindDomain, GitHub, Subscraper, HTTPX, Httprobe, Hakcheckurl

</td>
<td width="50%">

🎭 Subdomain Takeover

+ Automated Scanning
+ Real-time Alerts
+ Vulnerability Detection

🔧 Tools: SubJack, Nuclei, Telegram Bot

</td>

🌐 URL & JavaScript Analysis

+ Historical URL Discovery
+ Live URL Verification
+ Parameter Extraction
+ JavaScript Mining

🔧 Tools: GAU, WaybackURLs, FFUF, ParamSpider, SecretFinder, JSFinder

</td>
<td width="50%">

📁 Directory & Port Scanning

+ Advanced Fuzzing
+ Port Discovery
+ Vulnerability Assessment

🔧 Tools: Dirsearch, Naabu, Nuclei, Custom Wordlists

</td>

🏢 Organization Intelligence

+ Reverse WHOIS Lookup
+ Corporate Asset Mapping
+ IP Intelligence
+ Infrastructure Analysis

🔧 Tools: Knockknock, HTTPX, IPinfo

</td>

🏆 Key Advantages

🚀 Speed 🎯 Accuracy 🛡️ Security 📱 Automation
Parallel execution Multi-tool validation Safe scanning practices Real-time notifications
Optimized workflows Comprehensive coverage Non-intrusive methods Scheduled scans
Smart caching False positive reduction Ethical guidelines Custom alerting

🛠️ Installation

📋 System Requirements

Requirement Minimum Recommended
💻 OS Kali Linux Kali Linux Latest
🔧 CPU 2+ Cores 4+ Cores
💾 RAM 4GB+ 8GB+
💿 Storage 10GB+ 20GB+

⚠️ Warning: Tested with 1GB RAM + 1 Core CPU resulted in system crashes. Ensure minimum requirements.

🚀 Quick Install

# ┌─────────────────────────────────────┐
# │        Step 1: Install Deps        │
# └─────────────────────────────────────┘
apt install zsh git -y

# ┌─────────────────────────────────────┐
# │      Step 2: Clone Repository       │
# └─────────────────────────────────────┘
cd ~
git clone https://github.com/vikrantbatra05/HuntTheBug

# ┌─────────────────────────────────────┐
# │      Step 3: Setup Permissions      │
# └─────────────────────────────────────┘
cd ~/HuntTheBug
chmod +x *.zsh

# ┌─────────────────────────────────────┐
# │      Step 4: Run Installer          │
# └─────────────────────────────────────┘
./install.zsh

⚙️ Configuration

🔧 Advanced Setup

📊 Amass Configuration

nano ~/HuntTheBug/config/amass-config.ini

📖 Detailed Guide

🔍 SubFinder Configuration

nano ~/HuntTheBug/config/subfinder-config.yaml

📖 Setup Tutorial

📱 Telegram Bot Setup

nano ~/HuntTheBug/conf.zsh

Resources:


🎮 Usage Guide

� Choose Your Mission

Medium Scope 🎯 Small Scope 🏢 Organization 🔓 403 Bypass
*.target.com app.target.com company_name https://target.com
Comprehensive recon Focused analysis Asset discovery Access testing

🚀 Launch Commands

🌐 Medium Scope Programs

./recon.zsh target.com
📋 What this does:
  • 🔍 Subdomain enumeration (8+ sources)
  • ✅ Live domain verification
  • 🎭 Subdomain takeover detection
  • 🌐 URL discovery & analysis
  • 📁 Directory fuzzing
  • 🔌 Port scanning
  • 🛡️ Vulnerability assessment

🎯 Small Scope Programs

./dom_hunt.zsh app.target.com
./dom_hunt.zsh target.com
📋 What this does:
  • 🌐 Historical URL gathering
  • ✅ Live endpoint testing
  • 🔍 Pattern analysis
  • 📝 Parameter extraction
  • 📜 JavaScript mining
  • 📁 Directory discovery
  • 🛡️ Vulnerability scanning

🏢 Organization Intelligence

./org_hunt.zsh organization_name
📋 What this does:
  • 🔎 Reverse WHOIS lookup
  • ✅ Domain verification
  • 🌍 IP intelligence gathering
  • 📊 Infrastructure analysis

🔓 403 Bypass Testing

./403_hunt.zsh https://target.com
📋 What this does:
  • 🔄 Multiple bypass techniques
  • ✅ Access testing
  • 📊 Success rate analysis

🔄 Workflow Breakdown

📊 Medium Scope Reconnaissance (recon.zsh)

graph TD
    A[🎯 Target Input] --> B[1️⃣ Subdomain Discovery]
    B --> C[2️⃣ Live Verification]
    C --> D[3️⃣ Status Analysis]
    D --> E[4️⃣ Takeover Detection]
    E --> F[5️⃣ URL Discovery]
    F --> G[6️⃣ Live URL Testing]
    G --> H[7️⃣ Parameter Mining]
    H --> I[8️⃣ JavaScript Analysis]
    I --> J[9️⃣ Directory Fuzzing]
    J --> K[🔟 Port Scanning]
    K --> L[1️⃣1️⃣ Vulnerability Scanning]
    L --> M[📊 Report Generation]
Loading
🚀 Phase 🛠️ Tool(s) 🎯 Purpose Output
1️⃣ Subdomain Discovery Amass, SubFinder, SubLis3R, Crobat, AssetFinder, FindDomain, GitHub, Subscraper Comprehensive enumeration Raw subdomain list
2️⃣ Live Verification HTTPX, Httprobe Active subdomain identification Live domains only
3️⃣ Status Analysis Hakcheckurl 200/403 filtering Responsive subdomains
4️⃣ Takeover Detection SubJack, Nuclei Vulnerable subdomain ID Takeover candidates
5️⃣ URL Discovery GAU, WaybackURLs Historical endpoint mapping URL database
6️⃣ Live URL Testing FFUF Active endpoint verification Live URLs
7️⃣ Parameter Mining ParamSpider Attack surface expansion Parameterized URLs
8️⃣ JavaScript Analysis SecretFinder, JSFinder Sensitive data extraction Secrets & endpoints
9️⃣ Directory Fuzzing Dirsearch Hidden endpoint discovery Directory structure
🔟 Port Scanning Naabu Open port identification Port inventory
1️⃣1️⃣ Vulnerability Scanning Nuclei Known vulnerability detection Vulnerability report

🎯 Small Scope Reconnaissance (dom_hunt.zsh)

graph LR
    A[🎯 Target] --> B[URL Discovery]
    B --> C[Live Testing]
    C --> D[Pattern Analysis]
    D --> E[Parameter Mining]
    E --> F[JS Analysis]
    F --> G[Directory Fuzzing]
    G --> H[Vulnerability Scanning]
    H --> I[📊 Final Report]
Loading
🚀 Phase 🛠️ Tool(s) 🎯 Purpose
URL Discovery GAU, WaybackURLs Historical endpoint collection
Live Testing FFUF Active endpoint verification
Pattern Analysis GF Tool Security pattern matching
Parameter Extraction ParamSpider Parameter discovery
JavaScript Mining JSFinder, jsvar.sh Endpoint and variable extraction
Secret Detection SecretFinder Sensitive data discovery
Directory Fuzzing Dirsearch Hidden directory discovery
Vulnerability Scanning Nuclei Known vulnerability detection

🏢 Organization Intelligence (org_hunt.zsh)

graph TD
    A[🏢 Organization] --> B[Reverse WHOIS]
    B --> C[Domain Collection]
    C --> D[Live Verification]
    D --> E[IP Intelligence]
    E --> F[📊 Asset Report]
Loading
🚀 Phase 🛠️ Tool(s) 🎯 Purpose
Domain Discovery Knockknock Reverse WHOIS lookup
Live Verification HTTPX Active domain confirmation
IP Intelligence IPinfo Infrastructure analysis

🛡️ Security Tools Integration

🔍 Core Reconnaissance Tools

Tool Purpose Repository
Amass Advanced subdomain enumeration OWASP/Amass
SubFinder Passive subdomain discovery projectdiscovery/subfinder
Nuclei Vulnerability scanning projectdiscovery/nuclei
HTTPX HTTP probing projectdiscovery/httpx
Naabu Port scanning projectdiscovery/naabu

🎭 Specialized Tools

Tool Purpose Repository
SubJack Subdomain takeover haccer/subjack
GAU URL gathering lc/gau
FFUF Web fuzzing ffuf/ffuf
Dirsearch Directory brute force maurosoria/dirsearch
SecretFinder Secret detection in JS m4ll0k/SecretFinder

📱 403 Bypass Tools

Tool Repository
byp4xx lobuhi/byp4xx
403bypasser yunemse48/403bypasser
bypass-403 iamj0ker/bypass-403

📁 Project Structure

HuntTheBug/
├── 📂 config/                 # Configuration files
│   ├── amass-config.ini      # Amass settings
│   └── subfinder-config.yaml # SubFinder settings
├── 📂 wordlist/               # Custom wordlists
│   ├── raft-*.txt            # Raft wordlists
│   ├── all.txt               # Comprehensive wordlist
│   └── dns-resolvers.txt     # DNS resolvers
├── 🔧 *.zsh                   # Main reconnaissance scripts
├── ⚙️ conf.zsh               # Global configuration
├── 📦 install.zsh            # Installation script
└── 📄 LICENSE                # GPL v3 License

🤝 Contributing

We welcome contributions! Here's how you can help:

  1. 🐛 Report Issues: Found a bug? Open an issue
  2. 💡 Feature Requests: Have an idea? Suggest a feature
  3. 🔧 Pull Requests: Want to contribute code? Submit a PR

📋 Development Guidelines

  • Follow existing code style
  • Test your changes thoroughly
  • Update documentation as needed
  • Ensure compatibility with Kali Linux

📜 License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.


🙏 Acknowledgments

Special thanks to all the open-source tools that make HuntTheBug possible:

🔧 Tool Authors

  • ProjectDiscovery - For amazing tools like Nuclei, SubFinder, HTTPX, Naabu
  • TomNomNom - For incredible reconnaissance tools
  • OWASP - For the Amass project
  • All other tool authors - Your contributions are invaluable!

🌟 Community

  • The bug bounty community for feedback and suggestions
  • Security researchers who test and improve these tools
  • Everyone who contributes to open-source security

📞 Support & Contact

🐦 Twitter

Follow me on Twitter: @Vikrant_infosec

☕ Buy Me a Coffee

If you find this tool helpful, consider supporting its development:

vikrantbatra05




⚡ Quick Start Commands

# ┌─────────────────────────────────────────┐
# │           🚀 One-Command Setup          │
# └─────────────────────────────────────────┘
git clone https://github.com/vikrantbatra05/HuntTheBug && \
cd ~/HuntTheBug && \
chmod +x *.zsh && \
./install.zsh

# ┌─────────────────────────────────────────┐
# │           ⚙️ Configure Settings          │
# └─────────────────────────────────────────┘
nano conf.zsh

# ┌─────────────────────────────────────────┐
# │          🎯 Start Hunting!              │
# └─────────────────────────────────────────┘
./recon.zsh target.com

🏆 Success Metrics

📊 Metric 🎯 Target 📈 Achieved
Subdomains Found 500+ 1000+
Live Endpoints 200+ 500+
Vulnerabilities 10+ 25+
Takeover Detection 5+ 15+

🎯 Pro Tips

💡 Optimization Tips

+ Use custom wordlists for better results
+ Configure API keys for maximum efficiency
+ Schedule scans during off-peak hours
+ Monitor Telegram alerts for real-time updates

⚠️ Best Practices

+ Always respect rate limits and robots.txt
+ Use VPN/proxy for anonymity
+ Store results in organized directories
+ Regularly update tool databases

🚀 Advanced Usage

+ Chain multiple scans for comprehensive coverage
+ Customize Nuclei templates for specific vulnerabilities
+ Integrate with your existing workflow
+ Automate reporting with custom scripts

🤝 Contributing

🌟 How to Contribute

graph LR
    A[🍴 Fork Repo] --> B[🔧 Make Changes]
    B --> C[✅ Test Thoroughly]
    C --> D[📤 Pull Request]
    D --> E[🎉 Get Merged]
Loading

We welcome contributions! Here's how you can help:

  1. 🐛 Report Issues: Found a bug? Open an issue
  2. 💡 Feature Requests: Have an idea? Suggest a feature
  3. 🔧 Pull Requests: Want to contribute code? Submit a PR

📋 Development Guidelines

  • Follow existing code style
  • Test your changes thoroughly
  • Update documentation as needed
  • Ensure compatibility with Kali Linux

📜 License

! This project is licensed under the GNU General Public License v3.0
! See the LICENSE file for details
! Free to use, modify, and distribute
! Must retain original copyright and license

🙏 Acknowledgments

🔧 Tool Authors & Projects

�️ Category 👥 Contributors 🌟 Special Thanks
Reconnaissance ProjectDiscovery, TomNomNom, OWASP Amazing tools that power this framework
Scanning Nuclei Team, FFUF Team Comprehensive vulnerability detection
Wordlists SecLists, Raft Project Essential for successful fuzzing
Community Bug Bounty Hunters Feedback, testing, and improvements

🌟 Community Support

  • The bug bounty community for valuable feedback
  • Security researchers who test and improve these tools
  • Everyone who contributes to open-source security
  • All tool authors for making this possible

📞 Support & Contact

🐦 Connect With Me

Twitter: @Vikrant_infosec

📧 Get Help

Support Development

If you find this tool helpful, consider supporting its development:

vikrantbatra05


�🔥 Happy Hunting! May you find many bugs! 🔥

Built with ❤️ for the Bug Bounty Community


⭐ If you like this project, please give it a star! ⭐

Star History Chart


Last updated: 2024Version: 2.0License: GPL v3.0

About

Advanced reconnaissance framework for bug bounty hunters - Automate subdomain enumeration, vulnerability scanning, and security reconnaissance with 30+ integrated tools.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Shell 100.0%