The Bug Scraper is designed to help Bug Bounty Researchers find valid targets for both Wide-Band and Narrow-Band Testing.
At this time, this tool contains two modules:
The Discovery Module uses a combination of API Calls and DOM Scraping to build a list of all valid URLs and Domains listed in public programs on HackerOne and BugCrowd. Running this module will output two TXT files, domains.txt and urls.txt, with these wordlists.
The Monitor Module periodically (30 min. intervals) checks HackerOne and BugCrowd for new public programs. When a new program is discovered, Bug Scraper will send a Slack message to a web hook alerting you of the new program.
I AM NOT RESPONSABLE FOR HOW YOU USE THIS TOOL. DON'T BE A DICK!
The install script included in this repo is designed to work on the latest version of Kali Linux. To run Bug Scraper on Windows/Mac, please make sure you have the following dependencies installed:
- Python3 (and pip3)
- Python Modules:
- argparse
- bs4
- NodeJS (and npm)
- NPM Packages:
- puppeteer
You will also need to manually create the .keys folder in your home directory and add the following files:
.keys
| slack_web_hook
| .hackerone
| .bugcrowd
These files should contain your API Keys for each service. Below are examples of the correct formatting.
Slack Web Hook - [RAW_TOKEN]
T01EJL4T8RZ/B02CQAWLY2F/Y513AokrRCZXj60lf46OoQge
HackerOne API Key - [USERNAME]:[API_KEY]
rs0n:uyFIUtMeajuBFPYxKQ9LZaQFP+2KPqMc45Jg64Som4k=
BugCrowd API Key - [RAW_TOKEN]
sdfwnpiwjf:_L5soTaruwfdviJyoxquAmjq_E874_uLm7ePTcKTRJj7EnDK8E9LgdIbdPXv2LnHjaliefjz
For Kali Linux users, simply run the install script included in this repo:
python3 install.py
python3 bug-scraper.py [--disco] [--monitor]
| Module | Flag | Required | Notes |
|---|---|---|---|
| Discover | --disco | no | Builds a list of Domains and URLs listed as valid Bug Bounty Targets |
| Monitor | --monitor | no | Monitors BugCrowd and HackerOne for new public programs |