Skip to content

Latest commit

 

History

History
99 lines (77 loc) · 2.29 KB

README.md

File metadata and controls

99 lines (77 loc) · 2.29 KB

BugBounty Web App alt text

Introduction

This web application is built with Flask, a web Python framework based on Jinja: Flask official web site.

About the project

The web app's goal is to help BugBounty Hunters to manage their BugBounties and Target list.

Dependencies

  • Pip
cd /tmp/
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
rm get-pip.py
  • Install all requirements
pip install -r requirements.txt

Run App

  • Run on localhost
python app.py
  • with Flask command
export FLASK_APP=app.py
flask run
  • To run the app trough network edit app.py
flask run --host 0.0.0.0

Run through Apache

Create a new conf in /etc/apache2/sites-available/

vim /etc/apache2/sites-available/bugbounty.conf

and change the conf above with your current configuration :

<VirtualHost *:80>
    ServerName dashboard.toto.com
    ServerAdmin [email protected]
    WSGIScriptAlias / /var/www/toto.com/bugbounty/bugbounty.wsgi
    <Directory /var/www/toto.com/bugbounty/>
            Order allow,deny
            Allow from all
    </Directory>
    Alias /static /var/www/toto.com/bugbounty/static
    <Directory /var/www/toto.com/bugbounty/static/>
            Order allow,deny
            Allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

In the App folder, change the bugbounty.wsgi file content:

import sys
sys.path.insert(0, '/var/www/toto.com/bugbounty/')
from app import app as application

and in utils.py, change this line with the absolute path to the Database App:

top.sqlite_db = sqlite3.connect('/var/www/toto.com/bugbounty/dashboard.sqlite')

Features

  • Authentication with username/[sha1]password stored in database (default: admin/admin)
  • Bug Bounty programs scrapped from Vuln-Lab, BugCrowd, HackerOne and BountyFactory
  • Add bounty in database (click on the pink (+) button)
  • Switch bounty's status (click on the status: (Open) | (Close) )
  • Edit bounty's data
  • Delete bounty
  • Temporary notifications via JQuery
  • XSS Lab
  • Manage your targets