A telegram bot with commands to simplify bug bounty tasks
BugBountyBot is open-source so you can run the bot on your own server. The following installation instructions are designed to be used with an Ubunto Virtual Private Server, from a vendor such as digitalocean.
-
Create a Virtual Private Server. See digitalocean
-
Make a new non-root sudo user. see tutorial
-
Install PiP
sudo apt install python3-pip
- Install python3-pip Package Manager
sudo apt install python3-pip
- Install pyTelegramBotAPI package
pip3 install pyTelegramBotAPI
- Clone the bot to your server
git clone https://github.com/tcbutler320/BugBountyBot.git
- Message (botfather)[] on telegram to get a new api key
/newbot
- Create a
.env
file in the root of your bugbountybot application folder with your new apikey
echo "API_KEY=[KEY]" > .env
- Start the bot
python3 bbbot.py
- (A) Alternatively, schedule your bot using cron
crontab -e
- (B) Set your cronjob to run at requested intervals
Use a bash script to check if bugbountybot is already running
Crontab entry
* * * * * /home/bugbountybot/scripts/isRunning.sh
Script
#!/bin/sh
if ps -ef | grep -v grep | grep bbbot.py ; then
exit 0
else
/usr/bin/python3 /home/bugbountybot/app/bbbot.py >> ~/cron.log 2>&1
exit 0
fi
Function | Command | Output |
---|---|---|
DNS Subdomain Enumeration | dnsenum tbutler.org | www.tbutler.org,mail.tbutler.org |
- Multithreading to improve dns reconnaissance speed
- Anonymous scan mode to run dns enumeration over tor network
- Custom User Agent Strings
- Allow users to determine how many subdomains to enumerate, ex.
dnsenum domain.tld -l 500