BountyDork

<h1 align="center">BountyDork</h1> <p align="center">Bug Orientation tool Utilizing Novel Tactics Yields Dorking Research Implementing Vulnerability Exploitation </p><br> <div align="center"> <img src="https://forthebadge.com/images/badges/made-with-python.svg" > </div>

Introduction:

BountyDork is a comprehensive tool designed for penetration testers and cybersecurity researchers. It integrates various modules for performing attacks, reporting, and managing VPN/proxy settings, making it an indispensable asset for any security professional.

Features:

• Automation: Automate the process of finding vulnerabilities.

• Dorking:

  • Automate Google dorking - bounty_dork/dorks/google/<dorks>.txt

• No need of API: No need for API keys.

• Reporting: Generate detailed reports of findings.

• Selenium: Automate the process of finding vulnerabilities.

• reCAPTCHA: Automatically solve reCAPTCHA challenges.

• VPN/Proxies Management: Seamlessly switch between different VPN services and proxies to anonymize your activities.

  • NordVPN - Create file bounty_dork/vpn_proxies/proxies/nordvpn_login.csv with username,password format.

username,password
AAAAAAAA,BBBBBBBB

• Pause/Resume: Pause and resume the dorking process at any time.
• Pypy3 Support: Use pypy3 to speed up the execution of the tool.

Congiguration files

• configs/<hackerone>_targets.txt: Contains the list of targets to be scanned.

• configs/<hackerone>_exclusions.txt: Contains the list of exclusions to be used during scanning.

• outputs/reports/<hackerone>/*: Contains the list of outputs dorks to be used during scanning.

• configs/config.ini: Contains the configuration settings for the tool.

[Settings]
extension = 
subdomain = true
do_web_scap = true
dorks = bounty_dork/dorks/google/ ; TODO enforce
target_file = configs/target_toolsforhumanity.txt
exclusion_file = configs/exclusion_pornbox.txt
target_login = []
logging=DEBUG
max_thread = 30
runtime_save = true
keyboard_interrupt_save = true

[Bounty]
need_specific_user_agent = false
target_user_agent = RingResearcher_elniak
hackerone_username = elniak

[GoogleDorking]
do_dorking_google = true
total_output = 100
page_no = 1
default_total_output = 10
default_page_no = 1
lang = en
use_selenium = false
do_xss = true        ; enable xss dorking
do_sqli = true       ; enable sqli dorking


[GithubDorking]
do_dorking_github = false

[ShodanDorking]
do_dorking_shodan = false

[Proxy]
use_proxy = true
use_free_proxy_file = false
use_free_proxy = false
use_nordvpn_proxy = true
proxies = [None]
proxy_mean_delay = 10
proxy_factor = 1

[VPN]
use_vpn = false
use_nordvpn = false
nord_vpn_login = []

[Tor]
use_tor=false

[Delay]
initial_delay = 30
delay_factor = 2
long_delay = 15
max_delay = 600
request_delay = 30
waf_delay = 600

[Rate]
rate_per_minute = 1
current_delay = 60

TODOs:

• Logging Levels: Implement logging level for the tool.

• Dorking:

  • Automate Yahoo dorking
  • Automate Bing dorking
  • Automate DuckDuckGo dorking
  • Automate Ask dorking
  • Automate GitHub dorking
  • Automate Shodan dorking

• Tor:

  • Automate Tor connection
  • Automate Tor disconnection

Usage:

usage: bounty_dork.py [-h] --config CONFIG [--extension EXTENSION] [--subdomain SUBDOMAIN] [--do_web_scap DO_WEB_SCAP] [--target_file TARGET_FILE] [--exclusion_file EXCLUSION_FILE] [--target_login [TARGET_LOGIN ...]]
                      [--logging LOGGING] [--max_thread MAX_THREAD] [--runtime_save RUNTIME_SAVE] [--keyboard_interrupt_save KEYBOARD_INTERRUPT_SAVE] [--need_specific_user_agent NEED_SPECIFIC_USER_AGENT]
                      [--target_user_agent TARGET_USER_AGENT] [--hackerone_username HACKERONE_USERNAME] [--do_dorking_google DO_DORKING_GOOGLE] [--total_output TOTAL_OUTPUT] [--page_no PAGE_NO]
                      [--default_total_output DEFAULT_TOTAL_OUTPUT] [--default_page_no DEFAULT_PAGE_NO] [--lang LANG] [--use_selenium USE_SELENIUM] [--do_dorking_github DO_DORKING_GITHUB] [--do_dorking_shodan DO_DORKING_SHODAN]
                      [--use_proxy USE_PROXY] [--use_free_proxy_file USE_FREE_PROXY_FILE] [--use_free_proxy USE_FREE_PROXY] [--use_nordvpn_proxy USE_NORDVPN_PROXY] [--proxies [PROXIES ...]] [--proxy_mean_delay PROXY_MEAN_DELAY]
                      [--proxy_factor PROXY_FACTOR] [--use_vpn USE_VPN] [--use_nordvpn USE_NORDVPN] [--nord_vpn_login [NORD_VPN_LOGIN ...]] [--use_tor USE_TOR] [--initial_delay INITIAL_DELAY] [--delay_factor DELAY_FACTOR]
                      [--long_delay LONG_DELAY] [--max_delay MAX_DELAY] [--request_delay REQUEST_DELAY] [--waf_delay WAF_DELAY] [--rate_per_minute RATE_PER_MINUTE] [--current_delay CURRENT_DELAY]

Configuration and Argument Parser

options:
  -h, --help            show this help message and exit
  --config CONFIG       Path to the configuration file
  --extension EXTENSION
                        Extension
  --subdomain SUBDOMAIN
                        Use subdomain
  --do_web_scap DO_WEB_SCAP
                        Do web scraping
  --target_file TARGET_FILE
                        Target file
  --exclusion_file EXCLUSION_FILE
                        Exclusion file
  --target_login [TARGET_LOGIN ...]
                        Target login
  --logging LOGGING     Logging level
  --max_thread MAX_THREAD
                        Maximum number of threads
  --runtime_save RUNTIME_SAVE
                        Runtime save
  --keyboard_interrupt_save KEYBOARD_INTERRUPT_SAVE
                        Keyboard interrupt save
  --need_specific_user_agent NEED_SPECIFIC_USER_AGENT
                        Need specific user agent
  --target_user_agent TARGET_USER_AGENT
                        Target user agent
  --hackerone_username HACKERONE_USERNAME
                        HackerOne username
  --do_dorking_google DO_DORKING_GOOGLE
                        Do Google dorking
  --total_output TOTAL_OUTPUT
                        Total output
  --page_no PAGE_NO     Page number
  --default_total_output DEFAULT_TOTAL_OUTPUT
                        Default total output
  --default_page_no DEFAULT_PAGE_NO
                        Default page number
  --lang LANG           Language
  --use_selenium USE_SELENIUM
                        Use Selenium
  --do_dorking_github DO_DORKING_GITHUB
                        Do GitHub dorking
  --do_dorking_shodan DO_DORKING_SHODAN
                        Do Shodan dorking
  --use_proxy USE_PROXY
                        Use proxy
  --use_free_proxy_file USE_FREE_PROXY_FILE
                        Use free proxy file
  --use_free_proxy USE_FREE_PROXY
                        Use free proxy
  --use_nordvpn_proxy USE_NORDVPN_PROXY
                        Use NordVPN proxy
  --proxies [PROXIES ...]
                        Proxies
  --proxy_mean_delay PROXY_MEAN_DELAY
                        Proxy mean delay
  --proxy_factor PROXY_FACTOR
                        Proxy factor
  --use_vpn USE_VPN     Use VPN
  --use_nordvpn USE_NORDVPN
                        Use NordVPN
  --nord_vpn_login [NORD_VPN_LOGIN ...]
                        NordVPN login
  --use_tor USE_TOR     Use Tor
  --initial_delay INITIAL_DELAY
                        Initial delay
  --delay_factor DELAY_FACTOR
                        Delay factor
  --long_delay LONG_DELAY
                        Long delay
  --max_delay MAX_DELAY
                        Max delay
  --request_delay REQUEST_DELAY
                        Request delay
  --waf_delay WAF_DELAY
                        WAF delay
  --rate_per_minute RATE_PER_MINUTE
                        Rate per minute
  --current_delay CURRENT_DELAY
                        Current delay

OR

python3 bounty_dork.py --config <config_file>

-Extension: 
-Total Output: 100
-Page No: 1
-Do Google Dorking: True
-Do Github Dorking False
-Domain: True
-Use Proxy: True

Using NordVPN proxies 
You have NordVPN account using these proxies [['AAAA', 'BBBB']]
NordVPN Proxy: amsterdam.nl.socks.nordhold.net
NordVPN Proxy: atlanta.us.socks.nordhold.net
NordVPN Proxy: dallas.us.socks.nordhold.net
NordVPN Proxy: los-angeles.us.socks.nordhold.net
NordVPN Proxy: nl.socks.nordhold.net
NordVPN Proxy: se.socks.nordhold.net
NordVPN Proxy: stockholm.se.socks.nordhold.net
NordVPN Proxy: us.socks.nordhold.net
NordVPN Proxy: new-york.us.socks.nordhold.net

Proxy: ['socks5h://username:password@los-angeles.us.socks.nordhold.net:1080', 'socks5h://username:password@us.socks.nordhold.net:1080', 'socks5h://username:password@new-york.us.socks.nordhold.net:1080', 'socks5h://username:password@amsterdam.nl.socks.nordhold.net:1080', 'socks5h://username:password@dallas.us.socks.nordhold.net:1080', 'socks5h://username:password@atlanta.us.socks.nordhold.net:1080', 'socks5h://username:password@nl.socks.nordhold.net:1080', 'socks5h://username:password@stockholm.se.socks.nordhold.net:1080', 'socks5h://username:password@se.socks.nordhold.net:1080']

Number of workers: 30

Starting Google dorking scan phase...

Initial Dorking search for based targets *.worldcoin.org - xss
Initial Dorking search for based targets *.worldcoin.org - sqli
Initial Dorking search for based targets *.consumer.worldcoin.org - xss
Initial Dorking search for based targets *.consumer.worldcoin.org - sqli
Initial Dorking search for based targets toolsforhumanity.com - xss
Initial Dorking search for based targets toolsforhumanity.com - sqli
Initial Dorking search for based targets getworldcoin.com - xss
Initial Dorking search for based targets getworldcoin.com - sqli
Initial Dorking search for based targets *.worldcoin-distributors.com - xss
Initial Dorking search for based targets *.worldcoin-distributors.com - sqli
Initial Dorking search for based targets bioid-management.app - xss
Initial Dorking search for based targets bioid-management.app - sqli
Initial Dorking search for based targets *.worldcoin.dev - xss
Initial Dorking search for based targets *.wor