Recon
NodeJS script to extract assets for the Apple bug bounty program from their security acknowledgments page for bug bounty recon.
Install / Use
/learn @payloadartist/ReconREADME
🕵🏾 recon
This script weaponizes the power of web scraping to collect assets from the Apple bug bounty program's acknowledgements page. Since Apple's program doesn't have a well defined scope, the assets collected here can be used as a point of reference to perform further testing or, recon.
Update
As of November 2022, Apple has changed their security acknowledgements page. Mentions of vulnerable hosts are removed in latest versions of the security acknowledgement pages. As such, this tool is not working anymore.
⚒️ Install
Make sure you have Node and npm installed. Then run,
npm install
to install the dependencies
If you just want the file containing the assets (domains and sub-domains), simply run
wget https://github.com/payloadartist/recon/raw/main/assets.txt
⚙️ Usage
To pull new assets on your own.
Run
chmod +x extract.js (for the first time or you can skip this if you run with node)
./extract.js assets.txt
(default output file is apple_assets.txt while you can specify a custom output file by providing the second argument)
It will also output to stdout, for piping to other tools.
🙌 Credits
Related Skills
node-connect
354.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
112.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
354.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
354.0kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
