🔍 HuntTheBug

🚀 Advanced Reconnaissance Framework for Bug Bounty Hunters

HuntTheBug is a comprehensive, automated reconnaissance toolkit designed specifically for bug bounty hunters and security researchers. It combines 30+ industry-leading tools into a unified workflow for efficient vulnerability discovery.

📖 About

• 🎯 Purpose: Automated reconnaissance for bug bounty programs
• 🛠️ Tools: 30+ integrated security tools
• ⚡ Speed: Parallel execution for maximum efficiency
• 📱 Notifications: Real-time Telegram bot alerts

🎯 Features

🔓 Subdomain Enumeration

• Multi-Source Discovery: Amass, SubFinder, Sublist3r, Crobat, AssetFinder, FindDomain, GitHub, Subscraper
• Live Domain Verification: HTTPX + Httprobe for active subdomain detection
• Status Code Analysis: Hakcheckurl for 200/403 subdomain identification

🎭 Subdomain Takeover

• Automated Scanning: SubJack + Nuclei for vulnerable subdomain identification
• Real-time Alerts: Telegram bot notifications for immediate threat response

🌐 URL & JavaScript Analysis

• Historical URL Discovery: GAU + WaybackURLs for comprehensive endpoint mapping
• Live URL Verification: FFUF for active endpoint confirmation
• Parameter Extraction: ParamSpider for attack surface expansion
• JavaScript Mining: SecretFinder + JSFinder for sensitive data extraction

📁 Directory & Port Scanning

• Advanced Fuzzing: Dirsearch with custom wordlists
• Port Discovery: Naabu for open port identification
• Vulnerability Assessment: Nuclei template-based scanning

🏢 Organization Intelligence

• Reverse WHOIS: Knockknock for corporate asset mapping
• IP Intelligence: IPinfo for infrastructure analysis

🏆 Key Advantages

| 🚀 Speed | 🎯 Accuracy | 🛡️ Security | 📱 Automation | |---------|------------|-------------|---------------| | Parallel execution | Multi-tool validation | Safe scanning practices | Real-time notifications | | Optimized workflows | Comprehensive coverage | Non-intrusive methods | Scheduled scans | | Smart caching | False positive reduction | Ethical guidelines | Custom alerting |

🛠️ Installation

📋 System Requirements

| Requirement | Minimum | Recommended | |-------------|---------|-------------| | OS | Kali Linux | Kali Linux Latest | | CPU | 2+ Cores | 4+ Cores | | RAM | 4GB+ | 8GB+ | | Storage | 10GB+ | 20GB+ |

⚠️ Warning: Tested with 1GB RAM + 1 Core CPU resulted in system crashes. Ensure minimum requirements.

🚀 Quick Install

# Install dependencies
apt install zsh git -y

# Clone the repository
cd ~
git clone https://github.com/vikrantbatra05/HuntTheBug

# Navigate and setup
cd ~/HuntTheBug
chmod +x *.zsh

# Run installation script
./install.zsh

⚙️ Configuration

Advanced Subdomain Tools Setup

Amass Configuration:

nano ~/HuntTheBug/config/amass-config.ini

📖 Detailed Guide

SubFinder Configuration:

nano ~/HuntTheBug/config/subfinder-config.yaml

📖 Setup Tutorial

Telegram Bot Setup:

nano ~/HuntTheBug/conf.zsh

Resources:

• 🤖 Bot Token & Chat ID
• 🔐 Alternative Method
• 📝 GitHub Token

🎮 Usage Guide

Choose Your Mission

| Scope | Target | Purpose | |-------|--------|---------| | Medium | *.target.com | Comprehensive recon | | Small | app.target.com | Focused analysis | | Organization | company_name | Asset discovery | | 403 Bypass | https://target.com | Access testing |

Launch Commands

Medium Scope Programs:

./recon.zsh target.com

Small Scope Programs:

./dom_hunt.zsh app.target.com
./dom_hunt.zsh target.com

Organization Intelligence:

./org_hunt.zsh organization_name

403 Bypass Testing:

./403_hunt.zsh https://target.com

🔄 Workflow Breakdown

Medium Scope Reconnaissance (recon.zsh)

| Phase | Tools | Purpose | Output | |-------|-------|---------|--------| | 1. Subdomain Discovery | Amass, SubFinder, SubLis3R, Crobat, AssetFinder, FindDomain, GitHub, Subscraper | Comprehensive enumeration | Raw subdomain list | | 2. Live Verification | HTTPX, Httprobe | Active subdomain identification | Live domains only | | 3. Status Analysis | Hakcheckurl | 200/403 filtering | Responsive subdomains | | 4. Takeover Detection | SubJack, Nuclei | Vulnerable subdomain ID | Takeover candidates | | 5. URL Discovery | GAU, WaybackURLs | Historical endpoint mapping | URL database | | 6. Live URL Testing | FFUF | Active endpoint verification | Live URLs | | 7. Parameter Mining | ParamSpider | Attack surface expansion | Parameterized URLs | | 8. JavaScript Analysis | SecretFinder, JSFinder | Sensitive data extraction | Secrets & endpoints | | 9. Directory Fuzzing | Dirsearch | Hidden endpoint discovery | Directory structure | | 10. Port Scanning | Naabu | Open port identification | Port inventory | | 11. Vulnerability Scanning | Nuclei | Known vulnerability detection | Vulnerability report |

Small Scope Reconnaissance (dom_hunt.zsh)

| Phase | Tools | Purpose | |-------|-------|---------| | URL Discovery | GAU, WaybackURLs | Historical endpoint collection | | Live Testing | FFUF | Active endpoint verification | | Pattern Analysis | GF Tool | Security pattern matching | | Parameter Extraction | ParamSpider | Parameter discovery | | JavaScript Mining | JSFinder, jsvar.sh | Endpoint and variable extraction | | Secret Detection | SecretFinder | Sensitive data discovery | | Directory Fuzzing | Dirsearch | Hidden directory discovery | | Vulnerability Scanning | Nuclei | Known vulnerability detection |

Organization Intelligence (org_hunt.zsh)

| Phase | Tools | Purpose | |-------|-------|---------| | Domain Discovery | Knockknock | Reverse WHOIS lookup | | Live Verification | HTTPX | Active domain confirmation | | IP Intelligence | IPinfo | Infrastructure analysis |

🛡️ Security Tools Integration

Core Reconnaissance Tools

| Tool | Purpose | Repository | |------|---------|------------| | Amass | Advanced subdomain enumeration | OWASP/Amass | | SubFinder | Passive subdomain discovery | projectdiscovery/subfinder | | Nuclei | Vulnerability scanning | projectdiscovery/nuclei | | HTTPX | HTTP probing | projectdiscovery/httpx | | Naabu | Port scanning | projectdiscovery/naabu |

Specialized Tools

| Tool | Purpose | Repository | |------|---------|------------| | SubJack | Subdomain takeover | haccer/subjack | | GAU | URL gathering | lc/gau | | FFUF | Web fuzzing | ffuf/ffuf | | Dirsearch | Directory brute force | maurosoria/dirsearch | | SecretFinder | Secret detection in JS | m4ll0k/SecretFinder |

403 Bypass Tools

| Tool | Repository | |------|------------| | byp4xx | lobuhi/byp4xx | | 403bypasser | yunemse48/403bypasser | | bypass-403 | iamj0ker/bypass-403 |

📁 Project Structure

HuntTheBug/
├── config/                 # Configuration files
│   ├── amass-config.ini   # Amass settings
│   └── subfinder-config.yaml  # SubFinder settings
├── wordlist/              # Custom wordlists
│   ├── raft-*.txt        # Raft wordlists
│   ├── all.txt           # Comprehensive wordlist
│   └── dns-resolvers.txt # DNS resolvers
├── *.zsh                 # Main reconnaissance scripts
├── conf.zsh             # Global configuration
├── install.zsh          # Installation script
└── LICENSE             # GPL v3 License

🤝 Contributing

We welcome contributions! Here's how you can help:

1. Report Issues: Found a bug? Open an issue
2. Feature Requests: Have an idea? Suggest a feature
3. Pull Requests: Want to contribute code? Submit a PR

Development Guidelines

• Follow existing code style
• Test your changes thoroughly
• Update documentation as needed
• Ensure compatibility with Kali Linux

📜 License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.

🙏 Acknowledgments

Special thanks to all the open-source tools that make HuntTheBug possible:

Tool Authors

• ProjectDiscovery - For amazing tools like Nuclei, SubFinder, HTTPX, Naabu
• TomNomNom - For incredible reconnaissance tools
• OWASP - For the Amass project
• All other tool authors - Your contributions are invaluable!

Community

• The bug bounty community for feedback and suggestions
• Security researchers who test and impr