It's been a month since I started bug bounty and shortly after I felt the need for a tool. I tried to make mine since I could not find any tools that are up to date and still being worked on. I made a basic tool called "Dobby" which does subdomain enumeration, live URL probing, and URL filtering.
It's been a month since I started bug bounty and shortly after I felt the need for a tool. I tried to make mine since I could not find any tools that are up to date and still being worked on. I made a basic tool called "Dobby" which does subdomain enumeration, live URL probing, and URL filtering.
What is Dobby?
Dobby is a bash script designed to help bug bounty hunters streamline their web reconnaissance process. It automates the discovery of subdomains, checks which ones are live, and filters out important files and URLs for further analysis.
How does it work?
Dobby leverages several well-known tools to perform its tasks:
1. Subdomain Enumeration: Uses tools like `subfinder`, `assetfinder`, and optionally `amass` to find subdomains of a given domain.
2. Live URL Probing: Uses `httprobe` to check which discovered subdomains are live.
3. URL Fetching: Gathers URLs from various sources such as the Wayback Machine using `waybackurls` and `getallurls`.
4. URL Filtering: Filters the fetched URLs to find JavaScript files, JSON files, and URLs containing important keywords like `admin`, `auth`, `api`, etc.
Key Features
- Multi-threaded Execution: Allows specifying the number of threads for faster execution.
- Amass Integration: Optionally integrates Amass for more comprehensive subdomain enumeration.
- Customizable Timeout: Allows setting a timeout for Amass execution to avoid long waits.
- Comprehensive Filtering: Easily find .js, .json files, and URLs with keywords like `admin`, `auth`, `api`, etc.
Future Plans
Dobby is pretty basic right now, but I plan to keep upgrading it with more features and improvements. I appreciate any comments, suggestions, or contributions from the community to make it better.
Conclusion
If you're into bug bounty hunting, Dobby can save you a ton of time and effort. Feel free to check out the project on https://lnkd.in/d-xjy3pa and let me know what you think. Your feedback and contributions are welcome!
Dobby is a bash script designed to help bug bounty hunters sreamline their web reconnaissance process. It automates the discovery of subdomains, checks which ones are live, and filters out important files and URLs for further analysis.
Comentarios