Open in app

Sign in

Write

Sign in

From Detection to Notification: Security Automation to Earn $$$$

the_unlucky_guy
5 min readAug 5, 2024

--

Hola hackers, After receiving a request to write a separate blog on the automation and Slack alerting method I used to find an admin panel worth $500 in my previous blog, I decided to do so. In this blog, you will learn how to utilize tools, from project discovery to build your own automation for daily subdomain monitoring and find bugs with Slack alerting.

The flow of this write-up will be as follows:

  • We will write a small Python script utilizing subfinder to enumerate subdomains
  • httpx to filter out live domains.
  • nuclei to find bugs in the subdomains using default nuclei templates.
  • Slack webhooks to sent Slack alerts with the findings, and finally, a cronjob to trigger the script daily.

Installation of Dependencies

As the script is going to use combination of different tools from Project Discovery, we will be first installing all the tools in our system/server.

To install subfinder, run below command in terminal

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

To install httpx, run below command in terminal

go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

To install Nuclei, run below command in terminal

go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

Subdomain Enumeration With Subfinder

After installing all the dependencies, let’s start writing a simple Python script that will use subfinder to enumerate subdomains and save the results in a file. The script will take a top-level domain as input.

import os
import sys

target = sys.argv[1]

def subdomain_enumeration(target):
 cmd1 = "subfinder -d "+target+" | tee -a "+target+".txt"
 os.system(cmd1)

subdomain_enumeration(target)

The above code will append a list of subdomains to a file named target.txt (hackerone.com.txt in my case). I have used hackerone.com as the target domain.

Filter Live Domains Using httpx

After enumerating all the subdomains, our task is to filter the live subdomains. We will be using httpx for this. Let’s modify our script. After modification, the script will look like this:

import os
import sys

target = sys.argv[1]

def subdomain_enumeration(target):
 cmd1 = "subfinder -d "+target+" | httpx | tee -a "+target+".txt"
 os.system(cmd1)

subdomain_enumeration(target)

I have only added httpx in cmd1. The above code will append a list of live subdomains to a file named target.txt (hackerone.com.txt in my case).

Scan Subdomains Using Nuclei

Next, we will scan all the live subdomains using nuclei, and we will use community-curated nuclei templates. Make sure to clone the nuclei templates to your system/server. After adding a function to perform a scan on live domains using nuclei, the script will look like this:

import os
import sys

target = sys.argv[1]
template = '/Users/vijeta/automation/nuclei-templates/http/misconfiguration'

def subdomain_enumeration(target):
 cmd1 = "subfinder -d "+target+" | httpx | tee -a "+target+".txt"
 os.system(cmd1)

def nucleiScan(alive_subdomain,template):
 cmd = "nuclei -l "+alive_subdomain+" -t "+template+" | tee -a "+target+"_output.txt"
 os.system(cmd)

subdomain_enumeration(target)
alive_subdomain = target+".txt"
nucleiScan(alive_subdomain, template)

The function nucleiScan will take two variables: one is the list of subdomains, and the second is the template. I have used only one template to perform the scan, but you can use as many templates as you like. After running the script, all the findings will be saved to a file named target_output.txt (hackerone.com_output.txt in my case).

Slack Alerting With Findings

Now we have a list of findings in a file named final_result. Our next task is to send an alert to a Slack channel with the findings. To send a Slack alert, we will use webhooks. Make sure to create a webhook URL for your Slack workspace.

import os
import sys
from slack_sdk.webhook import WebhookClient

target = sys.argv[1]
template = '/Users/vijeta/automation/nuclei-templates/http/misconfiguration/http-missing-security-headers.yaml'

def subdomain_enumeration(target):
 cmd1 = "subfinder -d "+target+" | httpx | tee -a "+target+".txt"
 os.system(cmd1)

def nucleiScan(alive_subdomain,template):
 cmd = "nuclei -l "+alive_subdomain+" -t "+template+" | tee -a "+target+"_output.txt"
 os.system(cmd)
     
def notifyme(webhook_url,out_put):
 out_put = out_put.replace('[36m','') 
 out_put = out_put.replace('[0m','')
 out_put = out_put.replace('[92m','')
 out_put = out_put.replace('[94m','')
 out_put = out_put.replace('[96m','')
 out_put = out_put.replace('[34m','')
 out_put = out_put.replace('[1;92m',' ')
 webhook = WebhookClient(webhook_url)
 response = webhook.send(text="fallback",
     blocks=[
         {
             "type": "section",
             "text": {
                 "type": "mrkdwn",
                 "text": " "
             }
         }
     ],
     attachments=[
         {
             "title": out_put,
             "color": "#ff3a00"
         }
     ]
 )

subdomain_enumeration(target)
alive_subdomain = target+".txt"
nucleiScan(alive_subdomain, template)
final_result = target+"_output.txt"
webhook_url = "slack_webhook_url"
out_put = open(final_result).readlines()
for issue in out_put:
 notifyme(webhook_url,issue)

I have added a notifyme function to my script, which takes the file name and webhook URL as variables. By using a for loop to read the file with the findings and calling the notifyme function for each issue, we can send Slack alerts. You can also use the POST method in the Slack API if you don’t want to use the slack-sdk.

Scheduling Cronjob For Regular Scan

We will use a cronjob to schedule an automated scan that will run our script every 24 hours. To schedule a cronjob, run the following command in the terminal:

crontab -e

Add the following line to your crontab: 0 10 * * *. This specifies that your script will run at 10:00 AM every day.

0 10 * * * /opt/homebrew/bin/python3 /Users/vijeta/automation/auto.py hackerone.com

Make sure to enter the full path to your script and the python3 binary. Use the command crontab -l to verify whether the cronjob has been added.

At last, I want to mention that you shouldn’t restrict yourself to the tools used in this write-up. There are many tools available to expand your attack surface. Treat this write-up as a starting point for your automation and feel free to add more tools.

Thanks for reading, hope you learned something new. Do clap and share if you like. Be fearless and Happy Hacking!

Twitter: 7he_unlucky_guy
Linkedin: Vijeta

Cybersecurity
Bugbounty Writeup
Automation
Bug Bounty
Technology

--

--

the_unlucky_guy

Written by the_unlucky_guy

1K Followers

Security Engineer | Never Forgive Never Forget

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams