How to orchestrate Bug Bounty tools with Python and Slack

Although it is true that today it is essential to have a server in the cloud (VPS) for Bug Bounty, it is ideal to be able to manage tools in a simple way and without the need to connect to a server.

This time I want to show a brief summary of how Bug Bounty tools can be orchestrated using Slack and Python.

The first thing is that you must create a Slack account through the following URL

https://slack.com/get-started#/createnew

For this scenario, I have used python3. In this way, you have to install Slack with pip3 as follows

pip3 install slackclient
pip3 install slackeventsapi

This time we will work with a Slack APP. So first of all you should go to the module to create an APP.

https://api.slack.com/apps/

In this way, we must select the option to create a new APP and then the From Scratch option as it appears in the following image

You select your workspace and create the APP. You will have a view like the following

In order to use the APP, you must install it. For this you must give the necessary permissions to the APP through the following URL

https://api.slack.com/apps/your_APP_ID/oauth?

The most important permission is chat:write since this permission will allow the APP to write on the channel where the tool will be executed

Later, you proceed to install the APP within your workspace.

When you install it, you will get a token like the following.

You must save this token, it is very important to be able to use it with python.

After this you must configure your VPS server to receive the events that will be generated in the Slack channel. You must do this through the URL:

https://api.slack.com/apps/your_APP_ID/event-subscriptions?

You must put any port (I used the 65420 port) which can constantly listen to the events carried out in Slack.

Then you must add the option message.channels as it appears in the following image:

You must save the changes and reinstall the APP.

Another important piece of information you must obtain is the SLACK_EVENTS_TOKEN, which you obtain through the URL:

https://api.slack.com/apps/your_APP_ID/general?

The value of Signing Secret is what interests us.

Now inside your slack channel you can create a new channel for your tool, we will create one called bugbounty.

Then you must add the APP within the channel. You can do it with the sentence

/invite @name_app

Now we will use the assetfinder tool which you must install through the following sentence

go get -u github.com/tomnomnom/assetfinder

In order to create a python script that is called through the channel created in Slack and that this tool executes assetfinder, the following is needed:

  • The APP token.
  • The value of SLACK_EVENTS_TOKEN.
  • The channel ID.
  • VPS Server running.

The final script is the following (I will explain the detail of the whole script)

searchSubdomain.py

#!/usr/bin/python3
import logging
from flask import Flask, request, Response
from slack import WebClient
from slackeventsapi import SlackEventAdapter
import re
import subprocess

channel_id = "your_channel_id"
app = Flask(__name__)

SLACK_EVENTS_TOKEN = "your_slack_events_token"
slack_events_adapter = SlackEventAdapter(SLACK_EVENTS_TOKEN, "/slack/events", app)

# Initialize a Web API client
token = "your_app_token"
slack_web_client = WebClient(token=token)
auxDomain = ""


@slack_events_adapter.on("message")
def message(payload):
    global auxDomain
    event = payload.get("event", {})
    text = event.get("text")
    user_id = event.get("user")
    if "<" in text:
        text = text.replace("<","").replace(">","")

    domain  = re.sub(r'[^\x00-\x7F]+',' ',text).strip().split(" ")[1].split('|')[1]

    if "!subdomains" in text.lower() and domain != auxDomain:
    	auxDomain = domain
    	slack_web_client.chat_postMessage(channel=channel_id, text="*[+]Getting subdomains from "+auxDomain+"*", mrkdwn=True)
    	subprocess.Popen("assetfinder "+auxDomain+" > "+auxDomain+".txt",shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT)
    	output = open(auxDomain+".txt","r")
    	slack_web_client.chat_postMessage(channel=channel_id, text="```"+output.read().strip()+"```", mrkdwn=True)





if __name__ == "__main__":
    # Create the logging object
    logger = logging.getLogger()

    # Set the log level to DEBUG. This will increase verbosity of logging messages
    logger.setLevel(logging.DEBUG)

    # Add the StreamHandler as a logging handler
    logger.addHandler(logging.StreamHandler())

    # Run our app on our externally facing IP address on port 3000 instead of
    # running it on localhost, which is traditional for development.
    app.run(host='0.0.0.0', port=65420)

You must leave the script running on a screen of your VPS. When you run it you will see the following in the logs.

Then, in slack you must send a statement with the structure:

!subdomains domain.tld

Finally you will get a result like the following.

With this you will be able to orchestrate any tool using Slack and thus be able to obtain the information in a simple and fast way.

4 Likes