B-Hunters

$$$$$$$\          $$\   $$\                      $$\
$$  __$$\         $$ |  $$ |                     $$ |
$$ |  $$ |        $$ |  $$ |$$\   $$\ $$$$$$$\ $$$$$$\    $$$$$$\   $$$$$$\   $$$$$$$\
$$$$$$$\ |$$$$$$\ $$$$$$$$ |$$ |  $$ |$$  __$$\\_$$  _|  $$  __$$\ $$  __$$\ $$  _____|
$$  __$$\ \______|$$  __$$ |$$ |  $$ |$$ |  $$ | $$ |    $$$$$$$$ |$$ |  \__|\$$$$$$\
$$ |  $$ |        $$ |  $$ |$$ |  $$ |$$ |  $$ | $$ |$$\ $$   ____|$$ |       \____$$\
$$$$$$$  |        $$ |  $$ |\$$$$$$  |$$ |  $$ | \$$$$  |\$$$$$$$\ $$ |      $$$$$$$  |
\_______/         \__|  \__| \______/ \__|  \__|  \____/  \_______|\__|      \_______/
                                            0xBormaa - 2024

B-Hunters is a bug bounty framework built on the Karton framework. It leverages Docker to execute multiple tools and tasks across different machines, providing a powerful, modular, and scalable approach to reconnaissance and vulnerability scanning.

B-Hunters automates the entire recon process by utilizing multiprocessing and microservices to ensure efficiency, flexibility, and ease of integration.

Results can be integrated with discord webhooks to be sent once tool running finish or using the command line

---

B-hunters-playground Includes all tools and servers needed to start using B-Hunters

Tools Integrated

B-Hunters currently includes the following tools:

Subdomains

1. Subfinder A fast passive subdomain enumeration tool that uses a wide range of sources.

2. Vita A tool for vulnerability and information gathering during reconnaissance.

3. Findomain A subdomain enumeration tool that integrates API keys for faster and more extensive discovery.

4. Sublist3r A tool designed to enumerate subdomains using multiple search engines.

5. Assetfinder Quickly finds domains and subdomains related to a target using various sources.

6. Chaos Fetches subdomains from ProjectDiscovery's Chaos dataset.

---

Crawling and Spidering

1. Gospider A fast web spider written in Go, designed for gathering URLs and data.

2. Dirsearch A simple command-line tool designed to brute force directories and files in webservers.

3. GetJS Scrapes JavaScript files from web pages for further analysis.

4. Gowitness A tool for taking screenshots of websites, collecting headers, and identifying technologies.

5. Katana A fast and lightweight web crawler built for information gathering.

6. ParamSpider Finds parameters from web pages for use in parameter-based vulnerability testing.

7. Waymore Fetches URLs from various online services, including Wayback Machine and others.

8. Waybackurls Retrieves URLs for a domain from the Wayback Machine and similar services.

9. GAU (GetAllURLs) Fetches known URLs from AlienVault's Open Threat Exchange, Wayback Machine, and more.

10. Wappalyzer-CLI Identifies technologies used on websites via the command line.

---

Vulnerability Checks

1. DalFox A fast and powerful open-source tool for detecting and exploiting XSS vulnerabilities.

2. SSTImap Detects and maps Server-Side Template Injection (SSTI) vulnerabilities.

3. SQLMap An automated SQL injection and database takeover tool.

4. Nuclei A fast tool for vulnerability scanning based on templates.

5. SecretFinder Finds sensitive data in JavaScript files.

6. NipeJS A JavaScript analysis tool for identifying vulnerabilities.

---

Other

1. uro
2. gf
3. qsreplace
4. Nmap

---

Features

• Automation: Automates recon and scanning tasks to save time and reduce manual effort.
• Modularity: Built on a microservices architecture, allowing easy customization and extension.
• Scalability: Handles large-scale tasks with multiprocessing and distributed workloads.
• Integration: Feeds the output of one tool seamlessly into another.
• Dockerized: Provides containerized environments for consistent and isolated tool execution.

---

Why B-Hunters?

B-Hunters uses a microservices architecture to provide these features:

• Isolation: Each tool runs in its own container, ensuring no interference between tools.
• Resilience: Faults in one service do not affect others.
• Scalability: Allows horizontal scaling by distributing services across multiple machines.
• Flexibility: Enables you to easily replace or update individual components without disrupting the entire framework.
• Parallelism: Tasks are processed concurrently, significantly reducing recon time.

---

Installation

1. Clone the Repository:

   git clone https://github.com/B-Hunters/B-Hunters.git
   cd B-Hunters
   pip install .
   

2. Install Using pip:

   pip install b-hunters
   

Config

You have first to update b-hunters.example.ini file with your IP and other configs if you want to edit. Remember when you update settings when running tools use the same config file Config file by default should be in /etc/b-hunters/b-hunters.ini" if you want insomething else use -c flag when calling command

Usage

The tool provides two main commands: scan and report. These commands allow you to perform scans on domains and generate reports. Below is a detailed explanation of each command and its options.

General Options

| Option | Description | Default | |--------------------|--------------------------------------------------|---------------------------------------| | --config, -c | Optional path to the configuration file. | /etc/b-hunters/b-hunters.ini |

---

Commands

1. Scan Command

Run a scan operation on a specified domain.

Options

| Option | Description | Required | |------------------------|--------------------------------------------------|--------------| | --domain, -d | Target domain for scanning. | Yes | | --scantype, -t | Type of scan: single or multi. | Yes | | --description | Optional description for the scan. | No | |

Usage:

b-hunters  [-c <config_path>] scan --domain <target_domain> --scantype <single or multi> [--description <description>]

For example to scan all subdomains in example.com

b-hunters scan -d example.com -t multi

2. Report Command

Generate a scan report for a specified domain.

Options

| Option | Description | Required | |------------------------|--------------------------------------------------|--------------| | --domain, -d | Specify the domain for the report. | Yes | | --output, -o | Optional path to save the report output. | No | |

Usage

b-hunters report --domain <target_domain> [--output <output_path>]

Example to get report of domain example.com

b-hunters report -d example.com -o /tmp/example.com

Future Plan

Here are the planned features and improvements for the tool:

• Create Web Interface Develop a user-friendly web interface to manage scans and reports.

• Integrate Discord Bot Integrate a Discord bot to scan or get full report.

• Add More Tools Continuously expand the toolset by adding more scanning and vulnerability scanning tools.