A production-ready, legal, modular BugBountyCrawler for ethical bug bounty hunting
Project description
BugBountyCrawler
A production-ready, legal, modular BugBountyCrawler for ethical bug bounty hunting. This tool prioritizes safety, accuracy, and responsible disclosure while providing comprehensive reconnaissance and scanning capabilities.
โ ๏ธ Legal Disclaimer
IMPORTANT: This tool is designed for authorized security testing only. Users must:
- Only test targets they own or have explicit written permission to test
- Comply with all applicable laws and regulations
- Respect rate limits and terms of service
- Follow responsible disclosure practices
- Never use this tool for malicious purposes
The authors are not responsible for any misuse of this tool.
๐ Quick Start
Prerequisites
- Python 3.11+
- Docker and Docker Compose (for testing)
- Valid bug bounty program scope
Installation
# Clone the repository
git clone https://github.com/your-org/bugbountycrawler.git
cd bugbountycrawler
# Install dependencies
pip install -r requirements.txt
# Install the package
pip install -e .
# Initialize the database
bugbounty init-db
Basic Usage
- Create a scope file (see
examples/scope-example.yaml):
program_name: "Example Bug Bounty Program"
domains:
- "example.com"
- "*.example.com"
endpoints:
- "https://api.example.com/v1/*"
exclusions:
- "staging.example.com"
- "dev.example.com"
- Start a scan:
bugbounty scan --scope examples/scope-example.yaml --target example.com
- Review findings in the web UI:
bugbounty web-ui
Docker Usage
# Start with OWASP Juice Shop for testing
docker-compose up -d
# Access the web UI
open http://localhost:8000
# Test against Juice Shop
bugbounty scan --scope examples/scope-example.yaml --target http://localhost:3000
๐๏ธ Architecture
Core Components
- Scope Validator: Ensures all targets are within authorized scope
- Asset Discovery: Passive OSINT and active subdomain enumeration
- URL Crawler: Robust crawler with JavaScript support
- Safe Scanners: Non-destructive security checks
- Report Generator: HackerOne/Bugcrowd-ready reports
- Web UI: React-based interface for finding review
Safety Features
- No Automated Exploitation: Only passive and non-destructive checks
- Human-in-the-Loop: Manual approval required for all findings
- Rate Limiting: Configurable delays and concurrency controls
- Scope Enforcement: Strict validation against program scope
- Responsible Disclosure: Built-in workflow for ethical reporting
๐ Project Structure
bugbountycrawler/
โโโ bugbountycrawler/ # Main package
โ โโโ core/ # Core functionality
โ โโโ scanners/ # Security scanners
โ โโโ crawlers/ # Web crawlers
โ โโโ models/ # Data models
โ โโโ api/ # FastAPI endpoints
โ โโโ cli/ # CLI interface
โ โโโ web/ # React frontend
โโโ tests/ # Test suite
โโโ examples/ # Example configurations
โโโ docs/ # Documentation
โโโ docker/ # Docker configurations
๐ง Configuration
Environment Variables
# Database
DATABASE_URL=sqlite:///./bugbounty.db
# Security
SECRET_KEY=your-secret-key
ENCRYPTION_KEY=your-encryption-key
# Rate Limiting
DEFAULT_RATE_LIMIT=10 # requests per second
MAX_CONCURRENT=5 # concurrent requests
# Optional: Remote storage
S3_BUCKET=your-bucket
S3_ACCESS_KEY=your-key
S3_SECRET_KEY=your-secret
Scope File Format
See examples/scope-example.yaml for detailed scope configuration options.
๐งช Testing
Local Testing with OWASP Juice Shop
# Start test environment
docker-compose up -d
# Run tests
pytest
# Run with coverage
pytest --cov=bugbountycrawler
Integration Tests
# Test against Juice Shop
pytest tests/integration/ -v
๐ Reports
The tool generates reports in multiple formats:
- Markdown: Human-readable format
- PDF: Professional reports
- HackerOne: Direct submission format
- Bugcrowd: Direct submission format
๐ค Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
๐ License
MIT License - see LICENSE file for details.
๐ Support
- Documentation: docs/
- Issues: GitHub Issues
- Security: security@bugbountycrawler.dev
๐ Learning Resources
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
bugbountycrawler-1.0.0.tar.gz
(156.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bugbountycrawler-1.0.0.tar.gz.
File metadata
- Download URL: bugbountycrawler-1.0.0.tar.gz
- Upload date:
- Size: 156.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4b6b6f02e598ebc2a492de0e7e63d83d6b73172b82d206c75f5ee086e3a58ab6
|
|
| MD5 |
bd2487704116aa9ee9fb77b9af3894f4
|
|
| BLAKE2b-256 |
60599aa9df449ebc448b93f69e3b4e2584773423d6d351e67e080741ed0b2b98
|
File details
Details for the file bugbountycrawler-1.0.0-py3-none-any.whl.
File metadata
- Download URL: bugbountycrawler-1.0.0-py3-none-any.whl
- Upload date:
- Size: 200.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9201d21e70f54658f327c2154fd0099625ded81fcb32908467f177a9431c8b67
|
|
| MD5 |
2ce8dbf153fad35f7a2020dd8f67143d
|
|
| BLAKE2b-256 |
2701c974025385cd1dd310cda6a3b0aa91fa698c31e89c1eec77a647cc8d086f
|
