Skip to content

0xvenatio/security-toolkit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🛡️ Security Toolkit

Collection of security testing scripts for bug bounty hunting

Python Bash License Stars


📋 Overview

Three purpose-built tools for bug bounty reconnaissance and vulnerability discovery. Designed to be fast, async, and easy to integrate into your hunting workflow.

Toolkit Overview

🔧 Tools

📡 recon.sh — Automated Recon Pipeline

Full reconnaissance pipeline in a single command.

./scripts/recon.sh target.com

What it does:

  1. Subdomain Enumeration — crt.sh + DNS brute-force (150+ common subdomains)
  2. DNS Resolution — Resolve all subdomains to IPs
  3. Port Scanning — Top 100 ports via nmap
  4. URL Discovery — robots.txt + sitemap.xml extraction
  5. Technology Detection — Server headers, X-Powered-By
  6. Quick Vuln Checks — .env, .git, phpinfo, admin panels, debug pages

Output:

recon_target.com_20240101/
├── subdomains/
│   ├── crtsh.txt          # crt.sh results
│   ├── bruteforce.txt      # DNS brute-force
│   ├── all.txt             # Merged + deduped
│   └── resolved.txt        # With IPs
├── ports/
│   └── open_ports.txt      # Open ports per host
├── urls/
│   ├── robots.txt          # From robots.txt
│   ├── sitemap.txt         # From sitemap.xml
│   └── all.txt             # All URLs
├── tech/
│   └── headers.txt         # Server/X-Powered-By
└── vulns/
    └── interesting_paths.txt # Exposed paths

🔍 api-fuzzer.py — REST API Security Fuzzer

Automated API security testing for common vulnerability classes.

python scripts/api-fuzzer.py -u https://api.target.com/v1

Modules:

Module What it tests
IDOR Sequential IDs, UUID manipulation, path-based IDs
Auth Bypass X-Forwarded-Host, X-Original-URL, header injection
Method Override X-HTTP-Method-Override, X-HTTP-Method
Mass Assignment Extra fields (role, is_admin, verified, price)
Rate Limiting Missing 429 on auth endpoints
Error Messages Verbose errors, stack traces, SQL errors

Output:

📊 Results: 5 findings
  🔴 CRITICAL: 1
  🟠 HIGH: 2
  🟡 MEDIUM: 2

Type                 Severity   Title
----------------------------------------------------------------------
IDOR                 HIGH       Potential IDOR in /api/users?id
AUTH_BYPASS          CRITICAL   Auth bypass via X-Forwarded-Host
RATE_LIMITING        MEDIUM     Missing rate limiting: /login

🏴 subdomain-takeover.py — Subdomain Takeover Checker

Check for dangling CNAME records vulnerable to takeover.

python scripts/subdomain-takeover.py -d target.com
python scripts/subdomain-takeover.py -f subdomains.txt

Supported Services (15+):

Service CNAME Pattern Bounty Range
GitHub Pages *.github.io $50-$500
Heroku *.herokuapp.com $100-$500
Shopify *.myshopify.com $500-$2,000
AWS S3 *.s3.amazonaws.com $100-$500
Azure *.azurewebsites.net $200-$1,000
CloudFront *.cloudfront.net $100-$500
Vercel *.vercel.app $50-$200
Netlify *.netlify.com $50-$200
Fly.io *.fly.dev $100-$500
Ghost *.ghost.io $50-$200
Tumblr *.domains.tumblr.com $50-$200
Pantheon *.pantheonsite.io $100-$500
Fastly *.fastly.net $100-$500
Surge.sh *.surge.sh $50-$200
Google Cloud *.storage.googleapis.com $100-$500

🚀 Installation

git clone https://github.com/0xvenatio/security-toolkit.git
cd security-toolkit
pip install aiohttp
chmod +x scripts/recon.sh

📦 Dependencies

recon.sh:

  • curl, jq, nmap, dig (standard Linux tools)

api-fuzzer.py:

  • aiohttp (Python async HTTP)

subdomain-takeover.py:

  • aiohttp (Python async HTTP)

🔗 GitHub Actions

Automated security scanning on every push:

  • ✅ Dependency vulnerability check (pip-audit, safety)
  • ✅ Static analysis (Bandit, Semgrep)
  • ✅ Secret detection (TruffleHog)
  • ✅ Container scanning (Trivy)
  • ✅ License compliance

⚠️ Disclaimer

For authorized security testing only. Always obtain permission before testing.

📄 License

MIT License


Built by @0xvenatio

About

Security testing scripts - recon pipeline, API fuzzer, subdomain takeover checker

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors