Bug bounty blitzers open-source sick subdomain-spotter
Automated, faster hacking for fun and profit ... or evil?
BSides Canberra Hacking duo Shubham Shah and Nathaniel Wakelam will publish two tools that have helped them to haul in big bucks from bug bounty programs.
Nathan Wakelam (left) and Shubham Shah. Image: Darren Pauli
The tools, AltDNS and Assetnote, help hackers to automatically identify subdomains and hosts, then generate mobile phone push notifications the minute new possibly-vulnerable domains are published.
Shah and Wakelam speaking at the Bsides Canberra hacking confab today say their unique tools will help bug bounty hunters to increase their attack surfaces and be faster to report bugs.
"These are tools that we've created together and used specifically for bug bounties,” Shah says.
“They will help you get ahead, increase your attack surfaces, and submit bugs first.”
|Feature: Bug bounty hunters score big dollars and the boom's only just begun.|
A demo of AltDNS showed it being fed 900 subdomains and 130 words commonly found in DNS records. From those datasets it produced some 5.3 million potential subdomains, of which 1400 were genuine.
“We've almost doubled the attack surface,” Shah says.
Assetnote, soon to be published to GitHub, allows hackers to submit domains which will be automatically monitored each day and receive push notifications when new subdomains are published.
Shah says the tool means hackers can be on-call and will have the critical advantage over other bug bounties.
if you rely on obscurity to hide your things, you're going to get f***ing owned,” Wakelam says.
“Bug bounties aren't necessarily hard, some of this stuff is really easy, you just need to commit the time to it.” ®