alexisahmed / bugbountytoolkit Goto Github PK

The container was pulled directly from docker hub

[  9:24AM ]  [ root@70cce5c4a3f5:~/toolkit ]
 $ wfuzz
 /usr/local/lib/python2.7/dist-packages/wfuzz/__init__.py:35: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
Traceback (most recent call last):
  File "/usr/local/bin/wfuzz", line 11, in <module>
    load_entry_point('wfuzz==3.1.0', 'console_scripts', 'wfuzz')()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 489, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2852, in load_entry_point
    return ep.load()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2443, in load
    return self.resolve()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2449, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/lib/python2.7/dist-packages/wfuzz/__init__.py", line 55, in <module>
    from .options import FuzzSession
  File "/usr/local/lib/python2.7/dist-packages/wfuzz/options.py", line 6, in <module>
    from .facade import (
  File "/usr/local/lib/python2.7/dist-packages/wfuzz/facade.py", line 65
    class Facade(metaclass=Singleton):
                          ^
SyntaxError: invalid syntax

The tools that are being added can we also add from which user we will be adding the tool.
as the same tool exists with multiple users.

I have issues in the building because of issues on
CloudFlair
No matching distribution found for censys==2.0.9

and
droopescan

It will be great if docker Includes the famous Metasploit framework as well?
What are your thoughts @AlexisAhmed ?

Joomscan must be executed manually from the toolkit directory. Use the following commands.

perl joomscan.pl

Why not use the kali rolling or Parrot OS base image?

While using the docker image:

DIRB v2.22
By The Dark Raver
START_TIME: Sun Jul 5 15:25:26 2020
URL_BASE: https://www.hackersploit.org/
WORDLIST_FILES: /root/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt

*** Generating Wordlist...

bb97695 removes "$@" in the bootloader joomscan script which no longer passes arguments to the called perl script.

https://github.com/assetnote/commonspeak2-wordlists

Adding a feature request to build a CI/CD pipeline for dockerfile building. This will alleviate the issue of pull requests breaking the build status by providing feedback in the request on whether or not it built.

while running on nmap or something it takes time and we can use tmux to switch between the terminal easily.

I am not able to use wordlists with tools such gobuster,dirb or any other tool which requires the use of it.
For instance when I tried trying to using it with dirb,it gets stuck at * Generating Wordlist...

dirb http://192.168.43.27 ~/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt

DIRB v2.22
By The Dark Raver

START_TIME: Sun Jul 5 13:22:52 2020
URL_BASE: http://192.168.43.27/
WORDLIST_FILES: /root/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt

^C* Generating Wordlist...

Add more tools like:

gau
ffuf
john
hashcat
waybackurls
kxss
httprobe
httpx
gf
nuclei
dalfox
fping
metasploit
qsreplace
impacket
gitgrabber
xsshunter
gdb

I suggest you to add the tool 'httpx' from ProjectDiscovery.

Github url: https://github.com/projectdiscovery/httpx

Fetched 43.2 MB in 13s (3321 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 28381 files and directories currently installed.)
Preparing to unpack .../libc6-dev_2.27-3ubuntu1.2_amd64.deb ...
Unpacking libc6-dev:amd64 (2.27-3ubuntu1.2) over (2.27-3ubuntu1) ...
Preparing to unpack .../libc-dev-bin_2.27-3ubuntu1.2_amd64.deb ...
Unpacking libc-dev-bin (2.27-3ubuntu1.2) over (2.27-3ubuntu1) ...
Preparing to unpack .../linux-libc-dev_4.15.0-111.112_amd64.deb ...
Unpacking linux-libc-dev:amd64 (4.15.0-111.112) over (4.15.0-106.107) ...
Preparing to unpack .../libc6_2.27-3ubuntu1.2_amd64.deb ...
Unpacking libc6:amd64 (2.27-3ubuntu1.2) over (2.27-3ubuntu1) ...
Setting up libc6:amd64 (2.27-3ubuntu1.2) ...
(Reading database ... 28381 files and directories currently installed.)
Preparing to unpack .../libc-bin_2.27-3ubuntu1.2_amd64.deb ...
Unpacking libc-bin (2.27-3ubuntu1.2) over (2.27-3ubuntu1) ...
Setting up libc-bin (2.27-3ubuntu1.2) ...
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
dpkg: error processing package libc-bin (--configure):
installed libc-bin package post-installation script subprocess returned error exit status 139
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@43e421ca836b:~/toolkit#

XSRFProbe is a really solid tool to perform xsrf exploits and perl is used by a few tools that I am know of !!!

#perl
RUN cd ${HOME}/ && \
    curl -O https://www.cpan.org/src/5.0/perl-5.32.0.tar.gz && \
    tar -xzf perl-5.32.0.tar.gz && \
    rm perl-5.32.0.tar.gz && \
    cd perl-5.32.0 && \
    ./Configure -de

# XSRFProbe
RUN cd ${HOME}/toolkit && \
    git clone https://github.com/0xInfection/XSRFProbe.git && \
    cd XSRFProbe && \
    python3 setup.py install