From 3e48aaabe9ef06ed3a22ca55b7942bf891fa30ed Mon Sep 17 00:00:00 2001 From: sinX Date: Sun, 9 Nov 2025 21:51:31 -0500 Subject: [PATCH] Upload files to "/" # Bug Hunter TUI A comprehensive bug bounty hunting tool with a Text User Interface (TUI) built with Python and Textual. ## Features - **Subdomain Enumeration**: Discover subdomains using DNS queries - **Port Scanning**: Identify open ports and running services - **Directory Bruteforcing**: Find hidden directories and files on web servers - **URL Parameter Fuzzing**: Test URL parameters for vulnerabilities ## Installation 1. Install dependencies: ```bash pip install -r requirements.txt ``` 2. Setup the environment: ```bash python bughunter.py --setup ``` ## Usage ### Launch the TUI ```bash python bughunter.py ``` ### Interface The TUI is divided into 4 panels, one for each scanner: - **Subdomain Scanner**: Enter a domain (e.g., `example.com`) - **Port Scanner**: Enter an IP or domain (e.g., `192.168.1.1` or `example.com`) - **Directory Bruteforce**: Enter a URL (e.g., `http://example.com`) - **URL Fuzzer**: Enter a URL with parameters (e.g., `http://example.com/page?id=1`) ### Keyboard Shortcuts - `q` - Quit the application - `c` - Clear all logs ### Scanner Controls Each scanner panel has three buttons: - **Start Scan** - Begin scanning the target - **Stop** - Stop the current scan - **Clear** - Clear the log output ## Configuration Configuration is stored in `~/.bughunter/config.json`. You can customize: - Timeout values - Concurrent request limits - Default wordlists - File extensions for directory bruteforcing ## Wordlists Custom wordlists can be placed in `~/.bughunter/wordlists/`: - `subdomains.txt` - Subdomain wordlist - `directories.txt` - Directory/file wordlist ## Security Notice This tool is intended for authorized security testing only. Always ensure you have permission before scanning any target. Unauthorized scanning may be illegal. ## Requirements - Python 3.8+ - textual - httpx - dnspython - rich ## License MIT License ## Disclaimer Use this tool responsibly and only on systems you have permission to test. The authors are not responsible for misuse of this tool. --- BUGHUNTER-README.md | 84 +++++++++++++++++++++++++++++++++ bughunter.py | 112 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 BUGHUNTER-README.md create mode 100644 bughunter.py diff --git a/BUGHUNTER-README.md b/BUGHUNTER-README.md new file mode 100644 index 0000000..458d8f4 --- /dev/null +++ b/BUGHUNTER-README.md @@ -0,0 +1,84 @@ +# Bug Hunter TUI + +A comprehensive bug bounty hunting tool with a Text User Interface (TUI) built with Python and Textual. + +## Features + +- **Subdomain Enumeration**: Discover subdomains using DNS queries +- **Port Scanning**: Identify open ports and running services +- **Directory Bruteforcing**: Find hidden directories and files on web servers +- **URL Parameter Fuzzing**: Test URL parameters for vulnerabilities + +## Installation + +1. Install dependencies: +```bash +pip install -r requirements.txt +``` + +2. Setup the environment: +```bash +python bughunter.py --setup +``` + +## Usage + +### Launch the TUI + +```bash +python bughunter.py +``` + +### Interface + +The TUI is divided into 4 panels, one for each scanner: +- **Subdomain Scanner**: Enter a domain (e.g., `example.com`) +- **Port Scanner**: Enter an IP or domain (e.g., `192.168.1.1` or `example.com`) +- **Directory Bruteforce**: Enter a URL (e.g., `http://example.com`) +- **URL Fuzzer**: Enter a URL with parameters (e.g., `http://example.com/page?id=1`) + +### Keyboard Shortcuts + +- `q` - Quit the application +- `c` - Clear all logs + +### Scanner Controls + +Each scanner panel has three buttons: +- **Start Scan** - Begin scanning the target +- **Stop** - Stop the current scan +- **Clear** - Clear the log output + +## Configuration + +Configuration is stored in `~/.bughunter/config.json`. You can customize: +- Timeout values +- Concurrent request limits +- Default wordlists +- File extensions for directory bruteforcing + +## Wordlists + +Custom wordlists can be placed in `~/.bughunter/wordlists/`: +- `subdomains.txt` - Subdomain wordlist +- `directories.txt` - Directory/file wordlist + +## Security Notice + +This tool is intended for authorized security testing only. Always ensure you have permission before scanning any target. Unauthorized scanning may be illegal. + +## Requirements + +- Python 3.8+ +- textual +- httpx +- dnspython +- rich + +## License + +MIT License + +## Disclaimer + +Use this tool responsibly and only on systems you have permission to test. The authors are not responsible for misuse of this tool. diff --git a/bughunter.py b/bughunter.py new file mode 100644 index 0000000..35b5668 --- /dev/null +++ b/bughunter.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python3 +""" +Bug Hunter TUI - Multi-Purpose Security Testing Tool +A comprehensive bug bounty hunting tool with Text User Interface + +Features: +- Subdomain enumeration +- Port scanning +- Directory bruteforcing +- URL parameter fuzzing + +Author: Bug Hunter +""" + +import sys +import argparse +from ui import run +from config import Config, WordlistManager + + +def main(): + """Main entry point for Bug Hunter.""" + parser = argparse.ArgumentParser( + description="Bug Hunter TUI - Multi-Purpose Security Testing Tool", + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=""" +Examples: + bughunter.py # Launch TUI interface + bughunter.py --setup # Setup configuration and wordlists + +For more information, visit: https://github.com/yourusername/bughunter + """ + ) + + parser.add_argument( + '--setup', + action='store_true', + help='Setup configuration directory and default files' + ) + + parser.add_argument( + '--config', + type=str, + help='Path to custom configuration file' + ) + + parser.add_argument( + '--version', + action='version', + version='Bug Hunter TUI v2.0.0 - Advanced Security Scanner' + ) + + args = parser.parse_args() + + if args.setup: + setup_environment() + return + + # Initialize configuration + config = Config(args.config) + + # Run the TUI + try: + run() + except KeyboardInterrupt: + print("\n[!] Interrupted by user") + sys.exit(0) + except Exception as e: + print(f"[!] Error: {e}") + sys.exit(1) + + +def setup_environment(): + """Setup the Bug Hunter environment.""" + print("[*] Setting up Bug Hunter environment...") + + # Initialize config + config = Config() + print(f"[+] Configuration directory: {config.config_dir}") + print(f"[+] Configuration file: {config.config_file}") + + # Initialize wordlist manager + wordlist_manager = WordlistManager() + print(f"[+] Wordlist directory: {wordlist_manager.wordlist_dir}") + + # Create sample wordlists + print("[*] Creating default wordlists...") + + # Subdomain wordlist + subdomains = [ + "www", "mail", "ftp", "admin", "blog", "shop", "api", "dev", "test", + "staging", "portal", "dashboard", "cpanel", "webmail", "secure", "vpn" + ] + wordlist_manager.save_wordlist("subdomains.txt", subdomains) + print("[+] Created: subdomains.txt") + + # Directory wordlist + directories = [ + "admin", "login", "dashboard", "api", "backup", "config", "uploads", + "files", "images", "assets", "static", "public", "private", "data" + ] + wordlist_manager.save_wordlist("directories.txt", directories) + print("[+] Created: directories.txt") + + print("\n[+] Setup complete!") + print(f"\nConfiguration location: {config.config_file}") + print(f"Wordlists location: {wordlist_manager.wordlist_dir}") + print("\nYou can now run 'python bughunter.py' to start the TUI") + + +if __name__ == "__main__": + main()