Automation And Django Debug

Today i am Going Cover how Automation helps in Bug Bounty. And How i approach to this And Second Topic Will Be Django Debug=True

Open S3 Bucket With All Permission

Always Check JavaScript Files for hardcoded credentials , api Keys , api endpoints and for S3-buckets Also. But there Are two many files and we dont have time so what to do.

we have Some Cool Tools To Automate this Process

GitHub - 003random/getJS: A tool to fastly get all javascript sources/files

getJS To Download All JavaScript Files.

GitHub - tomnomnom/gf: A wrapper around grep, to help you grep for things

Gf is a wrapper Around Grep and made by legend https://github.com/tomnomnom

js-beautify tool to beautify the Javascript Code

bash Function

JShunter(){

getJS — input domains.txt — complete — resolve | xargs wget

for file in $(ls);do js-beautify $file | anew jsfiles/$file;done

cd jsfiles

for file in $(ls);do cat $file | gf s3-buckets | anew ../Secrects/buckets.txt

}

This is how i extract S3 Buckets , Secrect keys from JS Files and send them on my Discord Server using notify tools

cat Secrects/$file.txt | notify -silent

people Who Dont know about notify can refer this

Notification system for your Bug Bounty Automation

After Finding The buckets you can Check Permissions by AWS CLI

aws s3 ls s3://target-bucket || aws s3 cp payload.txt s3://target-bucket

Django Debug

Django Debug=True is use in Development for debug the Errors. if developers forget to turn off or to make it False it will be nightmare to the Company

By Generating the 504 Internal Server Error . server thorws the All Env Variable at Error Page . So how to Generate this Error

make PUT requests at /admin api Server will Throw the 504 Page In Response

Thank you for reading this.