Automation And Django Debug
Today i am Going Cover how Automation helps in Bug Bounty. And How i approach to this And Second Topic Will Be Django Debug=True
Open S3 Bucket With All Permission
Always Check JavaScript Files for hardcoded credentials , api Keys , api endpoints and for S3-buckets Also. But there Are two many files and we dont have time so what to do.
we have Some Cool Tools To Automate this Process
getJS To Download All JavaScript Files.
Gf is a wrapper Around Grep and made by legend https://github.com/tomnomnom
js-beautify tool to beautify the Javascript Code
bash Function
JShunter(){
getJS — input domains.txt — complete — resolve | xargs wget
for file in $(ls);do js-beautify $file | anew jsfiles/$file;done
cd jsfiles
for file in $(ls);do cat $file | gf s3-buckets | anew ../Secrects/buckets.txt
}
This is how i extract S3 Buckets , Secrect keys from JS Files and send them on my Discord Server using notify tools
cat Secrects/$file.txt | notify -silent
people Who Dont know about notify can refer this
After Finding The buckets you can Check Permissions by AWS CLI
aws s3 ls s3://target-bucket || aws s3 cp payload.txt s3://target-bucket
Django Debug
Django Debug=True is use in Development for debug the Errors. if developers forget to turn off or to make it False it will be nightmare to the Company
By Generating the 504 Internal Server Error . server thorws the All Env Variable at Error Page . So how to Generate this Error
make PUT requests at /admin api Server will Throw the 504 Page In Response
Thank you for reading this.