• This repository has been archived on 26/Apr/2019
  • Stars
    star
    298
  • Rank 139,663 (Top 3 %)
  • Language
    Shell
  • License
    MIT License
  • Created almost 7 years ago
  • Updated about 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

meg+ [Deprecated]

Automated reconnaissance wrapper — TomNomNom's meg on steroids.

Built by TomNomNom and EdOverflow.

About

This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+ also allows you to scan all your in-scope targets on HackerOne in one go — it simply retrieves them using a GraphQL query.

Watch TomNomNom's talk to learn more about his reconnaissance methodology:

Installation

You will need Golang, Python 2 or 3, and PHP 7.0 to use all the features provided by this tool. On top of that, make sure to install meg, waybackurls, Sublist3r, and gio.

git clone https://github.com/EdOverflow/megplus.git
cd megplus
go get github.com/tomnomnom/meg
go get github.com/tomnomnom/waybackurls
git clone https://github.com/aboul3la/Sublist3r.git
# See https://github.com/aboul3la/Sublist3r#dependencies

If you do not want to use gio or do not have gio on your machine, just comment out all the lines that have gio in them! Make sure to also remove the error message located here: https://github.com/EdOverflow/megplus/blob/master/megplus.sh#L65-L68.

Usage

You can either scan a list of hosts or use your HackerOne X-Auth-Token token to scan all the bug bounty programs that you participate in.

$ ./megplus.sh
1) Usage - target list of domains:        ./megplus.sh <list of domains>
2) Usage - target all HackerOne programs: ./megplus.sh -x <H1 X-Auth-Token>
3) Usage - run sublist3r first:           ./megplus.sh -s <single host>

1) Example: ./megplus.sh domains
2) Example: ./megplus.sh -x XXXXXXXXXXXXXXXX
3) Example: ./megplus.sh -s example.com

Usage - Docker 🐋

If you don't feel like installing all the dependencies mentioned above, you can simply run the abhartiya/tools_megplus Docker container, where test.txt is a sample file containing the URLs to test against. In your case, this will be the file containing the URLs you want to test:

docker run -v $(pwd):/megplus abhartiya/tools_megplus test.txt

The command will run the abhartiya/tools_megplus Docker image as a container and mount the pwd onto the container as a volume (at /megplus), which makes the test.txt file available to the container. Once megplus finishes running, the out directory will be created in pwd with all the results.

Scanner

meg+ will scan for the following things:

  • Sudomains using Sublist3r;
  • Configuration files;
  • Interesting strings;
  • Open redirects;
  • CRLF injection;
  • CORS misconfigurations;
  • Path-based XSS;
  • (Sub)domain takeovers.

Contributing

I welcome contributions from the public.

Using the issue tracker 💡

The issue tracker is the preferred channel for bug reports and features requests.

Issues and labels 🏷

The bug tracker utilizes several labels to help organize and identify issues.

Guidelines for bug reports 🐛

Use the GitHub issue search — check if the issue has already been reported.

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this tool.

More Repositories

1

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.
5,775
star
2

can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Python
4,823
star
3

bugbountyguide

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
HTML
453
star
4

contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.
Shell
252
star
5

bugbountywiki

The Bug Bounty Wiki
167
star
6

proof-of-concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
HTML
162
star
7

bug-bounty-responses

A collection of response templates for invalid bug bounty reports.
80
star
8

hacks

Some random scripts. Just trying to be like the cool kids.
Shell
79
star
9

legal-bug-bounty

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
64
star
10

smith

Simple wrapper for meg that sieves through meg's output for you.
Shell
60
star
11

security-template

A static website template for security pages.
HTML
49
star
12

curate

A tool for fetching archived URLs (to be rewritten in Go).
Shell
39
star
13

h1-cli

A CLI tool to interact with hackerone.com. This was my submission for HackerOne's Summer 2018 Hack Day.
Shell
33
star
14

security-policy-specification-standard

This document proposes a way of standardising the structure, language, and grammar used in security policies.
25
star
15

hunter

Guidelines for writing secure code for Python developers.
18
star
16

cryptojourney-content

Learn the basics of cryptography throughout history.
18
star
17

bounty-formula

A formula to calculate bounty amounts.
HTML
12
star
18

propaganda

Generate a personal Jekyll website using your Bibtex references.
CSS
10
star
19

hackerone-security-policy

This is the security policy for https://hackerone.com/ed.
5
star
20

bounty-pls

A Chrome extension that spices up those #togetherwehitharder tweets.
JavaScript
5
star
21

edoverflow

2
star
22

slides

Slides from my past talks.
2
star
23

.gitignore

🤔
1
star