Name: bbrf-client
Brand: bbrf-client
SKU: //honoki/bbrf-client
Rating: 2.215 (186 reviews)

honoki/ bbrf-client

Python

Need help with bbrf-client?

Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

honoki

186 Stars

31 Forks

MIT License

55 Commits

6 Opened issues

Description

The client component of the Bug Bounty Reconnaissance Framework (BBRF)

Services available

Need anything else?

Contributors list

plenumlab plenumlab

# 63,712

Shell

Java

HTML

12 commits

Pieter honoki

# 367,371

Scala

Shell

10 commits

renniepak renniepak

# 598,067

HTML

2 commits

Readme

Introduction

The client component of the Bug Bounty Reconnaissance Framework (BBRF) is intended to facilitate the workflows of security researchers across multiple devices.

Read the blog post: https://honoki.net/2020/10/08/introducing-bbrf-yet-another-bug-bounty-reconnaissance-framework/

The primary function of the client is providing easy access to information that is stored in a centralized BBRF document store. For example, to quickly create and initialize a new program with a couple of domains, you can try:

# create a new program
~# bbrf new vzm
~# bbrf inscope add '*.yahoo.com' '*.yahoo.be'
~# bbrf domain add www.yahoo.com www.yahoo.be

To add a list of ips from a file or other program, you can pipe into

bbrf

~# bbrf use vzm
~# cat ips.txt | bbrf ip add -

Now, to list all known domains belonging to the active program:

~# bbrf domains

Documentation

Install the BBRF server - ensure you have a BBRF server running before making use of the client;
AWS Lambda - for more advanced use cases, deploy a BBRF client to AWS Lambda to integrate with BBRF agents and other lambdas;
Usage - view a number of more advanced examples, and learn how to set up a listener.

Installation

~# pip install bbrf
~# bbrf --version

Configuration

To start using the command line interface, you need to create the config file

~/.bbrf/config.json

with the following contents:

{
    "username": "bbrf",
    "password": "",
    "couchdb": "https://:6984/bbrf",
    "slack_token": ""
}

Now you're ready to use BBRF from your command line:

~# bbrf programs

Python module

To use BBRF in your Python projects, use the interface as follows:

from bbrf.bbrf import BBRFClient as bbrf

this will use the system's default ~/.bbrf/config.json file:
programs = bbrf('programs').run()
to specify a custom configuration, provide a second argument:
conf = {
    "username": "bbrf",
    "password": "",
    "couchdb": "https://:6984/bbrf",
    "slack_token": ""
}

domains = bbrf('domains --view resolved', conf).run()

Dashboard

If you like browsing through your recon data with a GUI, you can make use of the bbrf dashboard on https://bbrf.me. Just plug in your server URL, username and password, and the dashboard will pull your data and make it searchable. Note that all communication to the server happens via your browser, so your data remains safe!