HunterBounter is a groundbreaking initiative that stands at the forefront of open-source cybersecurity tools. Developed by and for cybersecurity researchers, and supported by Hoffmann.nl, HunterBounter is designed to simplify the complexities of penetration testing and bug bounty hunting. It does so by providing a low-resource-consuming, multi-scanning architecture that consolidates scan results into a central control system.
HunterBounter leverages multiple Docker machines to run automated vulnerability scanning tools, gathering their outputs into a main source for ease of analysis and management.
The architecture consists of multiple Docker containers, each running automated vulnerability scanning tools. The outputs from these containers are collected and parsed by a central software developed on the main machine. This central software enhances the presentation of the scan results by organizing details such as Severity, Description, Asset/Domain, Remediation, and HTTP Request into a more visual and user-friendly format.
- Low Resource Utilization: Optimized to run on systems with limited RAM and CPU resources.
- Automated Scanning: Conducts multiple automated scans across different Docker containers, efficiently managing system resources.
- Centralized Control System: Aggregates and parses outputs from various scanning tools into a single, accessible point.
- Enhanced Output Presentation: Transforms raw scan data into a comprehensive and easily understandable format.
- CLI and API Management: Supports command-line interface operations and API communications for tool management and automation.
- VPN Network Integration: Includes a solution to IP banning issues by changing IPs at configurable intervals through a central VPN network, supporting both commercial VPN products and cloud-hosted VPN connections.
- Target Management: Allows for bulk addition of targets, auto-segregates protocols such as HTTP and HTTPS, and classifies IPs for network testing.
Installation :
Coming soon..
Usage
Command-Line Operations: Use the CLI to initiate scans, manage Docker containers, and customize scan parameters.
User-Friendly Web Interface: Utilize the web interface to launch scans, manage scope, and integrate tools seamlessly.
API Communications: Utilize the provided API endpoints for external tool integrations and management functionalities.
Adding Targets: Targets can be added in bulk through the interface, automatically sorting them based on protocol and purpose.
The central software organizes scan outputs, allowing users to filter results by severity, vulnerability name, etc. It also offers functionalities to mark false positives or mark findings as completed to avoid repetitive analyses.
The tool integrates a configurable VPN network to avoid IP bans. Users can set IP change intervals to ensure uninterrupted scanning activities.
It supports the integration of commercial VPN APIs and the definition of cloud-hosted VPN connections, providing flexibility in VPN configuration.
- Acunetix
- Zap Proxy
- OpenVAS
- Nmap
- Nikto
- Sslscan
- Nuclei
- WPScan
