Notify
Project Discovery has released another great tool. Notify can send messages to Slack, Discord, or Telegram, which is useful during the reconnaissance phase of a penetration test or bug bounty.
I’ve set it up with Slack to get notifications from Jaeles or Nuclei scans, but it can be used for anything.
The first step is to create a new Slack app:
The second is Activate Incoming Webhooks, from the Features page:
Then to add a New Webhook, during the setup you can choose which channel the App posts to:
After copying the Webhook URL and taking note of the App Name and the Channel you’ve chosen:
Then grab Notify from the projectdiscovery github page:
GO111MODULE=on go get -u -v github.com/projectdiscovery/notify/cmd/notify
Running notify the first time will write a configuration file to :
~/.config/notify/notify.conf
Edit the configuration file and paste the WebHook URL to slack_webhook_url
Paste the App name to slack_username
Paste the Channel name to slack_channel
You can test the configuration using:
Echo TEST | notify
Which should send TEST to the relevant channel
After this we can setup scans or enumeration scripts and have the output sent to the slack channel:
cat urls | nuclei -t ~/nuclei-templates/fuzzing | notify
cat urls | xargs -I@ ~/go/bin/jaeles scan -c 100 -s ~/jaeles-signatures/ -u @ | notify
echo example.com | subfinder | notify
I have written up an example of using cloud services for Recon and Notify has been helpful in certain circumstances:
https://medium.com/@sherwyn.moodley/building-a-bug-bounty-box-in-aws-dcc691417833