Saturday Morning Bugs
1 min readJan 29, 2022
A really short guide to bug bounty enumeration
So lets find a large group of potentially vulnerable assets that we can investigate later for bug bounty submissions. We build a large list that I can spend the next week investigating.
First we setup a tunnel through GCloud:
gcloud init
gcloud compute instances create --zone us-west1-a tunnel
gcloud compute ssh --zone us-west1-a tunnel -- -N -p 22 -D localhost:9999
Then we setup burp to go through the tunnel, in user options:
We then do a shodan search for springboot:
http.favicon.hash:116323821
Now for some bash-fu:
shodan parse — fields ip_str,port — separator : springboot.json.gz | sed ‘s|^|https://|g' | tee springboot_urls.txtffuf -w springboot_urls.txt -u FUZZ/env -mc 200 -x http://127.0.0.1:8080
We then look through Burp’s logger and see if there’s anything to report. Will this work? Possibly Is this worth the ten minutes of setup time? Maybe