Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)
In the last part. I introduced the core components, In this part, we will dig deeper into syntax and its usage. If you have not read the previous part I recommend reading it.
Settings / Global Variables
In the above script variables under Important File Paths are global variables, similar to env variables of bash script but with reduced constraints. These variables can directly be used with commands. When this Script is First parsed. It will extract all global variables and parse settings from them. Following Script Options are considered as settings and can be given as parameters to binary or declared in the script itself
@pname = Project Name / Directory Name Where data is saved
@purge = Use/ Purge Cached Output of Command (default : false)
@cachedir = CacheDIR (Default: os.TempDir())
@disablenotify = Disable All Alerts / Notifications (default: false)
@notifytitile = Discord Message Header
@limit = Max Concurrent Executions of CommandsThese variables are considered as settings
Notifications
Talosplus only supports discord notifications, and maybe others in the future. Discord webhook token and id can be passed as parameters to binary or from actual environment variables. I usually save them in .bashrc
DISCORD_WID, DISCORD_WTOKEN = Discord ID and TokenWhile parsing script comment above the command is considered to be associated to that command and in output comments are used
Using Variables —
Variables names used in commands are replaced before the command is executed and also check for static errors if the variable was declared etc. If the variable is declared but not used command is skipped and so are its derivatives
//Passive Amass Scan
amass enum -df @inscopefile -blf @outscopefile -config @amasspassive -o @outfile #as:@passivesubs{unique}Before actual command is executed these variables @inscopefile,@outscopefile,@amasspassive,@outfile etc are replaced with its values. If any value is not found / empty command is skipped# Special Case
@outfile = This is a special variable , lot of commands save their actual data to a file and their terminal output contains banners etc and stuff . In such cases when @outfile is used a temporary file is created and Content of that file is considered as output instead of the actual terminal output.@tempfile = Create a temporary file and use filepath as its value
Variable Operations —
Some Operations Can be performed on variables these are specified in {} right next to variable ex: @passivesubs{unique} . Below are currently available operations. These variables can also be shared by multiple commands for input/output and are thread-safe.
@passivesubs{file} = Instead of using this string, value of this variable is saved to a file and filepath is passed .@passivesubs{!file} = Same as above but file can be empty@passivesubs{add} = Data is appended to this variable edges are trimmed@passivesubs{unique} = Data is appended to this variable but has unique lines
Directives —
These are the actual core of talosplus and provide amazing features. these directives are omitted before the command is executed and can be written anywhere. It’s good practice to use these directives at the end of the command.
- #dir
#dir is directive with syntax #dir:/path/to/folder . When used run this command in that directory instead of the current directory. We usually don’t add tools downloaded from GitHub especially python tools to PATH due to obvious reasons in such cases this directive is most helpful.
// list all files in logs
ls -la #dir:/var/log2. #notify
#notify is a directive that uses the output of the command along with the message specified and sends it to configured discord channel. It also reports if the command failed. Notification is not sent if the command did not yield any output. Its syntax is #notify{Text Message} .
// notify
//Check For Subdomain Takeover If in Scope
subjack -w @allsubs{file} -t 100 -timeout 30 -o @outfile -ssl #notify{Found Possible Domains Vulnerable to Subdomain Takeover :}3. #notifylen
#notifylen is similar to #notify with one major difference instead of sending the output of the command it sends the length of the array. It’s Syntax is #notifylen{Text Message}
// notifylen
//Subdomins Hosting Web Services API,Web Page etc
httpx-pd -silent -t 100 -retries 2 #from:@filtered #as:@webraw #notifylen{Total Subdomains With Web Services :}// This will send a notification similar to
Total Subdomains With Web Services : 60
4. #from
#from is directive with syntax #from:@somevar . When a command has this directive it takes input from @somevar and uses its value as stdin for the command
//Resolve All Passive Found Subdomains
rusolver -r @resolvers -i #from:@allsubs #as:@resolvedHere value present in @allsubs is used as stdin.
5.#as
#as is directive with syntax #as:@resolved . When a command has this directive it exports the output of the command to buffer as @resolved. All operations related to these buffers/variables are thread-safe.
//Resolve All Passive Found Subdomains
rusolver -r @resolvers -i #from:@allsubs #as:@resolvedHere output of this command is saved to @resolved variable.
6. #for
#for is directive with syntax #for:@array:@localvar This is similar to for-each loop in java etc. @localvar is limited to only command. If the value of @array is empty then the command is skipped. @array is a string and is split over newline
// DNS BruteForce using PureDNS
puredns bruteforce @dnsmicro -r @resolvers -w @outfile @z #for:@rootsubs:@z #as:@activesubs{unique}Here for each subdomain of @rootsubs . A new command is launched .
This concludes how to write and use specific syntax. the next and final part will describe how to run any script, Setup, and Usage.
