Various fields of society are increasingly embracing the famous AI tool, and information security is no exception. Top-tier security researchers are actively adopting ChatGPT for Bug Bounty as well. In this article, we’ll delve into the most common prompts that researchers frequently use ChatGPT for.
One of the primary applications of ChatGPT for Bug Bounty is tool automation. Even though the v4 version of this AI Tool’s knowledge extends only until 2022, it has enough capability to assist in constructing an automation framework.
Prompt: Let's combine amass, subfinder and puredns bruteforce for subdomain enumeration into one bash script. Make it run hourly for cron.
ChatGPT answer:
To combine amass, subfinder, and puredns for subdomain enumeration into one bash script and run it hourly via cron, you’ll need to do the following:
Here’s how you could structure your script and cron job:
Step 1: The Bash Script
First, create a new bash script. Let’s call it subdomain_enum.sh. Make sure to replace yourdomain.com with the domain you’re researching, and provide paths to your wordlists or other required files.
#!/bin/bash# Specify the domain for enumeration
DOMAIN="yourdomain.com"
# Create a timestamp
TIMESTAMP=$(date +"%Y%m%d%H%M")
# Specify the location where you want to store the results
OUTPUT_DIR="/path/to/your/output/directory/${DOMAIN}_${TIMESTAMP}"
mkdir -p "${OUTPUT_DIR}"
# Run amass
echo "Running amass…"
amass enum -d $DOMAIN -o "${OUTPUT_DIR}/amass.txt"
# Run subfinder
echo "Running subfinder…"
subfinder -d $DOMAIN -o "${OUTPUT_DIR}/subfinder.txt"
# Combine results for bruteforcing
cat "${OUTPUT_DIR}/amass.txt" "${OUTPUT_DIR}/subfinder.txt" | sort -u > "${OUTPUT_DIR}/combined.txt"
# Run puredns bruteforce
echo "Running puredns bruteforce…"
puredns bruteforce "/path/to/your/wordlist.txt" $DOMAIN -w "${OUTPUT_DIR}/puredns.txt" -r "/path/to/resolvers.txt"
# Combine all results
cat "${OUTPUT_DIR}/amass.txt" "${OUTPUT_DIR}/subfinder.txt" "${OUTPUT_DIR}/puredns.txt" | sort -u > "${OUTPUT_DIR}/all_subdomains.txt"
echo "Subdomain enumeration completed."
Make this script executable:
chmod +x subdomain_enum.sh
Step 2: Setup Cron Job
Open your crontab file:
crontab -e
Add the following line to run this script at the start of every hour:
0 * * * * /path/to/your/script/subdomain_enum.sh
Make sure to replace /path/to/your/script/ with the actual path to subdomain_enum.sh.
Save and exit the crontab file. The cron job will now run your script at the start of every hour, and the results will be saved to the specified output directory with a timestamp.
Note: Ensure that all the tools are correctly installed and that paths in the script are correct for your environment. Also, the user running the cron job must have the necessary permissions to execute these tools and write to the specified directories. Check your system’s logs to troubleshoot any issues with the cron job.
Conclusion:
As you can see, leveraging ChatGPT for Bug Bounty automation could save you a lot of hassle in advance. By providing intelligent insights, it helps you to focus more on other important tasks.
ChatGPT can also assist you in creating unique wordlists for asset discovery or vulnerability detection. Let’s explore some interesting prompts that could fulfill this purpose:
Give me a list of 25 config files, without quotes and explanations.
Give me a list of 10 most common backup file names, without quotes and explanations.
Give me a list of 10 XSS payloads for parameter fuzzing, without quotes and explanations. Do not use alert and confirm functions!
Conclusion:
Leveraging ChatGPT’s capabilities to generate ideas for cybersecurity wordlists offers a innovative approach to asset discovery and vulnerability detection. Essential thing to mention that new endpoints are continually introduced in the wild, and the AI’s dataset only includes wordlists up to 2022. Despite these limitations, it still plays a crucial role in forging a strong base from which you can create your unique wordlists.
Another use case of ChatGPT for Bug Bounty is generating templates. It just another time saver, which could also help to explain impact. In this example, we will generate the PoC report for Stored XSS vulnerability.
Prompt: I have found a stored XSS vulnerability in the “name” POST parameter. Create me a Template for bug bounty report with "summary", "steps to reproduce" and "impact" sections.
ChatGPT helps researchers in many ways, from creating bug bounty tools automation to forming base wordlists and writing detailed reports on security issues for the programs. It doesn’t replace hands-on tasks completely, but it’s a beneficial complement to daily bug bounty journey.
If you have liked this story, smash that clap button 50 times and add your own insights in the comments down below. You could also subscribe to not miss any stories like this. I am active on Twitter, feel free to contact me if you want to collab. Also, I have my own blog, where you could find some articles well ahead of time! Cheers!