forked from murad0x69/run
-
Notifications
You must be signed in to change notification settings - Fork 0
99 lines (85 loc) · 3.64 KB
/
Copy pathcopilot.yml
File metadata and controls
99 lines (85 loc) · 3.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: Copilot
on:
schedule:
- cron: '0 */7 * * *' # Runs every 7 hours
workflow_dispatch: # Allows manual triggering
env:
OUTPUT_DIR: 'bounty-results'
TARGETS_URL: 'https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/main/data/wildcards.txt'
THREADS: 333
GO111MODULE: on
GOPATH: /home/runner/go
jobs:
bug-hunting:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Install Core Dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-pip wget git golang-go chromium-browser
- name: Install Go Tools
run: |
# Install required Go tools
go install -v github.com/tomnomnom/anew@latest
go install -v github.com/tomnomnom/gf@latest
go install -v github.com/owasp-amass/amass/v3/...@latest
go install -v github.com/tomnomnom/assetfinder@latest
go install -v github.com/lc/gau/v2/cmd/gau@latest
go install -v github.com/tomnomnom/waybackurls@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go get github.com/Emoe/kxss
go install -v github.com/haccer/subjack@latest
go install -v github.com/tomnomnom/qsreplace@latest
go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest
go install -v github.com/hahwul/dalfox/v2@latest
go install -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz@latest
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
# Add Go binaries to PATH
echo "${GOPATH}/bin" >> $GITHUB_PATH
- name: Install and Setup WebCopilot
run: |
git clone https://github.com/h4r5h1t/webcopilot
cd webcopilot/
chmod +x webcopilot install.sh
sudo mv webcopilot /usr/bin/
sudo ./install.sh
- name: Select Random Target
id: target
run: |
wget -q ${{ env.TARGETS_URL }} -O wildcards.txt
TARGET=$(shuf -n 1 wildcards.txt | sed 's/^\*\.//')
echo "target=$TARGET" >> $GITHUB_OUTPUT
# Notification
START_MSG="🎯 Starting Bug Bounty Scan%0A%0ATarget: $TARGET%0ATime: $(date '+%Y-%m-%d %H:%M:%S UTC')"
curl -s "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
-d "text=$START_MSG" \
-d "parse_mode=HTML"
- name: Run WebCopilot Scan
run: |
webcopilot -d ${{ steps.target.outputs.target }} \
-o ${{ env.OUTPUT_DIR }} \
-t ${{ env.THREADS }} \
-b ${{ secrets.BXSS_CALLBACK_URL }} \
-a
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: bug-bounty-results
path: ${{ env.OUTPUT_DIR }}
- name: Send Report
if: always()
run: |
FINDINGS=$(find ${{ env.OUTPUT_DIR }} -type f -exec wc -l {} \; | awk '{total += $1} END {print total}')
COMPLETE_MSG="✅ Bug Bounty Scan Complete%0A%0ATarget: ${{ steps.target.outputs.target }}%0ATotal Findings: $FINDINGS%0ATime: $(date '+%Y-%m-%d %H:%M:%S UTC')"
curl -s "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
-d "text=$COMPLETE_MSG" \
-d "parse_mode=HTML"