Telegram BBBot - Telegram Bug Bounty Bot


Telegram Bug Bounty Bot
https://telegram.me/bug_bounty_channel

History
  • This bot adopted special for deploying to Heroku
  • General purposes of this got - "Be helpful for infosec community!"
  • Bot use https://github.com/maddevsio/bbcrawler for fetching information
  • Used heroku https://github.com/heroku/go-getting-started as a template for project
  • For bot used free account on heroku.com and firebase.com

Purpose
  • Purposes of bot:
    • "Deliver information as fast as possible!"
    • "Be helpful for infosec community"

Architecture
  • For web server used GIN
    • github.com/gin-gonic/gin
  • For Bot functionality used telegram-bot-api.v4
    • gopkg.in/telegram-bot-api.v4

Bot configuration
  • TELEGRAM_BBBOT_TOKEN - Telegram Api token received from @BotFather
  • TELEGRAM_BBBOT_URL - Webhook url to bot public web address
  • PORT - Standard heroku ENV variable for port number
  • TELEGRAM_BBBOT_FIREBASE_TOKEN - Firebase database token
  • TELEGRAM_BBBOT_FIREBASE_URL - Url to firebase project
  • TELEGRAM_BBBOT_HO_SEARCH_URL - HackerOne search url (crawler)
  • TELEGRAM_BBBOT_CHANNEL - Public channel identifier, for example @some_channel_name
  • TELEGRAM_BBBOT_HOST - Public bot host url for ping purposes (for disabling sleeping functionality after 30 min of inactivity)
  • TELEGRAM_BBBOT_H1_HACK_SEARCH_URL - HackerOne hacktivity url (crawler)
  • TELEGRAM_BBBOT_BUGCROWD_NEW_PROG_URL - BugCrowd url for crawling new programs (crawler)

Bot workflow
  • Bot started
  • Fetching data from firebase (synchronising)
  • Crawling programs from hackerone.com (in parallel)
  • Crawling hacktivity from hackerone.com (in parallel)
  • Crawling programs from bugcrowd.com (in parallel)
  • Determining new data from all crawled information (in parallel)
  • Publishing data to telegram channel from ENV variable
  • Note: If instance of bot at heroku.com restarted all data restored from firebase storage.

Posting Komentar

Lebih baru Lebih lama