Telegram Bug Bounty Bot
https://telegram.me/bug_bounty_channel
History
- This bot adopted special for deploying to Heroku
- General purposes of this got - "Be helpful for infosec community!"
- Bot use
https://github.com/maddevsio/bbcrawlerfor fetching information - Used heroku
https://github.com/heroku/go-getting-startedas a template for project - For bot used free account on
heroku.comandfirebase.com
Purpose
- Purposes of bot:
- "Deliver information as fast as possible!"
- "Be helpful for infosec community"
Architecture
- For web server used
GIN-
github.com/gin-gonic/gin
-
- For Bot functionality used
telegram-bot-api.v4-
gopkg.in/telegram-bot-api.v4
-
Bot configuration
-
TELEGRAM_BBBOT_TOKEN- Telegram Api token received from @BotFather -
TELEGRAM_BBBOT_URL- Webhook url to bot public web address -
PORT- Standard heroku ENV variable for port number -
TELEGRAM_BBBOT_FIREBASE_TOKEN- Firebase database token -
TELEGRAM_BBBOT_FIREBASE_URL- Url to firebase project -
TELEGRAM_BBBOT_HO_SEARCH_URL- HackerOne search url (crawler) -
TELEGRAM_BBBOT_CHANNEL- Public channel identifier, for example@some_channel_name -
TELEGRAM_BBBOT_HOST- Public bot host url for ping purposes (for disabling sleeping functionality after 30 min of inactivity) -
TELEGRAM_BBBOT_H1_HACK_SEARCH_URL- HackerOne hacktivity url (crawler) -
TELEGRAM_BBBOT_BUGCROWD_NEW_PROG_URL- BugCrowd url for crawling new programs (crawler)
Bot workflow
- Bot started
- Fetching data from firebase
(synchronising) - Crawling programs from hackerone.com
(in parallel) - Crawling hacktivity from hackerone.com
(in parallel) - Crawling programs from bugcrowd.com
(in parallel) - Determining new data from all crawled information
(in parallel) - Publishing data to telegram channel from
ENVvariable
- Note: If instance of bot at heroku.com restarted all data restored from firebase storage.