Afrog explained for bug bounty hunters

When working as a pentester or bug hunter it is normal to want to automate some of our work. This includes scanning network ports, checking the technologies in use, but also running potential exploits and vulnerability scanners. Today we will look at one tool that can help us automate our flow. We are talking about afrog.

We will skip all the configuration or installation steps because they are too simple to discuss. Instead, let’s get straight to how the tool works. It supports user-defined PoCs and includes several built-in types such as CVE, CNVD, default passwords, information disclosure, fingerprint identification, unauthorized access, arbitrary file reading and command execution.

I took my old blog as the target of the attack. Lets say its example.com. It is set up on wordpress and hasn’t been updated for several weeks. We can run the tool with one defined target via a command:

The appearance of the tool’s operation in the console:

As you can see, we found one potential CVE at the medium level.

The tool, when finished, generates a report in the reports directory with a summary and analysis of detected PoCs. This is useful for further analysis and exploitation.

The afrog tool is similiar to nuclei in its simplicity. Compared to it, it has ~8 times less stars on github (1.6k) which is still not bad and shows strong support for the tool. 984 commits and the last update (as of May 25, 2023) was 18 hours ago. Like nuclei, PoCs are defined in yaml format. The tool should be kept up to date, as it is worth watching and has a wide PoC base.

https://github.com/zan8in/afrog/tree/main