Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)

In the previous article details regarding syntax, variables, and their usage was conveyed. This Final Part Will be about the Installation and running of the program.

Prerequisites —

2. Make Sure You have GO Installed.

3. Run Following Command to Install from the source

Connecting to Database —

If you have installed MongoDB on Local Machine then the program will use the default URL and connect to the database. If MongoDB is installed on a remote machine Obtain MongoDB Connection String (you can find more details here) and set it as the default URL using the below command. These changes are persistent and are saved at `$HOME/.config/talos/talos.json`

Configure Discord —

Create Discord Hook ( you can find some details here ). It will in the format specified below note down values in place of id and token parameters in Webhook URL

These can also be passed at runtime using parameters --id and --token but the easiest possible way is to add them to your $HOME/.bashrc file or .zshrc file depending on the shell you are using. You can append something similar to this

Database and Program Settings —

You have to specify the program name and database name you want to use before you run your script file. You can use just one database or many depending on your needs. I usually create different DB for each platform. I run the following command If I am working on Grammarly Program on Hackerone

You can view these settings by running the following command

Running any Script —

There are two ways to run a script file you can use talosplus run -s path/to/script/ or as shown in the below command

I use this script as generic one for all programs and I just change the main variables in this case @rootsubs and @outscope .If you directly run any this you will something similar to below image at end of output

so If I am working on Grammarly on HackerOne I would set rootsubs and outscore values to program endpoints

View Variables set in DB —

To View all variables that are explicitly set and their values run below command

To Get List of All Variables names that are Explicitly set and Were Created at runtime until now .

Running the script —

When we run a script actual steps taken in the background are Compile -> Static Analyis -> Summarize -> Print ALL CMDs -> Schedule -> Execute allIf you don’t want to run just complete all steps before running. run below command

Resume a prerun Script —

talosplus does not save any state data like .cfg or commands, hashes in DB only variables and their values are exported this gives us flexibility entirely change any script without thinking of any compatibility issues. So If the script was stopped due to some error or user forced exit . You can fix the error and just rerun using the same command. By default, It will analyze and start from the last successful run of the program based on their exports.

Blacklist any command(Experimental)

If you have already run the script and you want to rerun any specific command and its derivatives identify the variable which you want to change and run the below command this will reschedule and run commands which are affected due to a change in that variable

Caching

This is one of the extra features after a command is executed successfully by default it will cache output to cachedir in format cmdname-xxxxhashxxx . If we run the same command intentionally / Unintentionally It will just use the cached value. If you don’t like this feature you can disable it by setting the env variable purge

Other Features

Talosplus also has other important edge case features like Scheduling commands based on need, Identifying if Command Failed to run because of bash script or incorrect syntax, or the command itself panicked. If you are interested in how these were done Just read the code I have tried to keep the code simple and has a lot of comments.