The Bug Bounty Reconnaissance Framework (BBRF) is intended to facilitate the workflows of security researchers across multiple devices. This repository contains the source files to deploy a BBRF server.
For more information about BBRF, read the blog post on https://honoki.net/2020/10/08/introducing-bbrf-yet-another-bug-bounty-reconnaissance-framework/
Once you have deployed a BBRF server, move on to install the BBRF client here
Start by cloning this repository:
git clone https://github.com/honoki/bbrf-server/
cd bbrf-server
Next, make the required changes to the docker-compose.yml
by which I mean CHANGE THE DEFAULT PASSWORDS FOR THE LOVE OF GOD!
And finally, run
sudo docker-compose up -d
Note that this will expose port 443 (https) on your BBRF server to the internet. Docker Compose generates a self-signed certificate for the reverse proxy which it persists to the volume ./keys/
. You can replace them with a valid certificate if you want to avoid certificate warnings, see the instructions below.
Verify your installation by browsing to https://127.0.0.1/_utils/#database/bbrf/_all_docs
To configure your BBRF server with a valid certificate, it suffices to generate the cert files with certbot
and place them in the keys
directory. The keys will be picked up when you next start the containers.
The following steps should get you up and running:
- Ensure you have a domain name pointed to your BBRF server;
- If you are still in docker-compose, stop the containers with
ctrl+C
; - Install certbot:
sudo apt install certbot
- If necessary, allow HTTP traffic e.g:
ufw allow 80/tcp
- Run
certbot -d yourdomain.com certonly
and follow the steps; - Copy the generated certificate files to the keys volume:
cp /etc/letsencrypt/live/yourdomain.com/{fullchain.pem,privkey.pem} ./proxy/keys/
- Restart your containers:
sudo docker-compose up -d
Browse to https://yourdomain.com/_utils/#database/bbrf/_all_docs
to validate the setup.