Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save Diaa-Hassan/9e023d0fae3314273302ae895ae7c5ed to your computer and use it in GitHub Desktop.
Save Diaa-Hassan/9e023d0fae3314273302ae895ae7c5ed to your computer and use it in GitHub Desktop.
bug bounty monitor - assetnote installation
Assetnote is a new subdomains supervision tools which allow for real-time notifications about
newlly added subdomains
The tool is especially usefull for bug bounty
As I'm starting playing in bug bounties the tool seems extremelly apealing
The project can be found at https://github.com/infosec-au/assetnote
# installation #
/** My VPS is runing Ubuntu LTS 14.04 **/
just follow the instructions in the very well detailled README file
the following cmd:
pip install -r requirements.txt
just does the magic
# difficulties encountered#
After firing up the "assetnote" service everything runs just fine, the web interface works well
However no subdomains are collected from "threatcrowd"
After a quick check, i found out the the HTTP GET request for threatcrowd's API didn't work correctlly. The following erros were received:
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/secu rity.html#snimissingwarning.
SNIMissingWarning
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.rea dthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
[Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
After some googling it turned out to be due to a problem in "python version":
https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning
Python version prior to 2.7.9 gets this kind of errors while using package "requests" to establish HTTPS connections.
My version at the time was 2.7.6.
I upgraded my python to 2.7.9 following the post at :
https://renoirboulanger.com/blog/2015/04/upgrade-python-2-7-9-ubuntu-14-04-lts-making-deb-package/
(important to install libsqlite3-dev, otherwise an error will be encountered when importing sqlite3)
Problem solved. Now i own a magic "subdomain" supervision tool. Thx to "infosec-au"
cheers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment