Skip to content

Instantly share code, notes, and snippets.

@sz3n
Last active July 8, 2022 05:44
Show Gist options
  • Save sz3n/1fdf2f871a10d4e9180757afc8fd80e2 to your computer and use it in GitHub Desktop.
Save sz3n/1fdf2f871a10d4e9180757afc8fd80e2 to your computer and use it in GitHub Desktop.
bug bounty monitor - assetnote installation
Assetnote is a new subdomains supervision tools which allow for real-time notifications about
newlly added subdomains
The tool is especially usefull for bug bounty
As I'm starting playing in bug bounties the tool seems extremelly apealing
The project can be found at https://github.com/infosec-au/assetnote
# installation #
/** My VPS is runing Ubuntu LTS 14.04 **/
just follow the instructions in the very well detailled README file
the following cmd:
pip install -r requirements.txt
just does the magic
# difficulties encountered#
After firing up the "assetnote" service everything runs just fine, the web interface works well
However no subdomains are collected from "threatcrowd"
After a quick check, i found out the the HTTP GET request for threatcrowd's API didn't work correctlly. The following erros were received:
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/secu rity.html#snimissingwarning.
SNIMissingWarning
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.rea dthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
[Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
After some googling it turned out to be due to a problem in "python version":
https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning
Python version prior to 2.7.9 gets this kind of errors while using package "requests" to establish HTTPS connections.
My version at the time was 2.7.6.
I upgraded my python to 2.7.9 following the post at :
https://renoirboulanger.com/blog/2015/04/upgrade-python-2-7-9-ubuntu-14-04-lts-making-deb-package/
(important to install libsqlite3-dev, otherwise an error will be encountered when importing sqlite3)
Problem solved. Now i own a magic "subdomain" supervision tool. Thx to "infosec-au"
cheers
@ninjakatz84
Copy link

Hi,

Ive also setup this tool on my debian vps. Everything works including the request from threatcrowd. However, I am not able to get push notification on my phone. were you able to get notifications? Was wondering if you have a small tutorial regarding that.

Thanks

@attacker34
Copy link

This tool has been removed.. Can anyone tell me how to get the resource and install it??

@itsmenaga
Copy link

Copy link

ghost commented Sep 3, 2019

Thank yu @itsmenaga

@marz-hunter
Copy link

I installed it from https://github.com/tdr130/assetnote/. but running it shows an error

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment