sz3n · July 8, 2022 05:44 · ghost · Sep 3, 2019 · marz-hunter · Sep 17, 2020
diff --git a/bug bounty monitor - assetnote installation b/bug bounty monitor - assetnote installation
 Assetnote is a new subdomains supervision tools which allow for real-time notifications about
 newlly added subdomains

 The tool is especially usefull for bug bounty

 As I'm starting playing in bug bounties the tool seems extremelly apealing
 The project can be found at https://github.com/infosec-au/assetnote

 # installation #
 /** My VPS is runing Ubuntu LTS 14.04 **/
 just follow the instructions in the very well detailled README file
 the following cmd:
 pip install -r requirements.txt 
 just does the magic

 # difficulties encountered#
 After firing up the "assetnote" service everything runs just fine, the web interface works well
 However no subdomains are collected from "threatcrowd"
 After a quick check, i found out the the HTTP GET request for threatcrowd's API didn't work correctlly. The following erros were received:

 /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can                                          cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/secu                                         rity.html#snimissingwarning.
  SNIMissingWarning
 /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.rea                                         dthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
 [Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error


 After some googling it turned out to be due to a problem in "python version":
 https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning

 Python version prior to 2.7.9 gets this kind of errors while using package "requests" to establish HTTPS connections.
 My version at the time was 2.7.6.

 I upgraded my python to 2.7.9 following the post at : 
 https://renoirboulanger.com/blog/2015/04/upgrade-python-2-7-9-ubuntu-14-04-lts-making-deb-package/
 (important to install libsqlite3-dev, otherwise an error will be encountered when importing sqlite3)

 Problem solved. Now i own a magic "subdomain" supervision tool. Thx to "infosec-au"

 cheers
	Assetnote is a new subdomains supervision tools which allow for real-time notifications about
	newlly added subdomains

	The tool is especially usefull for bug bounty

	As I'm starting playing in bug bounties the tool seems extremelly apealing
	The project can be found at https://github.com/infosec-au/assetnote

	# installation #
	/ My VPS is runing Ubuntu LTS 14.04 /
	just follow the instructions in the very well detailled README file
	the following cmd:
	pip install -r requirements.txt
	just does the magic

	# difficulties encountered#
	After firing up the "assetnote" service everything runs just fine, the web interface works well
	However no subdomains are collected from "threatcrowd"
	After a quick check, i found out the the HTTP GET request for threatcrowd's API didn't work correctlly. The following erros were received:

	/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/secu rity.html#snimissingwarning.
	SNIMissingWarning
	/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.rea dthedocs.org/en/latest/security.html#insecureplatformwarning.
	InsecurePlatformWarning
	[Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error


	After some googling it turned out to be due to a problem in "python version":
	https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning

	Python version prior to 2.7.9 gets this kind of errors while using package "requests" to establish HTTPS connections.
	My version at the time was 2.7.6.

	I upgraded my python to 2.7.9 following the post at :
	https://renoirboulanger.com/blog/2015/04/upgrade-python-2-7-9-ubuntu-14-04-lts-making-deb-package/
	(important to install libsqlite3-dev, otherwise an error will be encountered when importing sqlite3)

	Problem solved. Now i own a magic "subdomain" supervision tool. Thx to "infosec-au"

	cheers