Smart-BugBounty-Recon 🕵️🧠

An intelligent reconnaissance framework for bug bounty hunters, leveraging AI and advanced heuristics to identify and prioritize targets effectively.

🚀 Why "Smart"?

Traditional recon tools generate vast amounts of data. Smart-BugBounty-Recon aims to:

• 🎯 Prioritize: AI-powered scoring helps hunters focus on the most promising assets
• 🔍 Contextualize: Provides deeper insights beyond simple enumeration
• 🤖 Automate Intelligently: Goes beyond basic scripting with smarter decision-making
• 💎 Uncover Hidden Gems: Identifies attack surface that might be missed by standard tools

✨ Features

Reconnaissance Modules

• Subdomain Enumeration - Certificate transparency (crt.sh), DNS brute-forcing, wildcard detection
• Technology Detection - HTTP headers, cookies, HTML patterns, JS libraries, CMS fingerprinting
• Port Scanning - Nmap integration with socket fallback, service detection, banner grabbing
• JavaScript Analysis - Extract API endpoints, detect hardcoded secrets/tokens, find sensitive paths
• Endpoint Discovery - robots.txt, sitemap.xml, common path brute-forcing

🧠 AI-Powered Prioritization

• Risk scoring based on technology, ports, secrets, and endpoints
• Weighted prioritization algorithm
• Actionable recommendations for hunters
• Attack surface summary

📊 Multiple Output Formats

• Colored console output with rich formatting
• JSON export for integration
• HTML reports with dark theme
• Markdown summaries

🛠️ Installation

Prerequisites

• Python 3.8 or higher
• (Optional) Nmap for enhanced port scanning

Quick Start

# Clone the repository
git clone https://github.com/raghu-007/Smart-BugBounty-Recon.git
cd Smart-BugBounty-Recon

# Create virtual environment (recommended)
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Copy and configure settings
cp config.example.ini config.ini
# Edit config.ini with your API keys (optional)

# Run a scan
python smart_recon.py -d example.com

📖 Usage

Basic Scan

python smart_recon.py -d target.com

Full Options

python smart_recon.py -d target.com -o report.json -f json -v

Command Line Options

Option	Description
-d, --domain	Target domain (required)
-o, --output	Output file path
-f, --format	Output format: console, json, html, markdown, all
-m, --modules	Comma-separated modules: subdomain,techdetect,portscan,jsanalyzer,endpoints
-c, --config	Path to config file (default: config.ini)
-v, --verbose	Enable verbose output
--no-ai	Disable AI prioritization
-t, --threads	Number of concurrent threads (default: 10)
--timeout	Request timeout in seconds (default: 10)

Examples

# Run specific modules only
python smart_recon.py -d target.com -m subdomain,techdetect

# Generate HTML report
python smart_recon.py -d target.com -o report.html -f html

# Verbose mode with all outputs
python smart_recon.py -d target.com -o results -f all -v

# Fast scan without AI
python smart_recon.py -d target.com --no-ai -t 20

📂 Project Structure

Smart-BugBounty-Recon/
├── smart_recon.py          # Main CLI entry point
├── config.example.ini      # Configuration template
├── requirements.txt        # Python dependencies
├── src/
│   ├── core/               # Core utilities
│   │   ├── config.py       # Configuration loader
│   │   ├── scanner.py      # Base scanner class
│   │   └── utils.py        # Utility functions
│   ├── modules/            # Recon modules
│   │   ├── subdomain.py    # Subdomain enumeration
│   │   ├── techdetect.py   # Technology detection
│   │   ├── portscan.py     # Port scanning
│   │   ├── jsanalyzer.py   # JavaScript analysis
│   │   └── endpoints.py    # Endpoint discovery
│   ├── ai/                 # AI prioritization
│   │   ├── scorer.py       # Risk scoring
│   │   └── prioritizer.py  # Prioritization engine
│   └── output/             # Reporting
│       ├── reporter.py     # Report generation
│       └── formatter.py    # Output formatting
└── tests/                  # Unit tests

🔧 Configuration

Copy config.example.ini to config.ini and configure:

[general]
threads = 10
timeout = 10
verbose = false

[api_keys]
shodan = your_shodan_key
virustotal = your_vt_key

[scanning]
intensity = normal
enable_portscan = true
enable_js_analysis = true

[ai_prioritization]
enabled = true
min_score = 20

🧪 Running Tests

# Install test dependencies
pip install pytest pytest-asyncio

# Run all tests
python -m pytest tests/ -v

# Run with coverage
pip install pytest-cov
python -m pytest tests/ -v --cov=src

🤝 Contributing

Contributions are welcome! Please read CONTRIBUTING.md for guidelines.

Adding a New Module

1. Create a new file in src/modules/
2. Inherit from BaseScanner
3. Implement the scan() method
4. Register in src/modules/__init__.py
5. Add tests in tests/

📜 License

This project is licensed under the Apache 2.0 License - see the LICENSE file.

⚠️ Disclaimer

This tool is intended for educational purposes and for use in authorized bug bounty hunting or penetration testing engagements ONLY.

• Only scan targets you have explicit permission to test
• Unauthorized scanning of systems is illegal
• The developers assume no liability for misuse or damage caused by this program
• Always follow responsible disclosure practices

🙏 Acknowledgments

• Built with Python and async/await for performance
• Uses certificate transparency logs via crt.sh
• Nmap integration for advanced port scanning
• Rich library for beautiful console output

---

Happy Hunting! 🎯