Discovery Header Bug Bounty to DoD with python

Did you know that DoD accepts server headers? 😲 (example: apache”version” , php”version”) ?

In this code it is possible to extract all headers from the URLS.
Tracking versions and being able to report as cwe-200 on hackerone.

the 200dds file is an example:

You can put your list of treated URLS.

asciicast

Install dependencies

git clone https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty.git

cd Discovery-Header-Bug-Bounty

pip install -r requirements.txt

python3 searchHEADER.py -h

usage: searchHEADER.py [-h] help

positional arguments:
  help        Run to code = python3 searchHEADER.py FileToUrls

optional arguments:
  -h, --help  show this help message and exit


GitHub

https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty

 

 

 

To finish reading, please visit source site