Introducing BountyMachine

Not all hacking is fun. A lot of repetitive manual work is usually required to map the target infrastructure and decide which assets are worthy of giving attention to first.

Why we built BountyMachine

The easiest to automate findings can have a huge impact

According to a post on Snyk’s blog where they analyzed the top 50 data breaches of 2016, the top two vulnerabilities (causing a total of 44% of the breaches) were A9-Known Vulnerable Components and A5-Security Misconfiguration. Ranking in at number 4 (responsible for 6% of the breaches) was A2-Weak Authentication and Session Management and A6-Sensitive Data Exposure. That is a total of 50% caused by vulnerabilities which could have been mitigated if the affected organizations had been monitoring their infrastructure.

Building everything from scratch is a bad idea

There are so many existing attack techniques, with new ones being discovered and shared all the time. In such an active industry, it can be hard to keep up with the pace of change. Imagine trying to build and maintain a tool on your own that encapsulates all of these techniques quickly and effectively, as soon as they come out. That’s pretty much the state of things today. There is so much fragmentation and ‘not invented here’ syndrome among open source tooling that we end up with a pile of duplicates that are only slightly different from one another, and many of which fall to the wayside of code rot and being abandoned.

We need to do security at scale

In this age, most organizations have a ton of assets, and more and more we are finding that they just aren’t able to effectively keep track of them all. This becomes a serious problem for security, as we know: what you don’t know exists, you can’t protect. One of our priorities when building BM was to ensure that we can handle the kind of scope posed by the asset sprawl that organizations have to deal with. We designed BM with the same architectures and technologies that allow the biggest companies in the world to keep their IT assets running at scale. Leveraging the learnings of these giants, and building upon the best the open source world has to offer, BM is resource friendly, yet able to scale up and meet the demands posed by large scopes and complex tests.

Monitoring is important

Times are changing. It’s now common for code to be pushed multiple times in a day. New assets can pop up overnight as business needs change. When you don’t have an effective way to keep track of these assets, they become your organization’s weak link. Your security team becomes blind, and as each new security update, public exploit, or attack technique becomes available, your unknown assets turn into your compromise. Or to put it another way, bad things will happen.

Building a BountyMachine

Our main objectives were to:

How BountyMachine works

  1. You give BM a target. We have an API you can use to supply targets so you can use any input method you like as long as it can issue simple HTTP requests. Our current personal favorite is Slack Slash Commands.


There are still a lot of things that we can do, and we are actively working to make this project even more useful. Stay tuned for more posts!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store