Discovery Header Bug Bounty to DoD with python

Aug 26, 2021 1 min read

Discovery Header DoD Bug-Bounty

Did you know that DoD accepts server headers? ? (example: apache"version" , php"version") ?

In this code it is possible to extract all headers from the URLS.
Tracking versions and being able to report as cwe-200 on hackerone.

the 200dds file is an example:

You can put your list of treated URLS.

Install dependencies

git clone https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty.git

cd Discovery-Header-Bug-Bounty

pip install -r requirements.txt

python3 searchHEADER.py -h

usage: searchHEADER.py [-h] help

positional arguments:
  help        Run to code = python3 searchHEADER.py FileToUrls

optional arguments:
  -h, --help  show this help message and exit

GitHub

https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty

Security

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.