Whether during a pentest or bug hunting activity, the first step is the reconnaissance phase, and subdomain enumeration emerges as one of the most crucial tasks. Identifying and enumerating subdomains is essential to understand an organization's attack surface or protect against potential threats.
You can enhance and streamline subdomain enumeration using BBRF (Bug Bounty Reconnaissance Framework), a robust and versatile tool designed to simplify and improve the reconnaissance phase. In this article, we'll walk you through the installation steps and ways to use it.
Installation prerequisites
docker-compose >> #sudo apt-get install docker-compose -y python3-pip >> #sudo apt install python3-pip -y jq >> #sudo apt install jq -y
BBRF client installation
1 – Install BBRF client
#pip install bbrf
1.1 - troubleshooting
If, during the installation attempt using PIP, an error message related to: “pip install error: externally-managed-environment”;
it's necessary to downgrade PIP; proceed with the following command:
#pip install pip==22.3.1 --break-system-packages
2 - After installation, run the BBRF command to list available bbrf options.
2.1 – troubleshooting
If the BBRF command doesn't work, make sure your PATH is set correctly.
#export PATH="$HOME/.local/bin:$PATH" #source ~/.bashrc
3 - Create a hidden folder. Use the following command to create a hidden folder named .bbrf in your home directory.
#mkdir -p ~/.bbrf....
Author
Latest Articles
Can I give loopback ip as bbrf-server address ?