Create your own Discord BOT for Recon - Bug Bounty

In this post, you will learn how to create a Discord BOT and use it for Bug Bounty Recon.


Setup

First, we will install all these required software's on our system:-

For windows

  1. Install python from Microsoft Store

  2. Install pip using this https://phoenixnap.com/kb/install-pip-windows

  3. Install pip packages using this command:-

pip3 install discord.py
pip3 install python-dotenv

For Linux

sudo apt update
sudo apt install python3.8
sudo apt-get -y install python3-pip
sudo pip3 install discord.py
pip3 install python-dotenv

Setting up Discord Developer Application

  • Go to https://discord.com/developers/applications

  • Click on New Applications button at top right

  • Enter Name of your application like "Jarvis BOT" and click on create

  • You can add icon if you want (Optional)

  • Left side, click on "Bot" in menu and Click on Add BOT button -> Click on "Yes Do it" button

  • Click on Reset Token button and click on "Yes Do it" button

  • Now copy this token and paste it in notepad for future use

  • Click on "OAuth2" on left side menu -> Click on URL generator under that

  • In Scopes, check "Bot"

  • Scroll down and give permissions, you can give Administrator permissions for testing

  • Scroll down and copy the generated URL

  • Now visit this generated URL and select your server where you want to add this BOT

  • Click on continue and Authorize

  • Check your Discord Server


Coding BOT

First we will create simple message BOT with this code

#import the packages
import discord
from dotenv import load_dotenv
import os

#load .env file and replace your token in Token varaible
load_dotenv()
TOKEN = "replace-your-token"

client = discord.Client()

@client.event
async def on_ready():
    print(f'{client.user.name} has connected to Discord!')

@client.event
async def on_message(message):
    if message.author == client.user:
        return

    msg=message.content
    if msg == '+hello':
        await message.channel.send("Hello World!")
    else:
        await message.channel.send("Wrong command")
        

client.run(TOKEN)

We have to focus on this part of the code :-

Because we have to change if-else code to make our BOT useful for our own recon methods.

Now run this code using python

Now check your Discord server, you BOT is online

Type BOT commands in chat

So this if-else condition consist of BOT commands which you want to use, like we are using "+hello" here to return this message


For Recon

Now lets use this BOT if-else code for recon

Here, we are checking if message from user contains "+recon" and something after that:

  • It will fetch the url by splitting the message

  • Sends the message to us with that url


Now lets try to do subdomain enumeration using "subfinder"

  • Above code will fetch url from your message

  • It will run subfinder on your url and returns the result in message

So if you run this command on big targets, your code will return error because discord have 2000 character limit. To resolve this issue, you can use text files.

Now we are using subfinder command with output and we are attaching our output file using this code:-

await message.channel.send(file=discord.File(cmd.txt"))

Full code here:-

import discord
from dotenv import load_dotenv
import os

load_dotenv()
TOKEN = "your-bot-token"

client = discord.Client()

@client.event
async def on_ready():
    print(f'{client.user.name} has connected to Discord!')

@client.event
async def on_message(message):
    if message.author == client.user:
        return

    msg=message.content
    if '+recon' in msg:
        url = str.strip(msg.split("+recon",1)[1])
        await message.channel.send("Scanning Started on : "+url)
        stream = os.popen("subfinder -d "+url+" -silent -o out.txt")
        output = stream.read()
        await message.channel.send("Your result:- \n")
        await message.channel.send(file=discord.File("out.txt"))
    else:
        await message.channel.send("Wrong command")
        

client.run(TOKEN)

So this is how you can create and use discord bots for recon and create your own methodology for automation. If you want to run your BOT 24/7 you need VPS which you can buy from DigitalOcean/Linode or Contabo (cheapest).


884 views0 comments