In this post, you will learn how to create a Discord BOT and use it for Bug Bounty Recon.
Setup
First, we will install all these required software's on our system:-
For windows
Install python from Microsoft Store
Install pip using this https://phoenixnap.com/kb/install-pip-windows
Install pip packages using this command:-
pip3 install discord.py
pip3 install python-dotenvFor Linux
sudo apt update
sudo apt install python3.8
sudo apt-get -y install python3-pip
sudo pip3 install discord.py
pip3 install python-dotenvSetting up Discord Developer Application
Click on New Applications button at top right
Enter Name of your application like "Jarvis BOT" and click on create
You can add icon if you want (Optional)
Left side, click on "Bot" in menu and Click on Add BOT button -> Click on "Yes Do it" button
Click on Reset Token button and click on "Yes Do it" button
Now copy this token and paste it in notepad for future use
Click on "OAuth2" on left side menu -> Click on URL generator under that
In Scopes, check "Bot"
Scroll down and give permissions, you can give Administrator permissions for testing
Scroll down and copy the generated URL
Now visit this generated URL and select your server where you want to add this BOT
Click on continue and Authorize
Check your Discord Server
Coding BOT
First we will create simple message BOT with this code
#import the packages
import discord
from dotenv import load_dotenv
import os
#load .env file and replace your token in Token varaible
load_dotenv()
TOKEN = "replace-your-token"
client = discord.Client()
@client.event
async def on_ready():
print(f'{client.user.name} has connected to Discord!')
@client.event
async def on_message(message):
if message.author == client.user:
return
msg=message.content
if msg == '+hello':
await message.channel.send("Hello World!")
else:
await message.channel.send("Wrong command")
client.run(TOKEN)We have to focus on this part of the code :-
Because we have to change if-else code to make our BOT useful for our own recon methods.
Now run this code using python
Now check your Discord server, you BOT is online
Type BOT commands in chat
So this if-else condition consist of BOT commands which you want to use, like we are using "+hello" here to return this message
For Recon
Now lets use this BOT if-else code for recon
Here, we are checking if message from user contains "+recon" and something after that:
It will fetch the url by splitting the message
Sends the message to us with that url
Now lets try to do subdomain enumeration using "subfinder"
Above code will fetch url from your message
It will run subfinder on your url and returns the result in message
So if you run this command on big targets, your code will return error because discord have 2000 character limit. To resolve this issue, you can use text files.
Now we are using subfinder command with output and we are attaching our output file using this code:-
await message.channel.send(file=discord.File(cmd.txt"))
Full code here:-
import discord
from dotenv import load_dotenv
import os
load_dotenv()
TOKEN = "your-bot-token"
client = discord.Client()
@client.event
async def on_ready():
print(f'{client.user.name} has connected to Discord!')
@client.event
async def on_message(message):
if message.author == client.user:
return
msg=message.content
if '+recon' in msg:
url = str.strip(msg.split("+recon",1)[1])
await message.channel.send("Scanning Started on : "+url)
stream = os.popen("subfinder -d "+url+" -silent -o out.txt")
output = stream.read()
await message.channel.send("Your result:- \n")
await message.channel.send(file=discord.File("out.txt"))
else:
await message.channel.send("Wrong command")
client.run(TOKEN)So this is how you can create and use discord bots for recon and create your own methodology for automation. If you want to run your BOT 24/7 you need VPS which you can buy from DigitalOcean/Linode or Contabo (cheapest).