Creating Your Own Telegram Bot For Recon Bug Bounty

Hello Friends this is my fourth blog regarding bug hunting

and this is a different blog from previous

If you want to read my previous blogs I have mentioned the links

My previous blogs

If I do some grammatical and spelling mistakes please ignored it

go language must be present in your system

if not then install by using the following command:

┌──(root💀kali)-[~/Desktop]
└─# sudo apt install golang

after that check version of the go language using the following command:

┌──(root💀kali)-[~/Desktop]
└─# go version
go version go1.17.7 linux/amd64

Now installing notify tool use the following command

go install -v github.com/projectdiscovery/notify/cmd/notify@latest

Setting up Telegram Application:

now go to your telegram app

Search the following bot in the telegram search box

RawDataBot

Click on the start button

if you got something like this message

Please set up a username before using this bot.

You can ask friends to setup

means you don’t have the username of your telegram account

If you have already set up your username then just click on the start button you got some sensitive information about your telegram chat id, first name, last name username you have to copy your chat id and note it down to your notepad we need chat id further

if not then you have to set up your telegram username

and if you got the following message means you have already setup your username

OR you can setup your username via setting > edit profile > username

if not then you got such message like add a username and then add a unique username and save it

search BotFather in the search box

Click on start

goto newbot

choose any unique bot having ended with YourreconBot OR yourrecon_bot name

once your bot name accepted by the telegram

after creating a bot click on your bot and start the bot service

you got the token
Use this token to access the HTTP API:
53482XXXXX:AAFofjz1756wnkTFRg7XY2PWXXXXXXXXXX

now go to your root directory and check the .config folder is present or not

┌──(root💀kali)-[~/Desktop]
└─# cd

┌──(root💀kali)-[~]
└─# ls -a

If your system .config folder is missing then create a folder using the following the command

┌──(root💀kali)-[~]
└─# mkdir .config

then enter into that folder

┌──(root💀kali)-[~]
└─# cd .config

again going to the folder check by ls command

┌──(root💀kali)-[~/.config]
└─# ls

and check the notify folder is there or not

if not then create using mkdir command

┌──(root💀kali)-[~/.config]
└─# mkdir notify

again change the directory and enter into the notify

check the files using ls command

┌──(root💀kali)-[~/.config/notify]
└─# ls
config.yaml provider-config.yaml

if two [.]yaml files are present then open provider-config.yaml in the mousepad

If not then create it and save it by using the name provider-config.yaml

Creating provider-config.yaml file command:

┌──(root💀kali)-[~/.config/notify]
└─# nano provider-config.yaml

Opening file in mousepad command:

┌──(root💀kali)-[~/.config/notify]
└─# mousepad provider-config.yaml

and paste the following text into it

replace the chat id to the id and telegram_chat_id that we are previously copied to the notepad and also paste the token of created telegram bot

telegram:
- id: "52662XXXXX"
telegram_api_key:"53482XXXXX:AAFofjz1756wnkTFRg7XY2PWXXXXXXXXXX"
telegram_chat_id: "52662XXXXX"
telegram_format: "{{data}}"

goto the go > bin folder

┌──(root💀kali)-[~/Desktop]
└─# cd

┌──(root💀kali)-[~]
└─# cd go/bin

copy the notify to the usr > local > bin folder

┌──(root💀kali)-[~/go/bin]
└─# cp notify /usr/local/bin

exit from the terminal using command exit and reopen the new terminal and enter the following command

┌──(root💀kali)-[~/Desktop]
└─# echo “hello recon bot” | notify

┌──(root💀kali)-[~/Desktop]
└─# subfinder -d hackerone.com | notify

Boom you got a message in telegram

So this is how you can create and use a telegram bot for recon and create your own methodology for automation. If you want to run your BOT 24/7 you need VPS which you can buy from DigitalOcean/Linode or Contabo (cheapest).

I also disclosed some interesting video POC regarding my submission on youtube

Youtube: https://www.youtube.com/channel/UCD1HKXD7o-mLV9jmkS-emGw

LinkedIn: https://www.linkedin.com/in/santosh-bobade-531094192/

Twitter Handle: https://twitter.com/Santosh88267387

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store