gerosecurity / gerobug Goto Github PK
View Code? Open in Web Editor NEWThe First Open Source Bug Bounty Platform
Home Page: https://gerobug.gerosecurity.com
License: GNU Affero General Public License v3.0
The First Open Source Bug Bounty Platform
Home Page: https://gerobug.gerosecurity.com
License: GNU Affero General Public License v3.0
On read_mail()
there is no pattern to separate between bug report or just regular emails.
The could be an issue, that every email will be stored as new bug report on the platform.
Looking forward if you guys can resolve this issue
The SSL isn't auto renewing?
Here is my setup:
______ ______ ______ ______ ______ __ __ ______
/\ ___\ /\ ___\ /\ == \ /\ __ \ /\ == \ /\ \/\ \ /\ ___\
\ \ \__ \ \ \ __\ \ \ __< \ \ \/\ \ \ \ __< \ \ \_\ \ \ \ \__ \
\ \_____\ \ \_____\ \ \_\ \_\ \ \_____\ \ \_____\ \ \_____\ \ \_____\
\/_____/ \/_____/ \/_/ /_/ \/_____/ \/_____/ \/_____/ \/_____/
================================================================================
Gerobug v2.3 (PRODUCTION READY)
================================================================================
================================================================================
---------------------------------
Welcome to the Gerobug Installer!
---------------------------------
My name is Gero and I will assist you through the installation :)
I need to ask you a few questions before starting the setup.
Server Public IP : <snip>
Is it correct?
1) YES
2) NO
Your choice [1-2]: 1
Server Internal IP : <snip>
Is it correct?
1) YES
2) NO
Your choice [1-2]: 2
Enter Internal / Secondary IP (example: 127.0.0.1): 127.0.0.1
Do you have a domain that you want to use?
example: demo.gerobug.com
1) YES (I will help to implement HTTPS using lets encrypt for you)
2) NO (Gerobug will use HTTP instead of HTTPS) [NOT RECOMMENDED FOR PRODUCTION]
Your choice [1-2]: 2
Gerobug will not implement HTTPS [NOT RECOMMENDED FOR PRODUCTION]
A domain is required to setup HTTPS
Run this script again later when you have a domain to setup HTTPS
or you can change the nginx config manually
Do you have a VPN Server on the network?
1) YES (Gerobug Dashboard will only accept connection from internal IP)
2) NO (Gerobug Dashboard will be accessible from public) [NOT RECOMMENDED FOR PRODUCTION]
Your choice [1-2]: 1
Gerobug Dashboard will only accept connection from INTERNAL IP
So a VPN Server will be required
If you face any trouble, read the documentation :)
Okay, that was all I needed. We are ready to setup Gerobug server now.
Press any key to continue...
================================================================================
So I set my internal IP, chose HTTP only, and set it to only accept connections from the local IP.
And then after it's running, docker compose ps
shows:
gerobug-nginx-1 gerobug-nginx "/docker-entrypoint.sh nginx -g 'daemon off;'"
nginx 11 seconds ago Up 10 seconds
0.0.0.0:80->80/tcp, :::80->80/tcp,
0.0.0.0:443->443/tcp, :::443->443/tcp,
0.0.0.0:6320->6320/tcp, :::6320->6320/tcp
So ports 80
, 443
, and 6320
are all exposed publicly on the machine. Even if there are safeguards in place in the nginx config, the ports are still exposed.
This is because in the docker-compose.yml
file, the ports are set like so:
nginx:
build: ./nginx
ports:
- "80:80"
- "443:443"
- "6320:6320"
In the absence of a binding address, compose defaults to 0.0.0.0
.
./run.sh
process, it saves the given settings to a .env
file (which compose reads by default), something like this:BIND_ADDRESS=<public or local ip, as chosen during the setup>
HTTP_PORT=<the port chosen during setup>
HTTPS_PORT=<the port chosen during setup>
DASHBOARD_PORT<the port chosen during setup>
And then the compose file changed to something like this:
nginx:
build: ./nginx
ports:
- "${BIND_ADDRESS}:${BIND_PORT}:80"
- "${BIND_ADDRESS}:${BIND_PORT}:443"
- "${BIND_ADDRESS}:${DASHBOARD_PORT}:6320"
You'll notice I also separated the ports out to be configurable as well. I think this is an important option. For example, on the server I wish to run gerobug
on, I already have 80
and 443
bound, so I have to edit the compose file manually to make it work.
I'm actually not sure how to do this, but it would be a nice way to keep the ports clean and reduce confusion for developers.
I would make a PR, but I think this requires some decisions that I wouldn't want to impose on you guys :)
Hi,
The log keeps being full...
Is it normal?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.