About • Install • Scripts • Modules • For Developers • FAQs • YouTube • Twitch • Discord
Howdy! My name is Harrison Richardson, or rs0n
(arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web application with a MongoDB connection to manage my findings and identify valuable data points. After 5 years of Bug Bounty hunting, both part-time and full-time, I'm finally ready to package this collection of tools into a proper framework.
The Ars0n Framework is designed to provide aspiring Application Security Engineers with all the tools they need to leverage Bug Bounty hunting as a means to learn valuable, real-world AppSec concepts and make 💰 doing it! My goal is to lower the barrier of entry for Bug Bounty hunting by providing easy-to-use automation tools in combination with educational content and how-to guides for a wide range of Web-based and Cloud-based vulnerabilities. In combination with my YouTube content, this framework will help aspiring Application Security Engineers to quickly and easily understand real-world security concepts that directly translate to a high paying career in Cyber Security.
In addition to using this tool for Bug Bounty Hunting, aspiring engineers can also use this Github Repository as a canvas to practice collaborating with other developers! This tool was inspired by Metasploit and designed to be modular in a similar way. Each Script (Ex: wildfire.py
or slowburn.py
) is basically an algorithm that runs the Modules (Ex: fire-starter.py
or fire-scanner.py
) in a specific patter for a desired result. Because of this design, the community is free to build new Scripts to solve a specific use-case or Modules to expand the results of these Scripts. By learning the code in this framework and using Github to contribute your own code, aspiring engineers will continue to learn real-world skills that can be applied on the first day of a Security Engineer I position.
My hope is that this modular framework will act as a canvas to help share what I've learned over my career to the next generation of Security Engineers! Trust me, we need all the help we can get!!
Paste this code block into a clean installation of Kali Linux 2023.3 to download, install, and run the latest stable Alpha version of the framework:
sudo apt update && sudo apt-get update
sudo apt -y upgrade && sudo apt-get -y upgrade
wget https://github.com/R-s0n/ars0n-framework/releases/download/v0.0.1-alpha/ars0n-framework-v0.0.1-alpha.tar.gz
tar -xzvf ars0n-framework-v0.0.1-alpha.tar.gz
rm ars0n-framework-v0.0.1-alpha.tar.gz
cd ars0n-framework
python3 install.py
wget https://github.com/R-s0n/ars0n-framework/releases/download/v0.0.1-alpha/ars0n-framework-v0.0.1-alpha.tar.gz
tar -xzvf ars0n-framework-v0.0.1-alpha.tar.gz
rm ars0n-framework-v0.0.1-alpha.tar.gz
python3 install.py
./run.sh
If you run into any bugs or issues getting this framework to work, please include the output of debug.sh
in any Issue raised.
python3 wildfire.py --start --cloud --scan
python3 slowburn.py
Most install/run issues are caused by the MongoDB service not running. I'm working on building a fix for this but unvortunately the issues are out of my control. In most cases, running service mongodb start
will solve the problem. If you are still unable to get MongoDB running, you can download the MongoDB binary and run it manually as a work-around.