Why should you use a VPS?
For one, it’ll keep your IP address from being banned by certain providers. How would it feel to wake up one day and not being able to access certain sites because your IP has been blacklisted? If you use a VPS, this isn’t much of an issue. You can just change out the IP from the VPS provider. It may be a littler harder to change your home IP address.
For two, it makes tool installation easier and faster. On Linode, I have a lengthy script that I run when I’m starting up a new box. The script sets up everything I need for bug bounty hunting. It makes tearing down a box and bringing it up a new one simple and quick.
Another reason you may want a cloud-based box running is for server capabilities. For example if you’re testing out some sort of XSS/XXE/etc. and you need a server to host a payload, your bug bounty box can serve double duty. Additionally, some hunters maintain giant databases of scraped webpages, nmap scans, targets and their subdomains, and on and on and on. But perhaps my favorite usage of a dedicated bug-bounty box is hosting your own semi-permanent Burp Collaborator server as described here.
I use this in my day-to-day exploitation because I don’t want to host this stuff at home, which exposes my personal IP address and whatever ports I have open to the general public, which I try to avoid.
Here is a small example of a script that I run. My script is significantly larger, but this is a decent start.
See the latest version on my github page.
#!/bin/bash # for use with Ubuntu 20.04 # some security tools to get started # use this to setup new bug bounty box # use at your own risk # check if running as root if [ "$EUID" -ne 0 ] then echo "Run as root, please!" exit fi mkdir sectools cd sectools apt update -y && apt upgrade -y # install some packages and tools that are used regularly apt install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common \ net-tools \ nmap \ john \ hashcat \ python3-pip \ wfuzz \ nikto \ gobuster \ masscan \ ruby-full \ ruby-railties \ wireguard \ nfs-common \ hydra \ cewl \ mlocate # evil winrm gem install evil-winrm # powershell snap install powershell --classic # amass curl -s https://api.github.com/repos/OWASP/Amass/releases/latest | grep "browser_download_url.*linux_amd64.zip" | cut -d : -f 2,3 | tr -d \" | wget -i - unzip amass* chmod +x ./amass_linux_amd64/amass mv ./amass_linux_amd64/amass /usr/bin/ # nuclei curl -s https://api.github.com/repos/projectdiscovery/nuclei/releases/latest | grep "browser_download_url.*linux_amd64.tar.gz" | cut -d : -f 2,3 | tr -d \" | wget -i - tar xzf nuclei* nuclei chmod +x nuclei mv nuclei /usr/bin/ # httpx curl -s https://api.github.com/repos/projectdiscovery/httpx/releases/latest | grep "browser_download_url.*linux_amd64.tar.gz" | cut -d : -f 2,3 | tr -d \" | wget -i - tar xzf httpx* httpx chmod +x httpx mv httpx /usr/bin/ # subfinder curl -s https://api.github.com/repos/projectdiscovery/subfinder/releases/latest | grep "browser_download_url.*linux_amd64.tar.gz" | cut -d : -f 2,3 | tr -d \" | wget -i - tar xzf subfinder* subfinder chmod +x subfinder mv subfinder /usr/bin/ #aquatone setup curl -s https://api.github.com/repos/michenriksen/aquatone/releases/latest | grep "browser_download_url.*linux_amd64-*" | cut -d : -f 2,3 | tr -d \" | wget -i - unzip aquatone* aquatone chmod +x aquatone && cp aquatone /usr/bin # FFUF curl -s https://api.github.com/repos/ffuf/ffuf/releases/latest | grep "browser_download_url.*linux_amd64.tar.gz" | cut -d : -f 2,3 | tr -d \" | wget -i - tar xzf ffuf* ffuf chmod +x ffuf mv ffuf /usr/bin/ # getallurls (gau) curl -s https://api.github.com/repos/lc/gau/releases/latest | grep "browser_download_url.*linux_amd64.tar.gz" | cut -d : -f 2,3 | tr -d \" | wget -i - tar xzf gau* gau chmod +x gau mv gau /usr/bin cd .. echo "Don't forget to install metasploit, setoolkit, hexeditor, burp suite, wireshark, etc" echo "all finished!"
You can add whatever you want to this script, and then spin up your bug bounty box with one script. I have my script set my hostname, bashrc, environment variables, download repos from git, install docker, install go, etc.
So who should you use for your VPS? I’ve used AWS, Azure, Digital Ocean, and Linode, and I find Linode to be the best. Just try them all out, and I think you’ll agree with me. AWS and Azure are both massive in size. Azure seems to take way to long to do certain tasks, so that is frustrating. The site just seems slow in general. AWS is better than Azure.
Linode is where it is at. It is quick. The interface is simpler and easier to use than all of the above, and it is cheaper than all of the above. Check it out using my referral link, if you’re interested. That link will give you a $100/60 day credit, so you don’t want to sign up without one. You can just try it out for free and see what you think.