The first open source self-managed bug bounty platform.
Are you a company, planning to have your own bug bounty program, with minimum budget?
WE GOT YOU!
We are aware that some organizations have had difficulty establishing their own bug bounty program.
Using a third-party managed platform usually comes with a hefty price tag and security risks. (If you know, you know...)
In the other hand, creating your own self-managed platform will take time and effort to build and maintain it.
- EASY : Have your bug bounty program running with just single line of command
- SECURE : Gerobug uses email parser and network segregation to minimize security risks.
- OPEN SOURCE : It is FREE.
- Ubuntu 24.04
- vCPU 2 Core
- RAM 2 GB
- HDD 16 GB
- Gmail or Outlook Email with App password implemented
- VPN Server (Recommended for Production Server)
- Domain for HTTPS (Recommended for Production Server)
- Port 80, 443, 6320
- Python 3.x
- Docker
- Docker Compose v2
(You don't need to install anything manually, we'll do it for you!)
To deploy gerobug:
- Clone this repository
git clone https://github.com/gerobug/gerobug
cd gerobug
- Run the Setup Script:
./gerobug.sh
- Follow the setup instructions (Read the documentation for details)
- By default, Gerobug Dashboard will listen at port 6320
Access the login page at http://[Domain/IP]:6320/login
Credential
Username : geromin
Password : Randomly generated at gerobug/gerobug_dashboard/secrets/gerobug_secret.env
You can read the detailed documentation here
-
Network Segregation
All services are running on seperate containers. Public users should only able to access the static page (Rules and guidelines). -
Easy and Quick Installation
Use our run script to install Gerobug, its quick and easy! -
HTTPS Implementation
Automated HTTPS configuration using NGINX and Let's Encrypt. -
Homepage
This should be the only page accessible by public, which contains Rules and Guidelines for your bug bounty program. -
Email Parser
Bug Hunter will submit their findings by email, which Gerobug will parse, filter, and show them on dashboard. -
Auto Reply and Notification for Bug Hunters
Bug Hunter's inquiries will be automatically replied and notified if there any updates on their report. -
Notification Channel
Company will also be notified via Slack/Telegram if there any new report. -
User Management
Gerobug has a role-based user management. -
Report Management
Manage reports easily using a kanban model dashboard. -
Report Filtering and Flagging
Reports from Bug Hunter will be filtered and flagged if there are duplicate indication. -
CVSS / OWASP Risk Calculator
Gerobug has an integrated CVSS / OWASP Risk Calculator to support the bug review process. -
Email Blacklisting
Gerobug can temporarily block and release emails that conducted spam activity. -
Auto Generate Certificate
We can generate certificate of appreciations for bug hunters so you don't have to ;) -
Personalization
You can customize Gerobug to fit your brand colors -
Logging and Log Rotation
Gerobug have internal audit log with log rotation enabled -
Hall of Fame / Wall of fame / Leaderboard
Yeah we have it too
If you have any feedback, please reach out to us at gerobug.id@gmail.com