You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OPENAI_API_KEY=sk-xxxxxxxxxxxxxxxx
GROQ_API_URL=https://api.groq.com/openai/v1/chat/completions
GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxx
---
##🚀 First Launch Plan###1️⃣ Install Base Tools
brew install subfinder httpx nuclei dirsearch
pip install selenium requests python-dotenv
2️⃣ Install LLM Tools
Groq API:
1. Create free account: https://console.groq.com
2. Copy your API key
Ollama (Local LLM):
curl -fsSL https://ollama.com/install.sh | sh
ollama run deepseek-coder:33b
3️⃣ Clone Repository
git clone <REPO_URL>cd<REPO_NAME>
4️⃣ Setup Environment
Create .env in the root directory with API keys
Ensure Python dependencies installed (pip install -r requirements.txt)
5️⃣ Run Initial Recon Test
python recon_bot.py -d hackerone.com
6️⃣ Review Results
live.txt → Live hosts discovered
nuclei-findings.txt → Vulnerabilities found
classified.txt → Assets classified by AI
✅ System ready for integration with AI Analyzer, Exploit Generator, and Reporting Engine.
---
🔧 Notes
Ensure your .env is never pushed to public repos
Start with small, legal targets (like your own lab or authorized bug bounty targets)
All modules are modular, so you can test each phase independently
---
📌 Future Modules
AI Vulnerability Analyzer → LLM-based prediction & prioritization
Exploit Generator → Auto-PoC & validation
Auto-Reporting → Markdown → PDF + CVSS scoring
Pipeline Automation → Cron or Airflow for full chain execution
---
🧠 Learning & Contribution
Read the docs for each tool (subfinder, nuclei, dirsearch)
Familiarize with OpenAI / Groq APIs for AI integration
Contribute to modules independently — modular design ensures easy scaling
---
I can also create a **fully functional `recon_bot.py`** next with:
- Subdomain scanning (`subfinder`)
- Live host detection (`httpx`)
- Nuclei vulnerability scanning
- Smart AI classification + Groq/OpenAI prompt builder
About
EXBOW‑Lite is an autonomous AI-powered bug-hunting tool that automates the full bug bounty workflow: Recon → AI analysis → Exploitation → Reporting. It integrates LLMs, subdomain discovery, vulnerability scanning, and automated reporting, enabling ethical hackers to efficiently find and document bugs.