Componentpedia / Listings / bbrf

Last update: 03/04/2026

bbrf

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

Latest version: 1.3.2 registry icon
Maintenance score
11
Safety score
100
Popularity score
15
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
De-risk your app now
Security
  Vulnerabilities
Version Suggest Low Medium High Critical
1.3.2 0 0 0 0 0
1.3.1 0 0 0 0 0
1.3.0 0 0 0 0 0
1.2.2 0 0 0 0 0
1.2.1 0 0 0 0 0
1.2 0 0 0 0 0
1.1.15 0 0 0 0 0
1.1.14 0 0 0 0 0
1.1.13 0 0 0 0 0
1.1.12 0 0 0 0 0
1.1.11 0 0 0 0 0
1.1.10 0 0 0 0 0
1.1.9 0 0 0 0 0
1.1.8 0 0 0 0 0
1.1.7 0 0 0 0 0
1.1.6 0 0 0 0 0
1.1.5 0 0 0 0 0
1.1.4 0 0 0 0 0
1.1.3 0 0 0 0 0
1.1.2 0 0 0 0 0
1.1.1 0 0 0 0 0
1.1.0 0 0 0 0 0
1.0.10 0 0 0 0 0
1.0.8 0 0 0 0 0
1.0.6 0 0 0 0 0

Stability
Latest release:

1.3.2 - This version may not be safe as it has not been updated for a long time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT   -   MIT License

Not a wildcard

Not proprietary

OSI Compliant

Mastodon BlueSky

Introduction

The Bug Bounty Reconnaissance Framework (BBRF) is intended to facilitate the workflows of security researchers across multiple devices. This repository contains the source files to deploy a BBRF server.

For more information about BBRF, read the blog post on https://honoki.net/2020/10/08/introducing-bbrf-yet-another-bug-bounty-reconnaissance-framework/

Once you have deployed a BBRF server, move on to install the BBRF client here

Installation

Start by cloning this repository:

git clone https://github.com/honoki/bbrf-server/
cd bbrf-server

⚠️ IMPORTANT: Change the default passwords!

Edit the docker-compose.yml file and replace the default passwords:

  • COUCHDB_PASSWORD=admin - Change this to a strong password
  • BBRF_PASSWORD=bbrf - Change this to a strong password

Build and start the containers:

sudo docker compose up -d

Note that this will expose port 443 (https) on your BBRF server to the internet. Docker Compose generates a self-signed certificate for the reverse proxy which it persists to the volume ./keys/. You can replace them with a valid certificate if you want to avoid certificate warnings, see the instructions below.

Verify your installation by browsing to https://127.0.0.1/_utils/#database/bbrf/_all_docs

Generate certificate with Letsencrypt

To configure your BBRF server with a valid certificate, it suffices to generate the cert files with certbot and place them in the keys directory. The keys will be picked up when you next start the containers.

The following steps should get you up and running:

  1. Ensure you have a domain name pointed to your BBRF server;
  2. If you are still in docker-compose, stop the containers with ctrl+C;
  3. Install certbot: sudo apt install certbot
  4. If necessary, allow HTTP traffic e.g: ufw allow 80/tcp
  5. Run certbot -d yourdomain.com certonly and follow the steps;
  6. Copy the generated certificate files to the keys volume: cp /etc/letsencrypt/live/yourdomain.com/{fullchain.pem,privkey.pem} ./proxy/keys/
  7. Restart your containers: sudo docker compose up -d

Browse to https://yourdomain.com/_utils/#database/bbrf/_all_docs to validate the setup.

See also