loading
Loading content
loading
The Inventory 3.0 workflow monitors assets and maps the attack surface of more than 800 public bug bounty programs.

Nenad Zaric · Co Founder & CEO
In the world of bug bounty hunting and enterprise security, understanding and managing your attack surface can be the difference between finding a bug or missing it entirely. Keeping a constant eye on your assets ensures that no security vulnerabilities slip through the cracks. This is where Inventory 3.0 takes center stage. It's a straightforward, effective workflow > dataset for your bug hunting and red team arsenal, designed to simplify and enhance your approach to public bug bounty programs and your enterprise exposure.
The Inventory 3.0 workflow is designed to monitor over 800 companies for new assets and streamline the asset management of public bug bounty programs. Its primary purpose is to aid bug bounty hunters in getting up to speed with new programs while offering security teams enhanced visibility into their assets. By reducing the noise and load that automated tools often generate, this project aims to provide a holistic, efficient, and comprehensive approach to attack surface management.
The main parts of this dataset are the DNS Records and Web Servers of particular companies.
It consists of two primary workflows: Inventory 3.0 - Targets, and Inventory 3.0. These workflows are designed to offer an organized view of bug bounty program data and facilitate its efficient management. Let's dive deeper to better understand their unique components.
The first part of the workflow streamlines the collection and organization of bug bounty program data from multiple sources.
python scripts. This ensures that the data is formatted consistently, facilitating easier analysis.community.json file are incorporated into the workflow, enhancing the diversity and coverage of the dataset.targets.json, containing all the merged bug bounty program data. This serves as a centralized resource for bug bounty researchers.Inventory 3.0 consists of several stages, each building on the data gathered from the previous stage, ultimately creating a thorough inventory of your target domains and subdomains.
The first step in the workflow starts with identifying the domains that need to be tracked. These domains get extracted from a JSON file, named targets.json. The file contains the list of all companies with their respective domains that will be analyzed.
The file-splitter node you saw in previous section is really important. That is the node that is being propagated to all of the tools in the workflow making it completely distributed and paralelized. This approach helps us to push the results to repository as soon as they are finished, and other machines picking up all of the jobs as they come.
This is also why we call our platform hyperscalable. More machines = faster execution.
Following the identification of targets and domains, the workflow goes to passive enumeration. Data is gathered from a multitude of sources, which provide a wide range of potential subdomains. The tools employed in this process include the following:
In the next step, the passive enumeration data is used to create a new brute-force wordlist. And it consists in two parts:
The results of the active and passive enumeration are merged, and the workflow extracts environments per subdomain level. It uses alterx to generate permutations and resolve these with puredns.
In this step, the workflow utilizes a Python script to fetch all of the previous hostnames.txt. It then uses anew to extract the new hostnames found and zip active, passive, and permutation results per program for repository storage.
In the last part of the workflow, the workflow uses dnsx to resolve the found hostnames and a python script to generate a dns-report.csv. The newly found domains are marked with [x]. It also uses httpx to gather information on web servers and generate a server-report.csv. These reports are then finally pushed to the repository.
We welcome contributions from the community, as in all our projects. Whether you have ideas, suggestions, or wish to add/edit a target/workflow, we encourage you to participate. You can help by sending a PR with new targets through the community.json file, tweeting at @trick3st, or joining the conversation on our Discord channel.
Inventory 3.0 is more than just a resource; it's a dynamic and evolving workflow for better attack surface management. With its emphasis on comprehensive monitoring and efficient handling of bug bounty programs, it represents a significant step forward in cybersecurity. By facilitating an in-depth understanding of your assets and providing actionable insights, this project is a must-have for any security team looking to bolster their cybersecurity defense.
At Trickest, we believe in the power of innovation and customization. We encourage you to talk with our team in Trickest and customize this workflow to your use case. Explore more pre-built workflows from the rich Library, or better yet, create your own from scratch!
Cybersecurity is not just about responding to threats—it's about proactive monitoring, understanding your attack surface, and taking steps to secure your assets before others can exploit them. This workflow with in-depth monitoring and wide-ranging insights, is the perfect tool to help you do just that. Whether you're a bug bounty hunter, a member of a security team, or just interested in cybersecurity, we offer tools, insights, and resources to help you step up your cybersecurity game.
This project stands as a testament to the power of community-driven development in cybersecurity. Its mission to streamline public bug bounty programs and improve attack surface management represents a forward-thinking approach to cybersecurity and one that will hopefully inspire similar initiatives in the future.
Get a personalized demo
A 30-minute walkthrough. We map the platform to your stack and answer pricing and deployment questions for your environment.