MCPcopy Index your code
hub / github.com/R-s0n/ars0n-framework-v2

github.com/R-s0n/ars0n-framework-v2 @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
2,059 symbols 3,896 edges 260 files 118 documented · 6%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Ars0n Framework v2

AboutDownload & InstallUpdatingGetting StartedWorkflowsTroubleshootingFAQsYouTubeLinkedIn

<em>🚨 Pre-Alpha Release Out now!!  Beta Launch @ DEFCON 33 Bug Bounty Hunting Village!!! 🚨</em>

My full bug bounty hunting methodology built into a single framework! Automate the most common bug bounty hunting workflows and Earn While You Learn!

Watch This Video First                                    Watch This Video Second

Youtube Thumbnail            Youtube Thumbnail

This framework will help you grow as much as my hair did between these videos 😉

The goal of this tool is to eliminate the barrier of entry for bug bounty hunting. My hope is that someone can pick up this tool and start hunting on day one of their AppSec journey 🚀

🤠 Did you know that over 95% of scientists believe there is a direct correlation between the amount of coffee I drink and how quickly I can build new features? Crazy, right?! Well, now you can test their hypothesis and Buy Me a Coffee through this fancy button!! 🤯 Buy Me A Coffee

About

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built these scripts into an open-source framework that helped thousands of people around the world begin their bug bounty hunting journey.

However, the first implementation of the framework had a wide range of issues. The majority of the problems were a result of the tool never being designed with the intent of being shared as an open-source project. So I got to work on a version 2 that would solve these problems and bring my vision to life!

screenshot of framework

The Ars0n Framework V2 is designed to be a tool that allows people to start REAL bug bounty hunting against actual targets on day one! The framework acts as a wrapper around 20+ widely used bug bounty hunting tools and a clever UI design forces the user into a correct hunting methodology. It is literally impossible to use this tool without going through rs0n's process!

The results of each tool are stored in a central database and can be used for understanding/visualizing the target company's attack surface. Each section also includes a "Help Me Learn!" dropdown that includes a lession plan to help the user understand what part of the methodology they are at, what they are trying to acheive, and most importantly the "Why?" behind it.

My hope is that this modular framework will act as a canvas to help share what I've learned over my career to the next generation of Security Engineers! Trust me, we need all the help we can get!!

Pre-Alpha Demo Videos

Youtube Thumbnail            Youtube Thumbnail

The Ars0n Framework v2 Includes All These Tools And More!

<a href="https://github.com/owasp-amass/amass">Amass</a> - Advanced attack surface mapping and asset discovery tool for security research


<a href="https://github.com/projectdiscovery/subfinder">Subfinder</a> - Fast and reliable subdomain enumeration tool with multiple data sources


<a href="https://github.com/aboul3la/Sublist3r">Sublist3r</a> - Fast subdomain enumeration tool using various search engines and data sources


<a href="https://github.com/tomnomnom/assetfinder">Assetfinder</a> - Find assets related to a domain using various data sources and APIs


<a href="https://github.com/projectdiscovery/httpx">Httpx</a> - Fast and multi-purpose HTTP toolkit for web reconnaissance and scanning


<a href="https://github.com/jaeles-project/gospider">GoSpider</a> - Fast web spider written in Go for crawling and extracting URLs


<a href="https://github.com/nsonaniya2010/SubDomainizer">Subdomainizer</a> - Advanced subdomain enumeration tool with multiple discovery methods


<a href="https://github.com/digininja/CeWL">CeWL</a> - Custom word list generator that spiders websites to create targeted wordlists


<a href="https://github.com/projectdiscovery/shuffledns">ShuffleDNS</a> - Mass DNS resolver with wildcard filtering and validation capabilities


<a href="https://github.com/projectdiscovery/nuclei">Nuclei</a> - Fast and customizable vulnerability scanner with extensive template library


<a href="https://github.com/projectdiscovery/katana">Katana</a> - Fast and powerful web crawler for discovering hidden endpoints and content


<a href="https://github.com/ffuf/ffuf">FFuf</a> - Fast web fuzzer with support for multiple protocols and advanced filtering


<a href="https://github.com/lc/gau">GAU</a> - Get All URLs tool that fetches known URLs from various historical data sources


<a href="https://github.com/pdiscoveryio/ctl">CTL</a> - Certificate Transparency Log tool for discovering subdomains from SSL certificates


<a href="https://github.com/projectdiscovery/dnsx">DNSx</a> - Fast and multi-purpose DNS toolkit for running multiple DNS queries


<a href="https://github.com/initstring/cloud_enum">Cloud Enum</a> - Multi-cloud OSINT tool for enumerating public resources in AWS, Azure, and Google Cloud


<a href="https://github.com/j3ssie/metabigor">Metabigor</a> - OSINT tool for network intelligence gathering including ASN and IP range discovery


<a href="https://github.com/gwen001/github-search">GitHub Recon</a> - GitHub reconnaissance tool for discovering organization mentions and domain patterns


<a href="https://github.com/projectdiscovery/naabu">Naabu</a> - Fast port scanner for discovering open ports and services


<a href="https://github.com/whoxy/whoxy">Reverse Whois</a> - Reverse WHOIS lookup using Whoxy to find domains registered by the same entity


<a href="https://securitytrails.com">SecurityTrails</a> - Comprehensive DNS, domain, and IP data provider for digital asset discovery


<a href="https://censys.io">Censys</a> - Internet-wide scanning platform for discovering and monitoring assets


<a href="https://shodan.io">Shodan</a> - Search engine for internet-connected devices and services

Download And Install

This framework consists of 20+ Docker containers along w/ a Docker Compose Manifest to automate the process of deploying these containers.

  1. Download the Zip File for the latest release
  2. Unzip the files
  3. Navigate to the directory with the docker-compose.yml file
  4. Run docker-compose up --build
  5. Access the framework at http://localhost (or http://<server-ip> from other machines)

HINT: If you get a docker error, the problem is probably w/ docker, not my framework

Windows

Step 1: Download the framework

Invoke-WebRequest -Uri "https://github.com/R-s0n/ars0n-framework-v2/releases/download/beta-0.0.7/ars0n-framework-v2-beta-0.0.7.zip" -OutFile "ars0n-framework-v2-beta-0.0.7.zip"

Step 2: Extract the zip file

Expand-Archive -Path "ars0n-framework-v2-beta-0.0.7.zip" -DestinationPath "."

Step 3: Navigate to the framework directory

cd ars0n-framework-v2

Step 4: Start the framework

docker-compose up --build

Step 5: Access the framework at http://localhost

Mac

Step 1: Download the framework

curl -L -o ars0n-framework-v2-beta-0.0.7.zip "https://github.com/R-s0n/ars0n-framework-v2/releases/download/beta-0.0.7/ars0n-framework-v2-beta-0.0.7.zip"

Step 2: Extract the zip file

unzip ars0n-framework-v2-beta-0.0.7.zip

Step 3: Navigate to the framework directory

cd ars0n-framework-v2

Step 4: Start the framework

docker-compose up --build

Step 5: Access the framework at http://localhost

Linux

Step 1: Download the framework

wget "https://github.com/R-s0n/ars0n-framework-v2/releases/download/beta-0.0.7/ars0n-framework-v2-beta-0.0.7.zip"

Step 2: Extract the zip file

unzip ars0n-framework-v2-beta-0.0.7.zip

Step 3: Navigate to the framework directory

cd ars0n-framework-v2

Step 4: Start the framework

docker-compose up --build

Step 5: Access the framework at http://localhost

Updating

The framework includes update scripts that will bring you to the latest version from any previous version. Your scan data, API keys, and settings are stored in Docker volumes and will be preserved automatically.

Windows

powershell -ExecutionPolicy Bypass -File update.ps1

Mac / Linux

chmod +x update.sh
./update.sh

What the update does

  1. Stops the running containers (your data in Docker volumes is safe)
  2. Backs up your docker-compose.yml and wordlists in case you customized them
  3. Pulls the latest release code via git
  4. Rebuilds all containers with the new code
  5. Starts the framework — the database schema is automatically migrated on startup

Note: If you downloaded the framework as a zip file, the update script will initialize a git repository for you automatically. Future updates will be faster since git only downloads what changed.

Getting Started

Once you have the Ars0n Framework v2 running, you'll be presented with a welcome screen that offers several options to begin your bug bounty hunting journey. Here's how to get started:

Option 1: Create a New Scope Target

Best for: Starting fresh reconnaissance on a new target

  1. Choose Target Type:
  2. Company: Any asset owned by an organization (e.g., "Google")
  3. Wildcard: Any subdomain under the root domain (e.g., "*.google.com")
  4. URL: Specific attack vector targeting a single domain (e.g., "https://hackme.google.com")

  5. Enter Target Information:

  6. For Company targets: Enter the company name
  7. For Wildcard targets: Enter the wildcard domain pattern
  8. For URL targets: Enter the specific URL

  9. Begin Reconnaissance:

  10. The framework will automatically start gathering intelligence about your target
  11. You can then run individual tools or use the Auto Scan feature

Option 2: Import Existing Scan Data

Best for: Learning from pre-scanned data or resuming previous sessions

Import from File:

  1. Download a .rs0n file (like those available in the scan data repository)
  2. Click "Import Scan Data" in the welcome screen
  3. Select "Upload File" and choose your .rs0n file
  4. The framework will import all scope targets and associated scan results

Import from URL:

  1. Click "Import Scan Data" in the welcome screen
  2. Select "Import from URL"
  3. Enter the raw GitHub URL of a .rs0n file: https://github.com/R-s0n/ars0n-framework-v2-scan-data/raw/refs/heads/main/Grammarly/rs0n-export-2025-07-27T18-19-17.rs0n
  4. The framework will download and import the data automatically

Option 3: Use Pre-Scanned Data for Learning

Best for: Understanding the bug bounty hunting process without running scans

The Ars0n Framework v2 Scan Data Repository contains real-world scan data that you can import to learn:

  • Subdomain Discovery: How various tools find subdomains and assets
  • Vulnerability Assessment: Common security issues and how they're identified
  • Attack Surface Mapping: Understanding an organization's digital footprint
  • Reconnaissance Methodology: The systematic approach to bug bounty hunting

Workflows

The Ars0n Framework v2 supports three distinct workflows, each designed for different reconnaissance scenarios and objectives. Each workflow follows rs0n's proven bug bounty methodology and automatically guides users through the correct sequence of tools and techniques.

Company Workflow

Objective: Discover and map all digital assets owned by an organization to build a comprehensive attack surface for security testing.

Core symbols most depended-on inside this repo

nullStringToString
called by 330
server/utils/amassUtils.go
debugTrace
called by 116
client/src/utils/wildcardAutoScan.js
Write
called by 72
server/utils/nucleiUtils.go
query
called by 72
docker/mcp-server/src/db.js
handleClose
called by 32
client/src/App.js
updateAutoScanState
called by 31
client/src/utils/wildcardAutoScan.js
addFileToZip
called by 26
server/utils/export.go
apiPost
called by 25
docker/mcp-server/src/api.js

Shape

Function 1,892
Struct 135
Method 25
Route 4
Class 3

Languages

TypeScript61%
Go38%
Python1%

Modules by API surface

client/src/App.js338 symbols
server/main.go64 symbols
server/utils/urlScanUtils.go63 symbols
client/src/modals/NucleiConfigModal.js38 symbols
server/utils/export.go35 symbols
server/utils/companyDomainManager.go32 symbols
server/utils/subdomainScrapingUtils.go30 symbols
server/utils/amassUtils.go29 symbols
server/utils/metabigorCompanyUtils.go28 symbols
server/utils/metaDataUtils.go28 symbols
server/utils/ipPortScanUtils.go28 symbols
server/utils/endpointInvestigationUtils.go26 symbols

Datastores touched

ars0nDatabase · 1 repos
(mongodb)Database · 1 repos

For agents

$ claude mcp add ars0n-framework-v2 \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact