Initial Access

Accessing the Homepage

Homepage: https://[Your Gerobug Domain]/

The homepage should be the only page that is needed and accessible by the Bug Hunter. They can read and get to know about the bug bounty program rules and guidelines, access the hall of fame, and get comprehensive instructions on how to submit or follow up on their report(s).

Rules and Guidelines Page
Hall of Fame Page
Submission Guidelines Page

Accessing the Dashboard

Dashboard Login Page: https://[Your Gerobug Domain]:6320/login

If you chose YES on having a VPN Server within the installation process, the Gerobug dashboard will not accessible by public

You need to connect to your VPN Server on the same network of Gerobug Server to access the dashboard.

IMPORTANT If you still receive 403 Forbidden even after using the VPN, you should add

[INTERNAL IP] [GEROBUG DOMAIN]

at /etc/hosts (Linux / MacOS) or C:\Windows\System32\drivers\etc\hosts (Windows) on your local computer before accessing the dashboard.

For example, adding this line to /etc/hosts 10.0.0.1 demo.gerobug.com

Why tho? Because Gerobug Dashboard only accepts connection from internal IP, so we need to define on our host file to connect using our VPN internal IP instead of public IP or you can simply access Gerobug Dashboard from https://[INTERNAL IP]:6320/login (But the HTTPS won't work since it requires a Domain instead of IP Address)

Gerobug Dashboard Login Page

Default Admin Credentials

Username: geromin

Password will be randomly generated, check it on the initiation log

Password on the Initiation Log

or check the password manually:

cat gerobug/gerobug_dashboard/secrets/gerobug_secret.env

This will be the main dashboard where reports will be shown as Kanban Board.

Gerobug Dashboard

’Bounty Preparation’ column contains both ‘Bounty Calculation’ and ‘Bounty in Process’

In this current version, you cannot add or remove columns

Forgot Password

Forgot Password Page
Sample Forgot Password Email

Forgot password functionality allows users to reset their password if they have forgotten it. This is accomplished by having the user enter their email address or username associated with the account, then sending them a link or code to reset their password. The link or code is sent via email. Once the user has clicked the link or entered the code, they will be prompted to create a new password. This process is designed to ensure that only the rightful owner of the account can reset the password.

Keep in mind that this feature will only work properly after the mailbox being setup.

PreviousInstallation & DeploymentNextSettings

Last updated