Bug Bounty Tools

BugBounty tools

Osint⌗

• Domain information whois and amass
• Emails addresses and users theHarvester and emailfinder
• Password leaks pwndb and H8mail
• Metadata finder MetaFinder
• Google Dorks dorks_hunter
• Github Dorks gitdorks_go

Subdomains⌗

• Project Discovery Subfinder
• Passive amass and github-subdomains
• Certificate transparency ctfr
• NOERROR subdomain discovery dnsx, more info here
• Bruteforce puredns
• Permutations Gotator
• JS files & Source Code Scraping gospider
• DNS Records dnsx
• Google Analytics ID AnalyticsRelationships
• TLS handshake tlsx
• Recursive search.
• Subdomains takeover nuclei
• DNS takeover dnstake
• DNS Zone Transfer dig
• Cloud checkers S3Scanner and cloud_enum

Hosts⌗

• IP info whoisxmlapi API
• WAF checker wafw00f
• Port Scanner Active with nmap and passive with smap
• Port services vulnerability checks searchsploit
• Password spraying brutespray

Webs⌗

• Web Prober httpx and unimap
• Web screenshot webscreenshot or gowitness
• Web templates scanner nuclei and nuclei geeknik
• Url extraction waybackurls, gau, gospider, github-endpoints and JSA
• URLPatterns Search and filtering urless, gf and gf-patterns
• XSS dalfox
• Open redirect Oralyzer
• SSRF headers interactsh and param values with ffuf
• CRLF crlfuzz
• Favicon Real IP fav-up
• Javascript analysis subjs, JSA, xnLinkFinder, getjswords
• Fuzzing ffuf
• Cors Corsy
• LFI Checks ffuf
• SQLi Check SQLMap
• SSTI ffuf
• CMS Scanner CMSeeK
• SSL tests testssl
• Broken Links Checker gospider
• Prototype Pollution ppfuzz
• URL sorting by extension
• Wordlist generation
• Passwords dictionary creation pydictor

Other⌗

• Notify