Bug Bounty Security Tools
Browse Cybersecurity Tools in this category
24 InfoSec Tools
awesome-bugbounty-builder
by 0xJin
Awesome Bug bounty builder Project
awesome-oneliner-bugbounty
by dwisiswant0
A collection of awesome one-liner scripts especially for bug bounty tips.
burp_bug_finder
by lucsemassa
Automatic Bug finder with buprsuite
apidetector
by brinhosa
APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.
Recon-Search-Assistant
by Boopath1
A powerful and intuitive web-based search engine designed specifically for bug bounty hunters and security researchers. This tool provides quick access to various Google dorks and specialized searches to help identify potential security vulnerabilities and gather information about target domains.
urlF
by Boopath1
My script stands out by preserving the structure of duplicate URLs and handling complex query parameters, unlike standard tools that only filter alphabetically or deduplicate.
ipsourcebypass
by p0dalirius
This Python script can be used to bypass IP source restrictions using HTTP headers.
InterceptSuite
by Anof-cyber
A powerful SOCKS5 proxy based network traffic interception tool for Windows that enables TLS/SSL inspection, analysis, and manipulation at the network level.
osmedeus
by j3ssie
A Workflow Engine for Offensive Security
Gf-Patterns
by 1ndianl33t
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
snallygaster
by hannob
Tool to scan for secret files on HTTP servers
ChopChop
by michelin
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
ParamSpider
by devanshbatham
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
bbot
by blacklanternsecurity
The recursive internet scanner for hackers. 🧡
knock
by guelfoweb
Knock Subdomain Scan
shosubgo
by incogbyte
Small tool to Grab subdomains using Shodan api.
cero
by glebarez
Scrape domain names from SSL certificates of arbitrary hosts
web_app_recon_ci-cd_public
by onurcangnc
This project delivers a fully automated **Recon-as-Code** workflow for passive reconnaissance for web application environments. It combines GitHub Actions-based CI/CD automation, powerful recon tools, and a Flask-powered dashboard for visualized and authenticated access to the findings.
S3BucketMisconf
by Atharv834
S3BucketMisconf is an advanced tool designed to scan AWS S3 buckets for misconfigurations. It identifies publicly accessible buckets, checks permissions, and detects sensitive data leaks. Ideal for bug bounty hunters and pentesters, it automates the recon process and enhances cloud storage security assessment efficiently.
csprecon
by edoardottt
Discover new target domains using Content Security Policy
favirecon
by edoardottt
Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
4-ZERO-3
by Dheerajmadhukar
403/401 Bypass Methods + Bash Automation + Your Support ;)
back-me-up
by Dheerajmadhukar
This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
recox
by samhaxr
Master script for web reconnaissance