Bug Bounty Security Tools

Browse Cybersecurity Tools in this category

24 InfoSec Tools

ipsourcebypass

ipsourcebypass

by p0dalirius

This Python script can be used to bypass IP source restrictions using HTTP headers.

bugbounty bypass headers
Jun 01, 2025
InterceptSuite

InterceptSuite

by Anof-cyber

A powerful SOCKS5 proxy based network traffic interception tool for Windows that enables TLS/SSL inspection, analysis, and manipulation at the network level.

cybersecurity interceptor network-analysis
Jun 01, 2025
osmedeus

osmedeus

by j3ssie

A Workflow Engine for Offensive Security

attack-surface attack-surface-management bug-bounty
Jun 01, 2025
Gf-Patterns

Gf-Patterns

by 1ndianl33t

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

security tool
Jun 01, 2025
snallygaster

snallygaster

by hannob

Tool to scan for secret files on HTTP servers

security tool
Jun 01, 2025
ChopChop

ChopChop

by michelin

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

devsecops scanning security
Jun 01, 2025
ParamSpider

ParamSpider

by devanshbatham

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

bugbounty content-discovery fuzzing
Jun 01, 2025
bbot

bbot

by blacklanternsecurity

The recursive internet scanner for hackers. 🧡

asm attack-surface-management automation
May 31, 2025
knock

knock

by guelfoweb

Knock Subdomain Scan

security tool
May 31, 2025
shosubgo

shosubgo

by incogbyte

Small tool to Grab subdomains using Shodan api.

golang grab-subdomains shodan
May 31, 2025
cero

cero

by glebarez

Scrape domain names from SSL certificates of arbitrary hosts

domain-names recon scrape
May 31, 2025
web_app_recon_ci-cd_public

web_app_recon_ci-cd_public

by onurcangnc

This project delivers a fully automated **Recon-as-Code** workflow for passive reconnaissance for web application environments. It combines GitHub Actions-based CI/CD automation, powerful recon tools, and a Flask-powered dashboard for visualized and authenticated access to the findings.

security
May 31, 2025
S3BucketMisconf

S3BucketMisconf

by Atharv834

S3BucketMisconf is an advanced tool designed to scan AWS S3 buckets for misconfigurations. It identifies publicly accessible buckets, checks permissions, and detects sensitive data leaks. Ideal for bug bounty hunters and pentesters, it automates the recon process and enhances cloud storage security assessment efficiently.

security
May 31, 2025
csprecon

csprecon

by edoardottt

Discover new target domains using Content Security Policy

bounty-hunting bugbounty bugbounty-tool
May 31, 2025
favirecon

favirecon

by edoardottt

Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

bug-bounty bugbounty favicon
May 31, 2025
4-ZERO-3

4-ZERO-3

by Dheerajmadhukar

403/401 Bypass Methods + Bash Automation + Your Support ;)

security tool
May 31, 2025
back-me-up

back-me-up

by Dheerajmadhukar

This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.

security tool
May 31, 2025
recox

recox

by samhaxr

Master script for web reconnaissance

security tool
May 31, 2025
socialhunter

socialhunter

by utkusen

crawls the website and finds broken social media links that can be hijacked

bug-bounty bugbounty osint
May 31, 2025
hades

hades

by joelindra

Automate your hacking

security
May 31, 2025
jxscout

jxscout

by francisconeves97

jxscout superpowers JavaScript analysis for security researchers

security tool
May 28, 2025
aem-hacker

aem-hacker

by 0ang3el

An MCP server implementation

security tool
May 27, 2025
SubEnum

SubEnum

by bing0o

bash script for Subdomain Enumeration

security tool
May 27, 2025
uro

uro

by s0md3v

declutters url lists for crawling/pentesting

security tool
May 26, 2025