Bug Bounty Security Tools
Browse Cybersecurity Tools in this category
24 InfoSec Tools
jwtauditor
by dr34mhacks
JWT Auditor – Analyze, break, and understand your tokens like a pro.
xurlfind3r
by hueristiq
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.
Nuclei-AI-Prompts
by reewardius
Nuclei-AI-Prompts
BugBountyScanner
by chvancooten
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
unfurl
by tomnomnom
Pull out bits of URLs provided on stdin
http-request-smuggling
by anshumanpattnaik
HTTP Request Smuggling Detection Tool
clairvoyance
by nikitastupin
Obtain GraphQL API schema even if the introspection is disabled
ZoomeyeSearch
by RevoltSecurities
A powerful CLI tool that uses ZoomEye to search exposed services, gather intelligence, and automate reconnaissance.
NucleiPrompt
by AryaSec1337
Nuclei Prompt Scanner adalah tools berbasis Python yang memanfaatkan Nuclei dan AI Prompting untuk melakukan pemindaian kerentanan pada web target berdasarkan kategori OWASP dan lainnya, dengan antarmuka interaktif berbasis CLI (command-line).
altdns
by infosec-au
Generates permutations, alterations and mutations of subdomains and then resolves them
awesome-bugbounty-builder
by 0xJin
Awesome Bug bounty builder Project
awesome-oneliner-bugbounty
by dwisiswant0
A collection of awesome one-liner scripts especially for bug bounty tips.
burp_bug_finder
by lucsemassa
Automatic Bug finder with buprsuite
apidetector
by brinhosa
APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.
Recon-Search-Assistant
by Boopath1
A powerful and intuitive web-based search engine designed specifically for bug bounty hunters and security researchers. This tool provides quick access to various Google dorks and specialized searches to help identify potential security vulnerabilities and gather information about target domains.
urlF
by Boopath1
My script stands out by preserving the structure of duplicate URLs and handling complex query parameters, unlike standard tools that only filter alphabetically or deduplicate.
ipsourcebypass
by p0dalirius
This Python script can be used to bypass IP source restrictions using HTTP headers.
InterceptSuite
by Anof-cyber
A powerful SOCKS5 proxy based network traffic interception tool for Windows that enables TLS/SSL inspection, analysis, and manipulation at the network level.
osmedeus
by j3ssie
A Workflow Engine for Offensive Security
Gf-Patterns
by 1ndianl33t
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
snallygaster
by hannob
Tool to scan for secret files on HTTP servers
ChopChop
by michelin
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
ParamSpider
by devanshbatham
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
bbot
by blacklanternsecurity
The recursive internet scanner for hackers. 🧡