Bug Bounty Security Tools

jxscout superpowers JavaScript analysis for security researchers

An MCP server implementation

bash script for Subdomain Enumeration

declutters url lists for crawling/pentesting

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

A python script that finds endpoints in JavaScript files

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery and security assessments.

This script is intended to automate your reconnaissance process in an organized fashion

Find domains and subdomains related to a given domain

Fast subdomains enumeration tool for penetration testers

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

A tool to check a bunch of URLs that contain reflecting params.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Jeeves SQLI Finder

Find secrets with Gitleaks 🔑

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

A next-generation crawling and spidering framework.

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

CRLF and open redirect fuzzer

CORS Misconfiguration Scanner

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Fast passive subdomain enumeration tool.