Burp Suite

Burp Suite by PortSwigger is used for monitoring requests from your computer & websites. PortSwigger offer a free community edition and also a PRO edition, which also gives you access to extensions. The community edition works fine for those just starting out in bug bounties however the extensions that come with PRO definitely do make your life a lot easier. If you can upgrade, it's recommended. This is the most used tool when conducting website security testing.

An alternative to Burp Suite is Fiddler by Telerik. Fiddler does everything Burp can do and even has extensions.

GetJS by 003random

GetJS will take a list of domains and extract any .js files found on each domain. This is useful if you want to sort through lots of .js files for new urls/endpoints on a mass scale.

GoLinkFinder by 0xsha

GoLinkFinder will extract URLs and endpoints from JS files from a list of urls you provide.


getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain. Inspired by Tomnomnom's waybackurls.

WayBackUrls by mhmdiaa

WayBackUrls will extract urls archived by WayBackMachine for the domain you input. An alternative in GO is TomNomNom's WayBackUrls

WayBackRobots by mhmdiaa

WayBackRobots — Lots of companies list endpoints in /robots.txt and this changes overtime. Who's got it all archived? WayBackMachine! WayBackRobots will extract as much robots.txt information as possible from years ago for your chosen domain. Very useful for finding old endpoints which may still work!

MassDNS by blechschmidt

MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers.

Alternative subdomain scanners

There are a lot of alternative subdomain scanners such as:

Subdomain Discovery Services

There are a variety of services available to provide you with recon data. Some of the data is free and some require a membership, although if you follow them each on twitter they often post free trials to test their services!


Fuzz Faster U Fool! Let the GitHub repo do the talking: FFuF. An alternative to FFuF is wfuzz - WFUZZ

codingo has a great video on How to master FFUF for Bug bounties and Pen testing and InsiderPHD also has a video titled, How to use ffuf - Hacker toolbox. Be sure to check both out so you can learn how to use FFuF to it's true potential (because trust me, you want to!).


Other helpful tools / scripts