Your Bug Bounty ToolKit
We have hand picked some tools below which we believe will be useful for your hunt. All of the them together should be enough to help you gather large amounts of data, enough to hopefully find at least one bug! New tools come out all the time and we will do our best to keep updating this list. Be sure to check each creator out on GitHub & show your support!
Burp Suite by PortSwigger is used for monitoring requests from your computer & websites. PortSwigger offer a free community edition and also a PRO edition, which also gives you access to extensions. The community edition works fine for those just starting out in bug bounties however the extensions that come with PRO definitely do make your life a lot easier. If you can upgrade, it's recommended. This is the most used tool when conducting website security testing.
An alternative to Burp Suite is Fiddler by Telerik. Fiddler does everything Burp can do and even has extensions.
GetJS by 003random
GetJS will take a list of domains and extract any .js files found on each domain. This is useful if you want to sort through lots of .js files for new urls/endpoints on a mass scale.
GoLinkFinder by 0xsha
GoLinkFinder will extract URLs and endpoints from JS files from a list of urls you provide.
WayBackUrls by mhmdiaa
WayBackRobots by mhmdiaa
WayBackRobots — Lots of companies list endpoints in /robots.txt and this changes overtime. Who's got it all archived? WayBackMachine! WayBackRobots will extract as much robots.txt information as possible from years ago for your chosen domain. Very useful for finding old endpoints which may still work!
MassDNS by blechschmidt
MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers.
Alternative subdomain scanners
There are a lot of alternative subdomain scanners such as:
Subdomain Discovery Services
There are a variety of services available to provide you with recon data. Some of the data is free and some require a membership, although if you follow them each on twitter they often post free trials to test their services!
- Spyse Cybersecurity Search Engine Membership
Make sure to check out Chaos which is a collection of internet wide asset data. Free
- https://recon.dev Membership
codingo has a great video on How to master FFUF for Bug bounties and Pen testing and InsiderPHD also has a video titled, How to use ffuf - Hacker toolbox. Be sure to check both out so you can learn how to use FFuF to it's true potential (because trust me, you want to!).
Other helpful tools / scripts
- XSSHunter: XSSHunter
- SQLMap: http://sqlmap.org/
- XXEInjector: XXEinjector
- SSRFDetector: ssrfDetector
- GitTools: GitTools
- gitallsecrets: git-all-secrets
- nmap: https://nmap.org/
- RaceTheWeb: Race The Web
- CORStest: CORStest
- EyeWitness: EyeWitness
- parameth: parameth
Have we missed a tool? Want to add yours? Email us - [email protected]