{"id":21179573,"url":"https://github.com/mamad4ever/bug-bounty-tools","last_synced_at":"2026-03-27T02:40:43.719Z","repository":{"id":263205350,"uuid":"866877563","full_name":"MaMad4Ever/Bug-Bounty-Tools","owner":"MaMad4Ever","description":"A list of resources for those interested in getting started in bug bounties","archived":false,"fork":false,"pushed_at":"2025-11-30T03:25:54.000Z","size":221,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-01T04:22:36.896Z","etag":null,"topics":["bug-bounty","bug-bounty-tools","bugbounty","cybersecurity","hunter","pentest-tool"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MaMad4Ever.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-03T03:26:47.000Z","updated_at":"2025-11-30T03:25:57.000Z","dependencies_parsed_at":"2024-12-24T05:21:24.290Z","dependency_job_id":"b00f8264-a739-4b73-8b08-4fa1b107e5ce","html_url":"https://github.com/MaMad4Ever/Bug-Bounty-Tools","commit_stats":null,"previous_names":["mamad4ever/bug-bounty-tools"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MaMad4Ever/Bug-Bounty-Tools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaMad4Ever%2FBug-Bounty-Tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaMad4Ever%2FBug-Bounty-Tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaMad4Ever%2FBug-Bounty-Tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaMad4Ever%2FBug-Bounty-Tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MaMad4Ever","download_url":"https://codeload.github.com/MaMad4Ever/Bug-Bounty-Tools/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaMad4Ever%2FBug-Bounty-Tools/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31011279,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-27T02:33:22.146Z","status":"ssl_error","status_checked_at":"2026-03-27T02:33:21.763Z","response_time":164,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bug-bounty-tools","bugbounty","cybersecurity","hunter","pentest-tool"],"created_at":"2024-11-20T17:32:20.827Z","updated_at":"2026-03-27T02:40:43.693Z","avatar_url":"https://github.com/MaMad4Ever.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"### 📌 Note: Tools Don’t Make the Hacker — But The Right Tools Can Help\n\n\n# Tools-for-Bug-Hunters\nHere you can find links to a bunch of useful tools for Bug Bounty Hunting.\n\n### Proxy \u0026 Network Sniffer\n| Name \t| Description \t|\n|------\t|-------------\t|\n|[Burp Suite](https://portswigger.net/burp)|A Proxy to intercept and manipulate Web Traffic (free \u0026 paid version).\n|[Caido](https://caido.io/)|A lightweight web security auditing toolkit.\n|[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).\n|[Wireshark](https://www.wireshark.org)|Wireshark is a network protocol analyzer that lets you capture and read network packets.\n\n\n### Subdomain Enumeration and DNS Resolver\n| Name \t| Description \t|\n|------\t|-------------  |\n|[Crobat](https://github.com/Cgboal/SonarSearch)|A rapid API for the Project Sonar dataset|\n|[Chaos Client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DB API.|\n|[MassDNS](https://github.com/blechschmidt/massdns)|A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)|\n|[Amass](https://github.com/OWASP/Amass)|Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options.|\n|[Metabigor](https://github.com/j3ssie/metabigor)|Wrapper for running rustscan, masscan and nmap more efficient on IP/CIDR.|\n|[Knock](https://github.com/guelfoweb/knock)|Knockpy is a portable and modular python3 tool designed to quickly enumerate subdomains on a target domain through passive reconnaissance and dictionary scan.|\n|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers.|\n|[Turbolist3r](https://github.com/fleetcaptain/Turbolist3r)|Subdomain enumeration tool with analysis features for discovered domains|\n|[subfinder](https://github.com/projectdiscovery/subfinder)|subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.|\n|[SubBrute](https://github.com/TheRook/subbrute)|A DNS meta-query spider that enumerates DNS records, and subdomains.|\n|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|\n|[dnsgen](https://github.com/ProjectAnte/dnsgen)|generates a combination of domain names from the provided input.|\n|[Altdns](https://github.com/infosec-au/altdns)|Altdns is a DNS recon tool that allows for the discovery of subdomains that conform to patterns. Altdns takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.|\n|[shuffleDNS](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns, written in go, that allows you to enumerate valid subdomains using active bruteforce, as well as resolve subdomains with wildcard handling and easy input-output support.|\n|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|\n\n### Subdomain Takeovers\n| Name \t| Description   |\n|------\t|-------------  |\n|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|\n|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerability and it is fast as it is asynchronous.|\n|[subjack](https://github.com/haccer/subjack)|Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives.|\n\n### Fuzzing\n| Name \t| Description   |\n|------\t|-------------  |\n|[FFuF](https://github.com/ffuf/ffuf)|A very fast Fuzzing Tool to brute force directories or other parameters. Highly configurable.|\n|[dirsearch](https://github.com/maurosoria/dirsearch)|dirsearch is a simple command-line tool designed to brute force directories and files in websites|\n|[Kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|\n|[IIS Short Name Scanner](https://github.com/irsdl/IIS-ShortName-Scanner)|latest version of scanners for IIS short filename (8.3) disclosure vulnerability|\n|[dirb](https://github.com/v0re/dirb)|Dirb a tool created by Ramon Pinuaga, this repo it's a Sourceforge fork(Web Fuzzer)|\n|[FeroxBuster](https://github.com/epi052/feroxbuster)|A simple, fast, recursive content discovery tool written in Rust|\n|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing|\n|[Wfuzz](https://github.com/xmendez/wfuzz)|Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.|\n\n### Crawling Web\n| Name \t| Description   |\n|------\t|-------------  |\n|[katana](https://github.com/projectdiscovery/katana)|A next-generation crawling and spidering framework.|\n|[GoSpider](https://github.com/jaeles-project/gospider)|GoSpider - Fast web spider written in Go|\n|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application|\n|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|SA python script that finds endpoints in JavaScript files|\n|[Robofinder](https://github.com/Spix0r/robofinder)|Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon process.|\n\n\n### Screenshots\n| Name \t| Description   |\n|------\t|-------------  |\n|[EyeWitness](https://github.com/RedSiege/EyeWitness)|EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known.|\n|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless|\n|[webscreenshot](https://github.com/maaaaz/webscreenshot)|A simple script to screenshot a list of websites, based on the url-to-image PhantomJS script.|\n\n\n### Content Discovery\n| Name \t| Description \t    |\n|------\t|-------------    \t|\n|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain.|\n|[httpx](https://github.com/projectdiscovery/httpx)|A fast and multi-purpose HTTP toolkit that allows running multiple probes.|\n|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers.|\n|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|\n|[Gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go.|\n|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep to avoid typing common patterns.|\n|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain|\n|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|\n|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite.|\n|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|\n|[xnLinkFinder](https://github.com/xnl-h4ck3r/xnLinkFinder)|A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target|\n\n\n\n### Recon Framework\n| Name \t| Description \t    |\n|------\t|-------------    \t|\n|[sn1per](https://github.com/1N3/Sn1per)|Discover hidden assets and vulnerabilities in your environment.|\n|[Raccoon](https://github.com/evyatarmeged/Raccoon)| A high performance offensive security tool for reconnaissance and vulnerability scanning|\n|[LazyRecon](https://github.com/capt-meelo/LazyRecon)| An automated approach to performing recon for bug bounty hunting and penetration testing.|\n|[Recon-ng](https://github.com/lanmaster53/recon-ng)| Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.|\n\n#### OSINT Search Engines\n| Name \t| Description \t    |\n|------\t|-------------      |\n|[chaos](https://chaos.projectdiscovery.io/)|A live, continuously updated API providing comprehensive internet data, including real-time DNS entries across the entire web.|\n|[hunter.io](https://www.hunter.io)|Email Enumeration for big corps|\n|[intelx.io](https://intelx.io/)|Swiss army Knife of OSINT|\n|[Shodan](https://www.shodan.io/)|Search engine that lets you find systems connected to the internet with a variety of filters|\n|[Censys](https://censys.io)|\"Censys is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the Internet.\"|\n|[crt.sh](https://crt.sh)|SSL certificate search tool|\n|[Virus Total](https://www.virustotal.com)|WHOIS, DNS, and subdomain recon|\n|[ZoomEye](https://www.zoomeye.org/)|Search engine for specific network components|\n|[NerdyData](https://nerdydata.com/)|Search Engine for Source Code|\n|[Crunchbase](https://www.crunchbase.com/)|For finding Information about Businesses and their acquisitions|\n|[Searchcode](https://searchcode.com/)|Helping you find real world examples of functions, API's and libraries over 90 languages across multiple sources|\n\n### Vulnerability Scanner\n| Name \t| Description \t    |\n|------\t|-------------    \t|\n|[SQLmap](http://sqlmap.org/)|sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.|\n|[Ghauri](https://github.com/r0oth3x49/ghauri)|An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws|\n|[Tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|\n|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool.|\n|[Nuclei](https://github.com/projectdiscovery/nuclei)|\"Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.\"|\n|[Commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|\n|[Nikto](https://github.com/sullo/nikto)|Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.|\n|[XSStrike](https://github.com/s0md3v/XSStrike)|XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.|\n|[Dalfox](https://github.com/hahwul/dalfox)|🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.|\n|[Bxss](https://github.com/ethicalhackingplayground/bxss)|Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.|\n|[Gxss](https://github.com/KathanP19/Gxss)|A tool to check a bunch of URLs that contain reflecting params.|\n|[X-Recon](https://github.com/joshkar/X-Recon)|A utility for detecting webpage inputs and conducting XSS scans.|\n|[CORScanner](https://github.com/chenjj/CORScanner)|Fast CORS misconfiguration vulnerabilities scanner.|\n|[WPScan](https://github.com/wpscanteam/wpscan)|WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.|\n\n### Network Scanners\n| Name \t| Description \t    |\n|------\t|-------------    \t|\n|[Nmap](https://nmap.org)|A well known and powerful Tool for port scanning. Nmap provides the possibility to use scripts to further customize its functionality. |\n|[Masscan](https://github.com/robertdavidgraham/masscan)|This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.|\n|[ScanCannon](https://github.com/johnnyxmas/ScanCannon)|External attack surface discovery, enumeration and reconnaissance for massive networks|\n|[Naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests.|\n|[Aquatone](https://github.com/michenriksen/aquatone)|Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.|\n|[RustScan](https://github.com/RustScan/RustScan)|The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported).|\n\n### Notes \u0026 Organization\n| Name \t| Description \t    |\n|------\t|-------------    \t|\n|[Notion](https://notion.so)|\"Write, plan, collaborate, and get organized — all in one tool.\"|\n|[Xmind](https://www.xmind.net/)|XMind, a full-featured mind mapping and brainstorming tool, designed to generate ideas, inspire creativity, brings productivity in a remote WFH team.|\n|[Obsidian](https://obsidian.md/)|Obsidian is the private and flexible writing app that adapts to the way you think.|\n|[Draw.io](https://app.diagrams.net/)|draw.io is free online diagram software for making flowcharts, process diagrams, org charts, UML, ER and network diagrams.|\n\n### Wordlists\n| Name \t| Description \t    |\n|------\t|-------------    \t|\n|[SecLists](https://github.com/danielmiessler/SecLists)|A huge collection of word lists for hacking.|\n|[AssetNote's Wordlists](https://wordlists.assetnote.io/)|Collection of wordlists created by AssetNote.|\n|[fuzzdb](https://github.com/fuzzdb-project/fuzzdb)|It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.|\n|[samlists](https://github.com/the-xentropy/samlists)|Free, libre, effective, and data-driven wordlists for all!|\n|[Jason Haddix](https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056)|Jason Haddix Wordlists|\n\n\n### Others\n| Name \t| Description \t    |\n|------\t|-------------    \t|\n|[Deduplicate](https://github.com/nytr0gen/deduplicate)|Remove duplicate urls from input|\n|[Anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|\n|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin|\n|[WhatWeb](https://github.com/urbanadventurer/WhatWeb)|Next generation web scanner|\n|[JWT Tool](https://github.com/ticarpi/jwt_tool)|A toolkit for testing, tweaking and cracking JSON Web Tokens|\n|[HostHunter](https://github.com/SpiderLabs/HostHunter)|HostHunter a recon tool for discovering hostnames using OSINT techniques.|\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmamad4ever%2Fbug-bounty-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmamad4ever%2Fbug-bounty-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmamad4ever%2Fbug-bounty-tools/lists"}