Tools i Use For Bug Bounty Hunting [Updated]

1 min readOct 13, 2019

--

Here is a list of tools and websites i use for bug bounty hunting:

Tools:

Wafw00f: https://github.com/EnableSecurity/wafw00f

2. Burpsuite: https://portswigger.net/burp/communitydownload

3. WPScan: https://github.com/wpscanteam/wpscan

4. Aquatone: https://github.com/michenriksen/aquatone

5. Arjun: https://github.com/s0md3v/Arjun

6. Assetfinder: https://github.com/tomnomnom/assetfinder

7. Exploit-db: https://www.exploit-db.com

8. Dirb/dirbuster: https://sourceforge.net/projects/dirbuster/files/DirBuster%20Source/1.0-RC1/

9. Seclists: https://github.com/danielmiessler/SecLists

10. Sn1per: https://github.com/1N3/Sn1per

11. Tidos-framework: https://github.com/0xInfection/TIDoS-Framework

12. Httprobe: https://github.com/tomnomnom/httprobe

13. Fimap: https://github.com/kurobeats/fimap

14. Scrapy-Web: https://scrapy.org

15. Amass: https://github.com/OWASP/Amass

16. MassDNS: https://github.com/blechschmidt/massdns

17. Nmap: https://nmap.org/download.html

18. Sqlmap: https://github.com/sqlmapproject/sqlmap

19. Wfuzz: https://github.com/xmendez/wfuzz

20. Scanners-box: https://github.com/We5ter/Scanners-Box

21. Osmedeus: https://github.com/j3ssie/Osmedeus

22. Findsploit: https://github.com/1N3/findsploit

Google Dorks:

https://thehackerstuff.com/google-dorking-database-useful-for-web-application-penetration-testing

https://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc/

https://gist.github.com/stevenswafford/393c6ec7b5375d5e8cdc

https://github.com/sushiwushi/bug-bounty-dorks/blob/master/dorks.txt

Websites:

Hardenize: https://www.hardenize.com

2. SSL Analysis: https://www.ssllabs.com/ssltest

3. HTTP Status Analyser: https://httpstatus.io

4. Nmap Online: https://nmap.online/

5. DNS Analysis: https://dnssec-debugger.verisignlabs.com/

6. Builtwith: https://builtwith.com/

7. WhatCMS: https://whatcms.org/

8. Crt.sh: https://crt.sh/

Browser Add-ons:

Wappalyzer: https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/

https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg

Extra:

https://github.com/AlexisAhmed/BugBountyTools

Note: dirb/dirbuster , burpsuite, fimap, OWASP Zap, WPScan , nmap, sqlmap, fimap comes pre-installed with Kali Linux and Parrotsec.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by hacktivist

Cybersecurity enthusiast | Blogger | Blockchain security

Responses (1)

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams