Projects STRLCPY BountyIt Files
Enable build support by adding .buildspec.yml
static Loading last commit info...

What is BountyIt ?

A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures.


-grep string
        Specify custom grepping signatures. Ex -grep signatures.txt
  -header string
        Add any custom header if required. Ex: -header "Cookie: Session=12cbcx...."
  -method string
        Add method name if required. Ex: -method PUT. Default "GET" (default "GET")
  -p string
        Feed the list of payloads to fuzz. Ex: -p ~/wordlists/lfi.txt
  -t int
        Number of workers to use..default 40. Ex: -t 50 (default 40)
        Only prints confirmed results. Ex -verify

How to Install

$ go get -u -v


  • Note: Urls must have keyword "FUZZ" like 

Single Url

echo "" | BountyIt

Multiple Url

cat http_https.txt | BountyIt -t 70 -p payloads.txt -verify

Add another method if required

cat http_https.txt | BountyIt -t 70  -method "POST" -p payloads.txt -grep signatures.txt

Add header if required

cat http_https.txt | BountyIt -t 70  -header "Cookie: session=311x1211sx4..." -p payloads.txt -grep signatures.txt
  • Note: Check wordlist dir for signatures.txt and basic fuzzing list for basic ssti, rce, lfi. Make sure to add -verify as potential issues create false positive.



Please wait...
Page is in error, reload to recover