What is BountyIt ?
A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...comes with pre-defind signarutres and signatures wordlist that's it!
Help
-grep string
Specify custom grepping singantures. Ex -grep singantures.txt
-method string
Add method name if required. Ex: -method PUT. Default "GET" (default "GET")
-p string
Feed the list of payloads to fuzz. Ex: -p ~/wordlists/lfi.txt
-t int
Number of workers to use..default 40. Ex: -t 50 (default 40)
-verify
Only prints confirmed results. Ex -verify
How to Install
$ go get -u -v github.com/shivangx01b/BountyIt
Usage
- Note: Urls must have keyword "FUZZ" like
https://example.com/FUZZ
or
https://example.com/?query=FUZZ
Single Url
echo "https://example.com/FUZZ" | BountyIt
Multiple Url
cat http_https.txt | BountyIt -t 70 -p payloads.txt -verify
Add another method if required
cat http_https.txt | BountyIt -t 70 -method "POST" -p payloads.txt -grep signatures.txt
Screenshot
Note:
- Scanner stores the error results as "error_requests.txt"... which contains urls which cannot be requested