Resources-for-Beginner-Bug-Bounty-Hunters
Tools 🧰
Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
Table of Contents
Proxy & Network Sniffer
| Name | Description | Written in | Created by |
|---|---|---|---|
| Burp Suite | A Proxy to intercept and manipulate Web Traffic (free & paid version). Here you can find Tips & Tricks to get started with Burp. | Java | Port Swigger |
| OWASP Zap Proxy | A Proxy to intercept and manipulate Web Traffic (free). | Java | OWASP |
| Wireshark | Wireshark is a network protocol analyzer that lets you capture and read network packets. | C, C++ | The Wireshark team |
Recon, OSINT & Discovery
| Name | Description | Written in | Created by |
|---|---|---|---|
| FFuF | A very fast Fuzzing Tool to brute force directories or other parameters. Highly configurable. | Go | |
| Sublist3r | Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS. | Python | Ahmed Aboul-Ela |
| dirsearch | dirsearch is a simple command-line tool designed to brute force directories and files in websites. | Python | Mauro Soria |
| Amass | Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options. | Go | OWASP |
| BuiltWith | A very handy Browser Extension (for Chrome, Firefox) that checks for more than 18,000 types of internet technologies. Gives you a very quick glance on what a Web Application is built. | BuiltWith® | |
| findomain | Very fast cross-platform subdomain enumerator | Rust | Eduard Tolosa |
| waybackurls | Fetch all the URLs that the Wayback Machine knows about for a domain | Go | Tom Hudson |
| meg | meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating. | Go | Tom Hudson |
| httprobe | Take a list of domains and probe for working http and https servers. | Go | Tom Hudson |
| Osmedeus | Fully automated offensive security framework for reconnaissance and vulnerability scanning | Python | j3ssie |
| hakrawler | hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover Forms, Endpoints, Subdomains, Related documents and JS Files | Go | @hakluke |
| Reconness | A Web App Tool to Run and Keep all your #recon in the same place. | C# | @reconness |
OSINT Webpages
| Name | Description | Created by |
|---|---|---|
| hunter.io | Email Enumeration for big corps | Hunter Team |
| intelx.io | Swiss army Knife of OSINT | Intelligence X |
| Shodan | Search engine that lets you find systems connected to the internet with a variety of filters | John Matherly |
| Censys | "Censys is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the Internet." | Censys |
| Lookyloo | Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. Github Page of the Project | CIRCL |
| Spyse.com | New Search Engine made for pentesters and cyber security specialists | Spyse Team |
| crt.sh | SSL certificate search tool | Sectigo |
| Virus Total | WHOIS, DNS, and subdomain recon | Virus Total Team |
| ZoomEye | Search engine for specific network components | Team from Knownsec |
| We Leak Info | Databreach Search Engine | We Leak Info |
| NerdyData | Search Engine for Source Code | NerdyData |
| Crunchbase | For finding Information about Businesses and their acquisitions | TechCrunch |
| Searchcode | Helping you find real world examples of functions, API's and libraries over 90 languages across multiple sources | searchcode |
Exploitation
| Name | Description | Written in | Created by |
|---|---|---|---|
| sqlmap | sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. | Python | sqlmapproject |
Scanners
| Name | Description | Written in | Created by |
|---|---|---|---|
| Nmap | A well known and powerful Tool for port scanning. Nmap provides the possibility to use scripts to further customize its functionality. | C, C++, Python, Lua | Gordon Lyon |
| Masscan | This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine. | C | Robert David Graham |
Mobile Hacking
| Name | Description | Written in | Created by |
|---|---|---|---|
| Frida | |||
| dex2jar | Useful to convert dex files into jar to decompile the application. | Java, Smali | Bob Pan |
| andriller | Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. andriller.com | Python | Denis Sazonov |
| Mobile Security Framework (MobSF) | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. | Python | MobSF Team |
Others
| Name | Description | Written in | Created by |
|---|---|---|---|
| SecLists | A huge collection of word lists for hacking. | Daniel Miessler | |
| Recon Pi | A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi. | @x1m_martijn |
back to Intro Page