explaingit

vavkamil/awesome-bugbounty-tools

5,977Audience · developerComplexity · 1/5Setup · easy

TLDR

Curated reference list of open-source tools for bug bounty hunters, organized by task, covering recon, exploitation by vulnerability type, and miscellaneous security checks.

Mindmap

mindmap
  root((bugbounty tools))
    Reconnaissance
      Subdomain finder
      Port scanner
      Screenshot tool
      Directory fuzzer
    Exploitation
      SQL injection
      XSS testing
      SSRF tools
      Request smuggling
    Miscellaneous
      Secret scanner
      Cloud bucket check
      JWT tester
      Subdomain takeover
    Format
      Curated links
      No bundled code
      Reference only
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Find the right subdomain enumeration or port scanning tool for initial recon without searching the internet from scratch.

USE CASE 2

Browse exploitation tools organized by vulnerability type such as SQL injection, XSS, or SSRF to confirm a suspected finding.

USE CASE 3

Discover tools for detecting exposed secrets in source code or misconfigured cloud storage buckets.

USE CASE 4

Look up tools for testing JSON web tokens or detecting subdomain takeover vulnerabilities.

Getting it running

Difficulty · easy Time to first run · 5min
This is a curated link list, each linked tool carries its own individual license.

In plain English

This repository is a curated collection of links to open-source tools used in bug bounty hunting, which is the practice of finding security flaws in websites and software for a reward. It is organized as a reference list rather than a project with its own code. Bug bounty hunters use it to find the right tool for a given task without having to search the internet from scratch. The list is split into three broad areas. The first covers reconnaissance, which is the process of mapping out a target before looking for weaknesses. Tools here handle tasks like finding subdomains (other parts of a website), scanning for open ports, taking screenshots of web pages, discovering hidden directories, and identifying what software a site runs on. There are also tools for fuzzing, which means sending unexpected or random input to see how a system reacts. The second area covers exploitation, which is the step where a hunter tries to confirm that a suspected weakness is real. Each subsection corresponds to a known category of web security flaw: SQL injection, cross-site scripting, server-side request forgery, request smuggling, open redirects, and others. The tools listed under each category automate or assist with testing for that specific type of issue. The third area is miscellaneous and contains tools for tasks that do not fit neatly into the other two groups: searching for exposed secrets or passwords in source code, finding misconfigured cloud storage buckets, testing JSON web tokens, looking for subdomain takeovers, scanning for known vulnerabilities, and intercepting web traffic. The README does not explain how bug bounty hunting works in depth, nor does it compare the listed tools to one another. It is a starting point for people who already know what they are looking for. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
I'm starting a bug bounty on a web target and need to enumerate subdomains and scan for open ports. Which tools from awesome-bugbounty-tools should I use for initial recon, and what is the basic command to run each one?
Prompt 2
I suspect a target is vulnerable to SQL injection. Which tool from this list is best to confirm it, and what command do I run against a login form URL?
Prompt 3
How do I use a tool from the secrets section of awesome-bugbounty-tools to scan a public GitHub repository for leaked API keys or credentials?
Prompt 4
Walk me through using a subdomain takeover tool from this list to check whether any of a target's subdomains can be hijacked.
Prompt 5
Which tools in awesome-bugbounty-tools are best for testing for SSRF vulnerabilities, and how do I set up a callback server to catch out-of-band interactions?
Open on GitHub → Explain another repo

← vavkamil on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.