8.8 KiB
8.8 KiB
Awesome Bug Bounty Tools 
Curated list of various bug bounty tools
Contents
-
- CMS
- Command Injection
- [CORS Misconfiguration](#CORS Misconfiguration)
- [CRLF Injection](#CRLF Injection)
- [CSRF Injection](#CSRF Injection)
- Directory Traversal
- File Inclusion
- [GraphQL Injection](GraphQL Injection)
- HTTP Parameter Pollution
- Insecure Deserialization
- Insecure Direct Object References
- [JSON Web Token](#JSON Web Token)
- Open Redirect
- postMessage
- Race Condition
- Request Smuggling
- [Server Side Request Forgery](#Server Side Request Forgery)
- [SQL Injection](#SQL Injection)
- Subdomain takeover
- XSS Injection
- [XXE Injection](#XXE Injection)
Exploitation
Lorem ipsum dolor sit amet
CORS Misconfiguration
Lorem ipsum dolor sit amet
- Corsy - CORS Misconfiguration Scanner
- CORStest - A simple CORS misconfiguration scanner
- cors-scanner - A multi-threaded scanner that helps identify CORS flaws/misconfigurations
CRLF Injection
Lorem ipsum dolor sit amet
- crlfuzz - A fast tool to scan CRLF vulnerability written in Go
- CRLF-Injection-Scanner - Command line tool for testing CRLF injection on a list of domains.
- Injectus - CRLF and open redirect fuzzer
CSRF Injection
Lorem ipsum dolor sit amet
- XSRFProbe -The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
GraphQL Injection
Lorem ipsum dolor sit amet
- inql - InQL - A Burp Extension for GraphQL Security Testing
- GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
- shapeshifter - GraphQL security testing tool
- graphql_beautifier - Burp Suite extension to help make Graphql request more readable
JSON Web Token
Lorem ipsum dolor sit amet
- jwt_tool - A toolkit for testing, tweaking and cracking JSON Web Tokens
- c-jwt-cracker - JWT brute force cracker written in C
- jwt-heartbreaker - The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
- jwtear - Modular command-line tool to parse, create and manipulate JWT tokens for hackers
- jwt-key-id-injector - Simple python script to check against hypothetical JWT vulnerability.
postMessage
Lorem ipsum dolor sit amet
- postMessage-tracker - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
- PostMessage_Fuzz_Tool - #BugBounty #BugBounty Tools #WebDeveloper Tool
Server Side Request Forgery
Lorem ipsum dolor sit amet
- SSRFmap - Automatic SSRF fuzzer and exploitation tool
- Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
- ground-control - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
- Gf-Patterns - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
- SSRFire - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
- httprebind - Automatic tool for DNS rebinding-based SSRF attacks
- ssrf-sheriff - A simple SSRF-testing sheriff written in Go
- B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF
- extended-ssrf-search - Smart ssrf scanner using different methods like parameter brute forcing in post and get...
- gaussrf - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.
- ssrfDetector - Server-side request forgery detector
- grafana-ssrf - Authenticated SSRF in Grafana
- sentrySSRF - Tool to searching sentry config on page or in javascript files and check blind SSRF
SQL Injection
Lorem ipsum dolor sit amet
- sqlmap - Automatic SQL injection and database takeover tool
- NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- SQLiScanner - Automatic SQL injection with Charles and sqlmap api
- SleuthQL - Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
- mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
- sqli-hunter - SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
- waybackSqliScanner - Gather urls from wayback machine then test each GET parameter for sql injection.
- ESC - Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features.
- mssqli-duet - SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
- burp-to-sqlmap - Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap
- BurpSQLTruncSanner - Messy BurpSuite plugin for SQL Truncation vulnerabilities.
- andor - Blind SQL Injection Tool with Golang
- Blinder - A python library to automate time-based blind SQL injection
XXE Injection
Lorem ipsum dolor sit amet
- ground-control - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
- dtd-finder - List DTDs and generate XXE payloads using those local DTDs.
- docem - Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
- xxeserv - A mini webserver with FTP support for XXE payloads
- xxexploiter - Tool to help exploit XXE vulnerabilities
- B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF
- XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
- oxml_xxe - A tool for embedding XXE/XML exploits into different filetypes
Contribute
Contributions welcome! Read the contribution guidelines first.
License
To the extent possible under law, vavkamil has waived all copyright and related or neighboring rights to this work.