Awesome Bug Bounty Tools

Curated list of various bug bounty tools

Contents

• Recon

  • Subdomains
  • Ports
  • Screenshots
  • Technologies
  • Files/directories
  • Secrets
  • Buckets
  • Git

• Exploitation

  • CMS
  • Command Injection
  • [CORS Misconfiguration](CORS Misconfiguration)
  • CRLF Injection
  • CSRF Injection
  • Directory Traversal
  • File Inclusion
  • GraphQL Injection
  • HTTP Parameter Pollution
  • Insecure Deserialization
  • Insecure Direct Object References
  • [JSON Web Token](#JSON Web Token)
  • Open Redirect
  • Race Condition
  • Request Smuggling
  • Server Side Request Forgery
  • SQL Injection
  • Subdomain takeover
  • XSS Injection
  • XXE Injection
  • postMessage

---

Exploitation

Lorem ipsum dolor sit amet

CORS Misconfiguration

Lorem ipsum dolor sit amet

• Corsy - CORS Misconfiguration Scanner
• CORStest - A simple CORS misconfiguration scanner
• cors-scanner - A multi-threaded scanner that helps identify CORS flaws/misconfigurations

JSON Web Token

Lorem ipsum dolor sit amet

• jwt_tool - A toolkit for testing, tweaking and cracking JSON Web Tokens
• c-jwt-cracker - JWT brute force cracker written in C
• jwt-heartbreaker - The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
• jwtear - Modular command-line tool to parse, create and manipulate JWT tokens for hackers
• jwt-key-id-injector - Simple python script to check against hypothetical JWT vulnerability.

Server Side Request Forgery

Lorem ipsum dolor sit amet

• SSRFmap - Automatic SSRF fuzzer and exploitation tool

• Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

• ground-control - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

• Gf-Patterns - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

• SSRFire - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects

• httprebind - Automatic tool for DNS rebinding-based SSRF attacks

• ssrf-sheriff - A simple SSRF-testing sheriff written in Go

• B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF

• extended-ssrf-search - Smart ssrf scanner using different methods like parameter brute forcing in post and get...

• gaussrf - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.

• ssrfDetector - Server-side request forgery detector

• grafana-ssrf - Authenticated SSRF in Grafana

• sentrySSRF - Tool to searching sentry config on page or in javascript files and check blind SSRF

• -

• -

• -

• -

• -

• -

• -

• -

postMessage

Lorem ipsum dolor sit amet

• postMessage-tracker - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
• PostMessage_Fuzz_Tool - #BugBounty #BugBounty Tools #WebDeveloper Tool

Contribute

Contributions welcome! Read the contribution guidelines first.

License

To the extent possible under law, vavkamil has waived all copyright and related or neighboring rights to this work.