Bug Bounty Tools that I use as a Bug Bounty Hunter

List of Best Bug bounty Tools that I use as a Bug Bounty Hunter

In this article, I will share the best bug bounty tools I personally use as a Bug bounty hunter.

Of course, hundreds of tools exist for Professional pentesting or Bug bounty. Maybe you might be familiar with the tools,

as Bug bounty hunters, we are always curious to test new tools that save our maximum time and give the best results

Best bug bounty tools

bug bounty

Here is the list of my favourite bug bounty tools that Include from recon to exploitation

Subdomain Enumeration

For Subdomain enumeration, I use SubEnum




This tool is a combination of many other subdomain enumeration tools. You can either install other tools manually or install the necessary tools using the setup script
The main advantage of this tool is it can go through parallel and grabs all the subdomains in a txt file, 

Available Tools and online services:

Tools:

Findomain
SubFinder
Amass
AssetFinder
Httprobe: To Probe For Working HTTP and HTTPS Subdomains.
anew: To delete duplicates when using -s/--silent option.

online services:
WayBackMachine
crt.sh
BufferOver

Httpx for checking live domains

After enumerating the sub-domains, I always used to check the status of the subdomains, filter out the live domains, and remove the unnecessary or bogus domains.

For that, I use httpx, a tool by Project Discovery. 




This tool can filter out the live domains in a faster way. It can get the page title and detect the technology used by the domain.

Browser Extensions

Here are the browser extensions that I use while doing recon

Wappalyzer

Wappalyzer is a free browser extension that Fingerprints the Technologies the target website uses.

WhatRuns

WhatRuns is similar to Wappalyzer. This extension is recommended by Jason Haddix on his Bug Bounty methodology. Since then, it was a must-use tool for me.

Shodan

Shodan is a search engine for Hackers. They also offer a Browser extension that can detect the target's Open ports on the browser, giving us a clear insight into what services the target runs.

Cookie Editor

The cookie editor plugin will be helpful when testing the target with multiple logins and cookie-based attacks.

Radom user agent

I often use this extension to test how the website responds on different devices and bypass some restrictions.

Web Proxies

Burp suite

Burp suite is becoming a must-use tool for hackers. I always use this tool to intercept the request response of the target.

Port Scanning

Nmap

Nmap is a powerful port scanner. Who else will keep it aside, 

Naabu

Naabu is a port scanning tool developed by project discovery. It can detect open ports from a list of URLs

Smap

Smap is another fast port scanner developed by Somedev. It does not make any contact with the target and is based on shodan.

Shodan

I use shodan. It will be helpful when scanning is not allowed by the Program.

Automated Tools

Nuclei

Nuclei is an automatic vulnerability detection tool developed by Project Discovery. It can go through the templates and check if the target is vulnerable to any vulnerabilities. 

Sqlmap

Who will forget Sqlmap? We all started with it. Sqlmap is an automatic SQL injection detection and exploitation tool written in Python.

Wpscan


Wpscan is an automatic WordPress vulnerability scanner. It can detect the latest vulnerabilities in WordPress websites.

Fuzzers

As a web application pentester, it's essential to fuzz the hidden directories of the target. Here are my favourite fuzzers

Dirsearch

Dirsearch is a web directory brute-forcer written in Python. You can find the go version also.

In this tool, you can use the default wordlist, or give the path of the wordlists.

ffuf

ffuf is my second best directory fuzzer. It is a little bit faster. You can customize the requests according to your need.

Dirbuster

it is a GUI-based Directory brute forcing tool. The main advantage of this tool is you can customize the settings as per your needs and prevent your IP from being banned by the Web application firewall.


WAF Detection

Most of the targets are protected by some kind of  Web application firewalls. We have to detect the WAF and bypass it for maximum impact, 

Here are the tools I use for WAF detection

wafw00f

This tool can detect almost all web application firewalls.

WhatWaf

This is an advanced Waf Detection Tool.

Others

This section contains some uncategorized tools, wordlist etc.

Wordlists I often use

  • PayloadAllTheThings
  • SecLists

Conclusion:

This Article will be updated again, I use even more tools that I did not mentioned here, I hope these tools will give you the best results, making your bug bounty journey much easier

Hi, am Basudev From Andhra Pradesh, India. a Blogger & Hacker Interested in Infosec, Web Development, Programming

Post a Comment

Comments will be reviewed before publishing