In this article, I will share the best bug bounty tools I personally use as a Bug bounty hunter.
Of course, hundreds of tools exist for Professional pentesting or Bug bounty. Maybe you might be familiar with the tools,
as Bug bounty hunters, we are always curious to test new tools that save our maximum time and give the best results
Best bug bounty tools
Here is the list of my favourite bug bounty tools that Include from recon to
exploitation
Subdomain Enumeration
For Subdomain enumeration, I use
SubEnum
This tool is a combination of many other subdomain enumeration tools. You can
either install other tools manually or install the necessary tools using the
setup script
The main advantage of this tool is it can go through parallel and grabs all
the subdomains in a txt file,
Available Tools and online services:
Tools:
Findomain
SubFinder
Amass
AssetFinder
Httprobe: To Probe For Working HTTP and HTTPS Subdomains.
anew: To delete duplicates when using -s/--silent option.
online services:
WayBackMachine
crt.sh
BufferOver
Httpx for checking live domains
After enumerating the sub-domains, I always used to check the status of the
subdomains, filter out the live domains, and remove the unnecessary or bogus
domains.
For that, I use
httpx,
a tool by Project Discovery.
This tool can filter out the live domains in a faster way. It can get the page
title and detect the technology used by the domain.
Browser Extensions
Here are the browser extensions that I use while doing recon
Wappalyzer
Wappalyzer is a
free browser extension that Fingerprints the Technologies the target website
uses.
WhatRuns
WhatRuns is
similar to Wappalyzer. This extension is recommended by Jason Haddix on
his Bug Bounty methodology. Since then, it was a must-use tool for me.
Shodan
Shodan
is a search engine for Hackers. They also offer a Browser extension that can
detect the target's Open ports on the browser, giving us a clear insight into
what services the target runs.
Cookie Editor
The cookie editor plugin will be helpful when testing the target with multiple
logins and cookie-based attacks.
Radom user agent
I often use this extension to test how the website responds on different
devices and bypass some restrictions.
Web Proxies
Burp suite
Burp suite is becoming a must-use tool for hackers. I always use this tool to
intercept the request response of the target.
Port Scanning
Nmap
Nmap is a
powerful port scanner. Who else will keep it aside,
Naabu
Naabu
is a port scanning tool developed by project discovery. It can detect open
ports from a list of URLs
Smap
Smap
is another fast port scanner developed by Somedev. It does not make any
contact with the target and is based on shodan.
Shodan
I use shodan. It will be helpful when scanning is not allowed by the Program.
Automated Tools
Nuclei
Nuclei is an automatic vulnerability detection tool developed by Project
Discovery. It can go through the templates and check if the target is
vulnerable to any vulnerabilities.
Sqlmap
Who will forget Sqlmap? We all started with it. Sqlmap is an automatic SQL
injection detection and exploitation tool written in Python.
Wpscan
Wpscan is an automatic WordPress vulnerability scanner. It can detect the
latest vulnerabilities in WordPress websites.
Fuzzers
As a web application pentester, it's essential to fuzz the hidden directories
of the target. Here are my favourite fuzzers
Dirsearch
Dirsearch is a web directory brute-forcer written in Python. You can find the
go version also.
In this tool, you can use the default wordlist, or give the path of the
wordlists.
ffuf
ffuf is my second
best directory fuzzer. It is a little bit faster. You can customize the
requests according to your need.
Dirbuster
it is a GUI-based Directory brute forcing tool. The main advantage of this
tool is you can customize the settings as per your needs and prevent your IP
from being banned by the Web application firewall.
WAF Detection
Most of the targets are protected by some kind of Web application firewalls. We have to detect the WAF and bypass it for maximum impact,
Here are the tools I use for WAF detection
wafw00f
This tool can detect almost all web application firewalls.
WhatWaf
This is an advanced Waf Detection Tool.
Others
This section contains some uncategorized tools, wordlist etc.
Wordlists I often use
- PayloadAllTheThings
- SecLists
Conclusion:
This Article will be updated again, I use even more tools that I did not mentioned here, I hope these tools will give you the best results, making your bug bounty journey much easier