BountyOS

Why BountyOS?

BountyOS is a custom Debian 12-based Linux distro crafted exclusively for bug bounty professionals and real-world web app security research. Unlike traditional hacking distros packed with unnecessary tools, BountyOS stays clean, sharp, and purpose-driven.

Key Features

• All tools work in Live Mode — no installation required.
• Installation is fast, easy, and optional.
• Powered by stable and secure Debian 12.
• Supports both amd64 and arm64 architectures.
• Architecture-specific tools — optimized for your system.
• No outdated or archived tools included.
• Ongoing updates and custom tools developed by us.
• Includes exclusive tools not found in other distros.

Included Tools (75+)

Some of the most-used and effective tools in modern bug bounty workflows:

• Recon: amass, subfinder, assetfinder
• Scanning: nuclei, httpx, dalfox, gf, waybackurls
• Brute Forcing: ffuf, dirsearch, wordlists
• Networking: massdns, dnsx, masscan
• Testing: Burp Suite, OWASP-ZAP, Sqlmap
• OSINT: theHarvester, recon-ng, etc..
• Click Here to see All installed Tools.

Who's it for?

• Bug bounty hunters on platforms like HackerOne, Bugcrowd, Intigriti, YesWeHack
• Security researchers focusing on recon and app testing
• Red teamers who want a clean OS without bloat

Availability

• Supports x86_64 (amd64) and arm64 platforms
• Downloadable ISO files are available
• For Download & installation guide please visit BountyOS Github repository