BountyOS Tools

gobuster

Gobuster is a tool used to brute-force

netcat

networking utility for reading from and writing to network connections using TCP or UDP

masscan

MASSCAN: Mass IP port scanner

sqlmap

Automatic SQL injection and database takeover tool

dirsearch

Web path discovery

nmap

Nmap (Network Mapper) is a network scanner

gobuster

Gobuster is a tool used to brute-force url, dns, vhost, etc..

dnstwist

uncover potentially malicious domains that target your organization

burpsuite

security assessment and penetration testing of web applications

wpscan

WordPress Security Scanner

massdns

A high-performance DNS stub resolver

amass

network mapping of attack surfaces and external asset discovery

nikto

Nikto web server scanner

cewl

spiders a given URL, up to a specified depth, and returns a list of words

findomain

directory fuzzing, port scanning, vulnerability discovery, and more

owasp

zap - most widely used web scanner

sslscan

SSL Enumeration and vulnerability scanner

recon

ng - Recon-ng is a full-featured reconnaissance framework

sherlock

Hunt down social media accounts by username

metagoofil

metagoofil searches Google for specific types of files being publicly hosted on a web site

hash

identifier - Software to identify the different types of hashes used to encrypt data and especially passwords

fierce

semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains

altdns

Subdomain discovery through alterations and permutations

arjun

HTTP Parameter Discovery Suite

getsploit

Inspired by searchsploit, getsploit combines two features: command line search and download

h8mail

email OSINT and breach hunting tool

hosthunter

discover and extract hostnames providing a large set of target IP addresses

hostsman

cross-platform command line tool for adding, removing or listing mappings in hosts file

linkedin2username

Generate username lists from companies on LinkedIn

spiderfoot

open source intelligence (OSINT) automation tool

theHarvester

tool designed to be used during the reconnaissance stage of a red team assessment or penetration test

linkfinder

discover endpoints and their parameters in JavaScript files

smuggler

An HTTP Request Smuggling / Desync testing tool

403bypasser

automates the techniques used to circumvent access control restrictions on target pages

uro

URLs that have uninteresting/duplicate content; uro aims to solve that

paramspider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

asnlookup

searches for the organization ASNs and use the latter to find the IP space

dnsvalidator

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses

subfinder

Fast passive subdomain enumeration tool

nuclei

modern, high-performance vulnerability scanner that leverages simple YAML-based templates

Web

Cache-Vulnerability-Scanner - fast and versatile CLI scanner for web cache poisoning and web cache deception

gospider

Fast web spider written in Go

ffuf

A fast web fuzzer written in Go.

assetfinder

Find domains and subdomains potentially related to a given domain

cloudbrute

find a company (target) infrastructure, files, and apps on the top cloud providers

dnsx

A fast and multi-purpose DNS toolkit designed for running DNS queries

gau

fetches known URLs from AlienVaults

waybackurls

Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for *.domain and output them on stdout

gowitness

A golang, web screenshot utility using Chrome Headless.

hakrawler

Fast golang web crawler for gathering URLs and JavaScript file locations

httprobe

Take a list of domains and probe for working http and https servers

httpx

fast and multi-purpose HTTP toolkit that allows running multiple probes

naabu

enumerate valid ports for hosts in a fast and reliable manner

s3scanner

A tool to find open S3 buckets in AWS or other cloud providers

unfurl

Pull out bits of URLs provided on stdin

anew

Append lines from stdin to a file, but only if they dont already appear in the file

dalfox

scanning for XSS flaws and analyzing parameters

katana

A next-generation crawling and spidering framework

uncover

Quickly discover exposed hosts on the internet using multiple search engines.

shuffledns

massDNS wrapper to bruteforce and resolve the subdomains with wildcard handling support

puredns

Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering

cut

cdn - Removing CDN IPs from the list of IP addresses

certgraph

A tool to crawl the graph of certificate Alternate Names

asn

ASN Lookup Tool and Traceroute Server

badsecrets

identifying the use of known or very weak cryptographic secrets across a variety of platforms

BBScan

fast and light-weight web vulnerability scanner

Cloudmare

find the origin servers of websites protected by Cloudflare, Sucuri, or Incapsula with a misconfigured DNS

jaeles

extensible framework written in Go for building your own Web Application Scanner

wapiti

web vulnerability scanner written in Python

xsser

Cross Site Scripter (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities

xsstrike

Advanced XSS Detection Suite

anubis

subdomain enumeration and information gathering tool

dnscan

dnscan is a python wordlist-based DNS subdomain scanner.

jsluice

Go package and command-line tool for extracting URLs, paths, secrets, and other interesting data from JavaScript source code

gitgot

feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets

← Back to Home