# Bug Bounty Tool List

### Bug Bounty Tool List Which are useful for Hunting

Bug Bounty Tool List

dnscan [https://github.com/rbsec/dnscan](https://github.com/rbsec/dnscan)

Knockpy [https://github.com/guelfoweb/knock](https://github.com/guelfoweb/knock)

Sublist3r [https://github.com/aboul3la/Sublist3r](https://github.com/aboul3la/Sublist3r)

massdns [https://github.com/blechschmidt/massdns](https://github.com/blechschmidt/massdns)

nmap [https://nmap.org](https://nmap.org/)

masscan [https://github.com/robertdavidgraham/masscan](https://github.com/robertdavidgraham/masscan)

EyeWitness [https://github.com/ChrisTruncer/EyeWitness](https://github.com/ChrisTruncer/EyeWitness)

DirBuster [https://sourceforge.net/projects/dirbuster/](https://sourceforge.net/projects/dirbuster/)

dirsearch [https://github.com/maurosoria/dirsearch](https://github.com/maurosoria/dirsearch)

Gitrob [https://github.com/michenriksen/gitrob](https://github.com/michenriksen/gitrob)

git-secrets [https://github.com/awslabs/git-secrets](https://github.com/awslabs/git-secrets)

sandcastle [https://github.com/yasinS/sandcastle](https://github.com/yasinS/sandcastle)

bucket\_finder [https://digi.ninja/projects/bucket\_finder.php](https://digi.ninja/projects/bucket_finder.php)

GoogD0rker [https://github.com/ZephrFish/GoogD0rker/](https://github.com/ZephrFish/GoogD0rker/)

Wayback Machine [https://web.archive.org](https://web.archive.org/)

waybackurls [https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050](https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050) Sn1per [https://github.com/1N3/Sn1per/](https://github.com/1N3/Sn1per/)

XRay [https://github.com/evilsocket/xray](https://github.com/evilsocket/xray)

wfuzz [https://github.com/xmendez/wfuzz/](https://github.com/xmendez/wfuzz/)

patator [https://github.com/lanjelot/patator](https://github.com/lanjelot/patator)

datasploit [https://github.com/DataSploit/datasploit](https://github.com/DataSploit/datasploit)

hydra [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra)

changeme [https://github.com/ztgrace/changeme](https://github.com/ztgrace/changeme)

MobSF [https://github.com/MobSF/Mobile-Security-Framework-MobSF/](https://github.com/MobSF/Mobile-Security-Framework-MobSF/) Apktool [https://github.com/iBotPeaches/Apktool](https://github.com/iBotPeaches/Apktool)

dex2jar [https://sourceforge.net/projects/dex2jar/](https://sourceforge.net/projects/dex2jar/)

sqlmap [http://sqlmap.org/](http://sqlmap.org/)

oxml\_xxe [https://github.com/BuffaloWill/oxml\_xxe/](https://github.com/BuffaloWill/oxml_xxe/)

XXE Injector [https://github.com/enjoiz/XXEinjector](https://github.com/enjoiz/XXEinjector)

The JSON Web Token Toolkit [https://github.com/ticarpi/jwt\_tool](https://github.com/ticarpi/jwt_tool)

ground-control [https://github.com/jobertabma/ground-control](https://github.com/jobertabma/ground-control)

ssrfDetector [https://github.com/JacobReynolds/ssrfDetector](https://github.com/JacobReynolds/ssrfDetector)

LFISuit [https://github.com/D35m0nd142/LFISuite](https://github.com/D35m0nd142/LFISuite)

GitTools [https://github.com/internetwache/GitTools](https://github.com/internetwache/GitTools)

dvcs-ripper [https://github.com/kost/dvcs-ripper](https://github.com/kost/dvcs-ripper)

tko-subs [https://github.com/anshumanbh/tko-subs](https://github.com/anshumanbh/tko-subs)

HostileSubBruteforcer [https://github.com/nahamsec/HostileSubBruteforcer](https://github.com/nahamsec/HostileSubBruteforcer) Race the Web [https://github.com/insp3ctre/race-the-web](https://github.com/insp3ctre/race-the-web)

ysoserial [https://github.com/GoSecure/ysoserial](https://github.com/GoSecure/ysoserial)

PHPGGC [https://github.com/ambionics/phpggc](https://github.com/ambionics/phpggc)

CORStest [https://github.com/RUB-NDS/CORStest](https://github.com/RUB-NDS/CORStest)

retire-js [https://github.com/RetireJS/retire.js](https://github.com/RetireJS/retire.js)

getsploit [https://github.com/vulnersCom/getsploit](https://github.com/vulnersCom/getsploit)

Findsploit [https://github.com/1N3/Findsploit](https://github.com/1N3/Findsploit)

bfac [https://github.com/mazen160/bfac](https://github.com/mazen160/bfac)

WPScan [https://wpscan.org/](https://wpscan.org/)

CMSMap [https://github.com/Dionach/CMSmap](https://github.com/Dionach/CMSmap)

Amass [https://github.com/OWASP/Amass](https://github.com/OWASP/Amass)
