Some tools for Bug Bounty Hunting and How to Use them.

Hello Everyone! I have listed some of the popular & easiest tools for bug hunting. Check them out.

1. FOXYPROXY

FoxyProxy automates the manual process of editing Firefox’s Connection Settings dialog. It switches internet connections across multiple proxy servers.

2. WFUZZ

It provides access to web content using wordlists. Wfuzz comes pre-installed with kali linux. Just run the following command to run it.

# wfuzz

4. KNOCKPY

Knockpy is widely used for subdomain enumeration. This tool can be found on this website : https://github.com/guelfoweb/knock.

Usage :

# git clone https://github.com/guelfoweb/knock.git
# cd knock
# nano knockpy/config.json
Set your virustotal API_KEY# python setup.py install# knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain

5. Sublist3r

It enumerates the subdomains using Open Source Intelligence with the help of various search engines. You can read more about this tool — https://github.com/aboul3la/Sublist3r.

Usage :

# git clone https://github.com/aboul3la/Sublist3r.git
# pip install -r requirements.txt
OR
# apt-get install python-requests python-dnspython python-argparse
# python sublist3r.py -h

6. Striker

A popular information & vulnerability scanner tool.

Usage:

# git clone https://github.com/UltimateHackers/Striker
# cd Striker
# pip install -r requirements.txt
# python striker.py <URL>

7. CYBERCHEF

A popular tool, used to perform encoding and decoding. Many other features are also included. You can use it online: https://gchq.github.io/CyberChef/.

8. SecLists

A hacker must be aware of this tool as it consists of multiple types of wordlists for different security assessments.

Usage:

# git clone https://github.com/danielmiessler/SecLists.git
# cd Seclists

There are many more tools but I can not mention all of them, yet I have tried to list the easiest & beginner friendly tools. I hope that you find them useful.

Happy Hacking. 😀 This content is made available for educational & informational purposes only!🌼

Cyber Security Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store