Skip to content

iMoon07/bugbounty-toolkit

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

94 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

  \__/         \__/         \__/
  (oo)         (o-)         (@@)
 //||\\       //||\\       //||\\
  bug          bug          bug
             winking      hangover

_/ _/ __/ (xx) (--) (OO) //||\ //||\ //||\ dead bug bug bug sleep female

     く__,.γƒ˜γƒ½.        /  ,γƒΌο½€ 〉
          οΌΌ ', !-─‐-i  /  /Β΄
          /`ο½°'     L//`ヽ`
        /   /,  /|  ,  ,       ',
       ο½²   / /-‐/  i  L_ ハ ヽ!   i
        レ ヘ 7ο½²`οΎ„  レ'ο½§-οΎ„ο½€!ハ|    |
         !,/7 '0'    Β΄0iγ‚½|         |
         |.从"    _    ,,,, / |./    |
         レ'| i>.ο½€,,__  _,.γ‚€ /   .i   |
          レ'| | / k_οΌ—_/レ'ヽ,  ハ.  |
            | |/i γ€ˆ|/  i  ,.ヘ |  i  |
           .|/ /  ο½‰οΌš   ヘ!    οΌΌ  |
          kヽ>`ハ   _,.ヘ`   /ο½€!
           !'γ€ˆ//`οΌ΄Β΄', οΌΌ `'7'ο½°r'
           レ'ヽL__|___i,___,γƒ³οΎš|γƒŽ
              οΎ„-,/  |___./
              'ο½°'    !_,.:

πŸ› BUG BOUNTY TOOLKIT v1.0

A high-performance, fully automated toolkit for Bug Bounty, VDP, and Penetration Testing. Seamlessly deploy, update, and manage 51 essential hacking tools and 124+ GF patterns on Kali Linux.

Platform Tools Scripts YouTube

Developed by iMoon Β· Inspired by Rootbakar


πŸ“ Scripts Overview

Script Description
install-toolkit-for-linux-fixed.sh Full installer β€” installs all 51 tools from scratch
update-toolkit.sh Smart updater β€” updates only installed tools
gf-install-updated.sh GF pattern installer β€” 16 curated pattern repos
check-toolkit.sh Health checker β€” verifies all tools are working
uninstall-toolkit.sh Uninstaller β€” safely removes all tools and binaries

⚠️ Kali Linux only. Tested on Kali Rolling. Other distros (Ubuntu, Debian, Parrot) are not officially supported β€” APT packages and Python flags may differ.


πŸ› οΈ Tool List β€” 51 Tools Total

⚑ Go Tools (30)

Installed via go install @latest β†’ synced to /usr/local/bin/

Tool Purpose
subfinder Passive subdomain enumeration
assetfinder Find related domains & subdomains
shosubgo Shodan subdomain grabber
github-subdomains Find subdomains via GitHub
chaos ProjectDiscovery subdomain dataset
ffuf Fast web fuzzer
gobuster Directory/file/DNS/vhost brute force
naabu Fast port scanner
gau Get all URLs from Wayback/AlienVault
waybackurls Fetch URLs from Wayback Machine
katana Next-gen web crawler
hakrawler Fast web crawler for endpoints
gf Pattern matching wrapper for grep
qsreplace Replace query string values
httpx Fast HTTP probing
httprobe Probe for working HTTP/HTTPS servers
anew Append unique lines to file
unfurl Pull URL components
subzy Subdomain takeover tool
freq Send bulk GET requests
kxss Find XSS-injectable parameters
xsschecker XSS parameter checker
dalfox XSS scanning & parameter analysis
crlfuzz CRLF injection scanner
nomore403 403 bypass techniques
dnsx Fast DNS toolkit
tlsx TLS/SSL information gathering
cdncheck Detect CDN-protected IPs
puredns Reliable DNS brute force
brutespray Brute force from nmap output

🐍 Python Tools (16)

Mix of pip-installed and git-cloned β†’ synced to /usr/local/bin/

Tool Type Purpose
crtsh git Certificate transparency lookup
dirsearch pip Web path discovery
arjun git HTTP parameter discovery
dirhunt pip Directory finder without brute force
bhedak pip Replace query string values (python)
xsstrike git XSS detection suite
shcheck git HTTP security headers checker
secretfinder git Find API keys & secrets in JS
paramspider git Parameter mining from web archives
waymore git More ways to get URLs
cmseek git CMS detection & exploitation
lucek git LFI/URL checker
wafw00f pip WAF fingerprinting
ghauri git Advanced SQL injection detection
sqlmap git Automatic SQL injection
commix git Command injection exploitation

πŸ”§ Binary Tools (5)

Installed via pre-compiled binary download or compiled from source

Tool Install Method Purpose
medusa source (make) Parallel brute force
urldedupe source (cmake) URL deduplication
rustscan binary Modern fast port scanner
nuclei binary Template-based vulnerability scanner
testssl.sh git SSL/TLS testing tool

πŸš€ 1. Installation (Base Tools)

Prerequisites

sudo apt update
sudo apt install -y git curl wget golang python3 python3-pip cmake libpcap-dev

Install Toolkit

git clone https://github.com/iMoon07/bugbounty-toolkit.git
cd ~/bugbounty-toolkit
chmod +x *.sh
sudo ./install-toolkit-for-linux-fixed.sh

⏱️ Estimated time: 15–30 minutes depending on internet speed

πŸ’‘ Troubleshooting Failed Installs:
If the summary at the end shows any tools failed to install, run the installer a second time (sudo ./install-toolkit-for-linux-fixed.sh). Sometimes network timeouts or dependency locks cause temporary failures. If it still fails, check the log: cat install.log to trace the exact error.

What this does:

  • Skips already installed tools (safe to re-run multiple times)
  • Clones git repos to ~/BUG_BOUNTY_TOOLS/
  • Syncs all Go binaries and Python wrappers to /usr/local/bin/

πŸ“‚ 2. GF Patterns Installation (Required)

gf is a wrapper around grep for identifying vulnerabilities in URLs. You must install the patterns before running the health check.

cd ~/bugbounty-toolkit
./gf-install-updated.sh

πŸ“„ Log file: gf-install.log β€” Check this log if any pattern repo fails to clone.

Installed Pattern Sources (16 Repos)

All patterns are aggregated and saved directly into ~/.gf/*.json.

Pattern Category Source Repositories
Core Collections 1ndianl33t/Gf-Patterns, robre/gf-patterns, mrofisr/gf-patterns
Specialized Lists NitinYadav00/gf-patterns, Matir/gf-patterns, bp0lr/myGF_patterns
Grep Patterns arthur4ires/gfPatterns, r00tkie/grep-pattern
Secrets & Creds dwisiswant0/gf-secrets
PHP Dangerous Funcs Jude-Paul/GF-Patterns-For-Dangerous-PHP-Functions, seqrity/Allin1gf
Extended Patterns scumdestroy/YouthCrew-GF-Patterns, cypher3107/GF-Patterns, R0X4R/Garud
New 2025/2026 coffinxp/GFpattren, rix4uni/gf-patterns

Basic Usage

# Filter URLs by vulnerability pattern
cat urls.txt | gf xss
cat urls.txt | gf sqli
cat urls.txt | gf ssrf
cat urls.txt | gf secrets

🩺 3. Health Check

Run the health check to verify all 51 tools AND the GF patterns are perfectly configured.

cd ~/bugbounty-toolkit
./check-toolkit.sh

πŸ“„ Log file: check.log β€” Trace this log to see exactly what tool is missing from your $PATH.

Output Statuses:

  • βœ“ ok β€” Binary found and fully functional.
  • ⊘ not installed β€” Tool is missing or your terminal $PATH is broken. Try running the installer again or open a new terminal.

πŸ”„ 4. Updating

Smart update strategy that only touches installed tools.

cd ~/bugbounty-toolkit
sudo ./update-toolkit.sh

πŸ“„ Log file: update.log β€” Check this if an update crashes (e.g. Go version mismatch).

Update Strategy:

  • Go tools: go install @latest
  • Python tools: pip3 install -U or git pull
  • Binaries: Re-download latest GitHub releases

πŸ—‘οΈ 5. Uninstallation (Optional)

If you want to completely remove the toolkit and its tools, run the smart uninstaller.

cd ~/bugbounty-toolkit
sudo ./uninstall-toolkit.sh

πŸ“„ Log file: uninstall.log β€” Contains the exact paths of all deleted binaries.

What the uninstaller does:

  • Automatically clears any stuck apt or dpkg locks
  • Removes the ~/BUG_BOUNTY_TOOLS/ and ~/.gf/ directories
  • Smart Tracking: Dynamically reads the tool list from check-toolkit.sh and tracks down their exact binary locations across your entire system ($PATH) to ensure 100% complete removal
  • Leaves base dependencies (go, python3, cmake) intact so you can easily reinstall later

πŸ“‚ Directory Structure

~/bugbounty-toolkit/               ← scripts live here (clone this repo)
β”œβ”€β”€ install-toolkit-for-linux-fixed.sh ← install tools
β”œβ”€β”€ update-toolkit.sh              ← update tools
β”œβ”€β”€ gf-install-updated.sh          ← install gf patterns
β”œβ”€β”€ check-toolkit.sh               ← check health of tools
β”œβ”€β”€ uninstall-toolkit.sh           ← smart uninstaller
β”œβ”€β”€ install.log                    ← install log (auto-created)
β”œβ”€β”€ update.log                     ← update log (auto-created)
β”œβ”€β”€ check.log                      ← health check log (auto-created)
β”œβ”€β”€ gf-install.log                 ← gf installation log (auto-created)
└── README.md                      ← Guide

~/BUG_BOUNTY_TOOLS/                ← source code & repos cloned here
β”œβ”€β”€ Arjun/                         ← HTTP parameter discovery (pip installed)
β”œβ”€β”€ CMSeeK/                        ← CMS detection (bash wrapper created)
β”œβ”€β”€ commix/                        ← Command injection (bash wrapper created)
β”œβ”€β”€ crtsh.py/                      ← certificate transparency (copied to bin)
β”œβ”€β”€ ghauri/                        ← SQL injection (pip installed)
β”œβ”€β”€ LUcek/                         ← LFI/URL checker (copied to bin)
β”œβ”€β”€ medusa/                        ← Parallel brute force (compiled via make)
β”œβ”€β”€ Nuclei/                        ← Vulnerability scanner (binary extracted)
β”œβ”€β”€ paramspider/                   ← parameter mining (pip installed)
β”œβ”€β”€ SecretFinder/                  ← JS secrets finder (copied to bin)
β”œβ”€β”€ shcheck/                       ← HTTP security headers (bash wrapper created)
β”œβ”€β”€ sqlmap/                        ← Automatic SQL injection (bash wrapper created)
β”œβ”€β”€ testssl.sh/                    ← SSL/TLS testing (copied to bin)
β”œβ”€β”€ urldedupe/                     ← URL deduplication (compiled via cmake)
β”œβ”€β”€ waymore/                       ← URL discovery (pip installed)
└── XSStrike/                      ← XSS detection suite (copied to bin)

/usr/local/bin/                   ← ALL 51 binaries/wrappers β†’ run from anywhere
β”œβ”€β”€ Go Tools     : subfinder, assetfinder, shosubgo, github-subdomains, chaos, ffuf, gobuster, naabu, gau, waybackurls, katana, hakrawler, gf, qsreplace, anew, unfurl, httpx, httprobe, subzy, freq, kxss, xsschecker, dalfox, crlfuzz, nomore403, dnsx, tlsx, cdncheck, puredns, brutespray
β”œβ”€β”€ Pip Tools    : dirsearch, arjun, dirhunt, bhedak, wafw00f, paramspider, waymore, ghauri
β”œβ”€β”€ Custom Wraps : crtsh, xsstrike, shcheck, secretfinder, cmseek, lucek, sqlmap, commix
└── Binaries     : urldedupe, medusa, rustscan, nuclei, testssl.sh

~/.gf/                            ← GF pattern files (JSON)
└── xss.json, sqli.json, ssrf.json, lfi.json, ssti.json,
    rce.json, idor.json, redirect.json, secrets.json, ... (124+ files)

πŸ’‘ Folders Explained

  • ~/bugbounty-toolkit/: This is the "Control Center". It contains the 5 main scripts (install, update, check, uninstall, gf-install) that manage everything. You only come here when you need to run one of these scripts.
  • ~/BUG_BOUNTY_TOOLS/: This is the "Warehouse". When the installer runs, it clones massive repositories (like SQLMap or CMSeeK) into this folder. You don't need to manually interact with this folder because the binaries/wrappers in /usr/local/bin/ will automatically call the code stored here.
  • ~/.gf/: The "Pattern Library". Contains all the .json signature files used by the gf tool to grep for vulnerabilities.

πŸ’‘ Binary Categories in /usr/local/bin/

  • Go Tools: Compiled natively via go install. These are single static binaries copied directly for lightning-fast execution.
  • Pip Tools: Installed via Python's package manager (pip). We forcefully link their executables into /usr/local/bin/ to bypass Kali's strict environment rules.
  • Custom Wraps: This is the magic part. For tools that are just giant folders of Python code (like sqlmap, cmseek, commix), the installer creates a smart bash "wrapper" script in /usr/local/bin/ that silently points back to the source code in ~/BUG_BOUNTY_TOOLS/. This means you can type sqlmap from anywhere without needing to cd into its directory first.
  • Binaries: Standard compiled binaries (C/C++/Rust) built via make / cmake or downloaded directly from GitHub Releases.

πŸ’‘ Tips

Check logs for troubleshooting:

All scripts automatically generate logs in the ~/bugbounty-toolkit/ directory. If you encounter issues, these logs contain the exact errors (like missing dependencies or network timeouts):

# Check what failed during installation
grep "FAILED" ~/bugbounty-toolkit/install.log

# Check what failed during update
grep "FAILED" ~/bugbounty-toolkit/update.log

# Check errors during uninstallation
cat ~/bugbounty-toolkit/uninstall.log

# View full health check history
cat ~/bugbounty-toolkit/check.log

# View GF patterns installation log
cat ~/bugbounty-toolkit/gf-install.log

πŸ§ͺ Practice Labs

Before hunting in the wild for VDP or Bug Bounty, test your weapons here first. No need to test on random live sites and make enemies.

These local labs are the best places to safely test this toolkit:

Lab Stack Link Best for
Mutillidae II PHP + MySQL github.com/webpwnized/mutillidae2 Comprehensive training for OWASP Top 10
DVWA PHP + MySQL github.com/digininja/DVWA Beginners β€” great for practicing SQLi & XSS
bWAPP PHP + MySQL sourceforge.net/projects/bwapp/files/bWAPP/ Massive collection of 100+ different vulnerabilities
WebGoat Java github.com/WebGoat/WebGoat Step-by-step guided lessons with hints
Juice Shop Node.js github.com/juice-shop/juice-shop Modern UI (Angular) β€” feels exactly like a real-world target

πŸ’‘ Why start here? Mastering these labs ensures you know why a vulnerability exists, how to exploit it manually, and how to automate the discovery using the 51 tools in this toolkit. Do not rush to live targets until you can confidently compromise these environments.


πŸ’» Useful One-Liners

Now that you have all the tools, you need to know how to chain them together for maximum impact! For a massive collection of ready-to-use Bug Bounty one-liners (for Recon, XSS, SQLi, SSRF, etc.), check out this awesome repository:


πŸ™ Credits

  • Developed by iMoon
  • Inspired by Rootbakar β€” original toolkit concept
  • All tool authors and contributors listed above

⚠️ Disclaimer

This toolkit is intended for legal security testing and educational purposes only.
Always obtain proper authorization before testing any systems.
The developers are not responsible for any misuse of these tools.


Made with ❀️ for the Bug Bounty community

LinkedIn Β· GitHub

About

A curated collection of essential tools and scripts for bug bounty hunters and cybersecurity professionals, designed to streamline your vulnerability assessment and penetration testing.

Topics

Resources

License

Stars

5 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages

  • Shell 100.0%