\__/ \__/ \__/
(oo) (o-) (@@)
//||\\ //||\\ //||\\
bug bug bug
winking hangover
|
γ__,.γγ½. / ,γΌο½€ γ
οΌΌ ', !-ββ-i / /Β΄
οΌ`ο½°' L/οΌ`γ½ο½€
/ οΌ, /| , , ',
ο½² / /-β/ ο½ L_ οΎ γ½! i
οΎ οΎ 7ο½²`οΎ οΎ'ο½§-οΎο½€!γ| |
!,/7 '0' Β΄0iγ½| |
|.δ»" _ ,,,, / |./ |
οΎ'| iοΌ.ο½€,,__ _,.γ€ / .i |
οΎ'| | / k_οΌ_/οΎ'γ½, οΎ. |
| |/i γ|/ i ,.οΎ | i |
.|/ / ο½οΌ οΎ! οΌΌ |
kγ½>ο½€οΎ _,.οΎο½€ /ο½€!
!'γ//`οΌ΄Β΄', οΌΌ `'7'ο½°r'
οΎ'γ½L__|___i,___,γ³οΎ|γ
οΎ-,/ |___./
'ο½°' !_,.:
|
A high-performance, fully automated toolkit for Bug Bounty, VDP, and Penetration Testing. Seamlessly deploy, update, and manage 51 essential hacking tools and 124+ GF patterns on Kali Linux.
| Script | Description |
|---|---|
install-toolkit-for-linux-fixed.sh |
Full installer β installs all 51 tools from scratch |
update-toolkit.sh |
Smart updater β updates only installed tools |
gf-install-updated.sh |
GF pattern installer β 16 curated pattern repos |
check-toolkit.sh |
Health checker β verifies all tools are working |
uninstall-toolkit.sh |
Uninstaller β safely removes all tools and binaries |
β οΈ Kali Linux only. Tested on Kali Rolling. Other distros (Ubuntu, Debian, Parrot) are not officially supported β APT packages and Python flags may differ.
Installed via
go install @latestβ synced to/usr/local/bin/
| Tool | Purpose |
|---|---|
| subfinder | Passive subdomain enumeration |
| assetfinder | Find related domains & subdomains |
| shosubgo | Shodan subdomain grabber |
| github-subdomains | Find subdomains via GitHub |
| chaos | ProjectDiscovery subdomain dataset |
| ffuf | Fast web fuzzer |
| gobuster | Directory/file/DNS/vhost brute force |
| naabu | Fast port scanner |
| gau | Get all URLs from Wayback/AlienVault |
| waybackurls | Fetch URLs from Wayback Machine |
| katana | Next-gen web crawler |
| hakrawler | Fast web crawler for endpoints |
| gf | Pattern matching wrapper for grep |
| qsreplace | Replace query string values |
| httpx | Fast HTTP probing |
| httprobe | Probe for working HTTP/HTTPS servers |
| anew | Append unique lines to file |
| unfurl | Pull URL components |
| subzy | Subdomain takeover tool |
| freq | Send bulk GET requests |
| kxss | Find XSS-injectable parameters |
| xsschecker | XSS parameter checker |
| dalfox | XSS scanning & parameter analysis |
| crlfuzz | CRLF injection scanner |
| nomore403 | 403 bypass techniques |
| dnsx | Fast DNS toolkit |
| tlsx | TLS/SSL information gathering |
| cdncheck | Detect CDN-protected IPs |
| puredns | Reliable DNS brute force |
| brutespray | Brute force from nmap output |
Mix of pip-installed and git-cloned β synced to
/usr/local/bin/
| Tool | Type | Purpose |
|---|---|---|
| crtsh | git | Certificate transparency lookup |
| dirsearch | pip | Web path discovery |
| arjun | git | HTTP parameter discovery |
| dirhunt | pip | Directory finder without brute force |
| bhedak | pip | Replace query string values (python) |
| xsstrike | git | XSS detection suite |
| shcheck | git | HTTP security headers checker |
| secretfinder | git | Find API keys & secrets in JS |
| paramspider | git | Parameter mining from web archives |
| waymore | git | More ways to get URLs |
| cmseek | git | CMS detection & exploitation |
| lucek | git | LFI/URL checker |
| wafw00f | pip | WAF fingerprinting |
| ghauri | git | Advanced SQL injection detection |
| sqlmap | git | Automatic SQL injection |
| commix | git | Command injection exploitation |
Installed via pre-compiled binary download or compiled from source
| Tool | Install Method | Purpose |
|---|---|---|
| medusa | source (make) | Parallel brute force |
| urldedupe | source (cmake) | URL deduplication |
| rustscan | binary | Modern fast port scanner |
| nuclei | binary | Template-based vulnerability scanner |
| testssl.sh | git | SSL/TLS testing tool |
sudo apt update
sudo apt install -y git curl wget golang python3 python3-pip cmake libpcap-devgit clone https://github.com/iMoon07/bugbounty-toolkit.git
cd ~/bugbounty-toolkit
chmod +x *.sh
sudo ./install-toolkit-for-linux-fixed.shβ±οΈ Estimated time: 15β30 minutes depending on internet speed
π‘ Troubleshooting Failed Installs:
If the summary at the end shows any tools failed to install, run the installer a second time (sudo ./install-toolkit-for-linux-fixed.sh). Sometimes network timeouts or dependency locks cause temporary failures. If it still fails, check the log:cat install.logto trace the exact error.
What this does:
- Skips already installed tools (safe to re-run multiple times)
- Clones git repos to
~/BUG_BOUNTY_TOOLS/ - Syncs all Go binaries and Python wrappers to
/usr/local/bin/
gf is a wrapper around grep for identifying vulnerabilities in URLs. You must install the patterns before running the health check.
cd ~/bugbounty-toolkit
./gf-install-updated.shπ Log file:
gf-install.logβ Check this log if any pattern repo fails to clone.
All patterns are aggregated and saved directly into ~/.gf/*.json.
| Pattern Category | Source Repositories |
|---|---|
| Core Collections | 1ndianl33t/Gf-Patterns, robre/gf-patterns, mrofisr/gf-patterns |
| Specialized Lists | NitinYadav00/gf-patterns, Matir/gf-patterns, bp0lr/myGF_patterns |
| Grep Patterns | arthur4ires/gfPatterns, r00tkie/grep-pattern |
| Secrets & Creds | dwisiswant0/gf-secrets |
| PHP Dangerous Funcs | Jude-Paul/GF-Patterns-For-Dangerous-PHP-Functions, seqrity/Allin1gf |
| Extended Patterns | scumdestroy/YouthCrew-GF-Patterns, cypher3107/GF-Patterns, R0X4R/Garud |
| New 2025/2026 | coffinxp/GFpattren, rix4uni/gf-patterns |
# Filter URLs by vulnerability pattern
cat urls.txt | gf xss
cat urls.txt | gf sqli
cat urls.txt | gf ssrf
cat urls.txt | gf secretsRun the health check to verify all 51 tools AND the GF patterns are perfectly configured.
cd ~/bugbounty-toolkit
./check-toolkit.shπ Log file:
check.logβ Trace this log to see exactly what tool is missing from your$PATH.
Output Statuses:
- β ok β Binary found and fully functional.
- β not installed β Tool is missing or your terminal
$PATHis broken. Try running the installer again or open a new terminal.
Smart update strategy that only touches installed tools.
cd ~/bugbounty-toolkit
sudo ./update-toolkit.shπ Log file:
update.logβ Check this if an update crashes (e.g. Go version mismatch).
Update Strategy:
- Go tools:
go install @latest - Python tools:
pip3 install -Uorgit pull - Binaries: Re-download latest GitHub releases
If you want to completely remove the toolkit and its tools, run the smart uninstaller.
cd ~/bugbounty-toolkit
sudo ./uninstall-toolkit.shπ Log file:
uninstall.logβ Contains the exact paths of all deleted binaries.
What the uninstaller does:
- Automatically clears any stuck
aptordpkglocks - Removes the
~/BUG_BOUNTY_TOOLS/and~/.gf/directories - Smart Tracking: Dynamically reads the tool list from
check-toolkit.shand tracks down their exact binary locations across your entire system ($PATH) to ensure 100% complete removal - Leaves base dependencies (
go,python3,cmake) intact so you can easily reinstall later
~/bugbounty-toolkit/ β scripts live here (clone this repo)
βββ install-toolkit-for-linux-fixed.sh β install tools
βββ update-toolkit.sh β update tools
βββ gf-install-updated.sh β install gf patterns
βββ check-toolkit.sh β check health of tools
βββ uninstall-toolkit.sh β smart uninstaller
βββ install.log β install log (auto-created)
βββ update.log β update log (auto-created)
βββ check.log β health check log (auto-created)
βββ gf-install.log β gf installation log (auto-created)
βββ README.md β Guide
~/BUG_BOUNTY_TOOLS/ β source code & repos cloned here
βββ Arjun/ β HTTP parameter discovery (pip installed)
βββ CMSeeK/ β CMS detection (bash wrapper created)
βββ commix/ β Command injection (bash wrapper created)
βββ crtsh.py/ β certificate transparency (copied to bin)
βββ ghauri/ β SQL injection (pip installed)
βββ LUcek/ β LFI/URL checker (copied to bin)
βββ medusa/ β Parallel brute force (compiled via make)
βββ Nuclei/ β Vulnerability scanner (binary extracted)
βββ paramspider/ β parameter mining (pip installed)
βββ SecretFinder/ β JS secrets finder (copied to bin)
βββ shcheck/ β HTTP security headers (bash wrapper created)
βββ sqlmap/ β Automatic SQL injection (bash wrapper created)
βββ testssl.sh/ β SSL/TLS testing (copied to bin)
βββ urldedupe/ β URL deduplication (compiled via cmake)
βββ waymore/ β URL discovery (pip installed)
βββ XSStrike/ β XSS detection suite (copied to bin)
/usr/local/bin/ β ALL 51 binaries/wrappers β run from anywhere
βββ Go Tools : subfinder, assetfinder, shosubgo, github-subdomains, chaos, ffuf, gobuster, naabu, gau, waybackurls, katana, hakrawler, gf, qsreplace, anew, unfurl, httpx, httprobe, subzy, freq, kxss, xsschecker, dalfox, crlfuzz, nomore403, dnsx, tlsx, cdncheck, puredns, brutespray
βββ Pip Tools : dirsearch, arjun, dirhunt, bhedak, wafw00f, paramspider, waymore, ghauri
βββ Custom Wraps : crtsh, xsstrike, shcheck, secretfinder, cmseek, lucek, sqlmap, commix
βββ Binaries : urldedupe, medusa, rustscan, nuclei, testssl.sh
~/.gf/ β GF pattern files (JSON)
βββ xss.json, sqli.json, ssrf.json, lfi.json, ssti.json,
rce.json, idor.json, redirect.json, secrets.json, ... (124+ files)
~/bugbounty-toolkit/: This is the "Control Center". It contains the 5 main scripts (install,update,check,uninstall,gf-install) that manage everything. You only come here when you need to run one of these scripts.~/BUG_BOUNTY_TOOLS/: This is the "Warehouse". When the installer runs, it clones massive repositories (like SQLMap or CMSeeK) into this folder. You don't need to manually interact with this folder because the binaries/wrappers in/usr/local/bin/will automatically call the code stored here.~/.gf/: The "Pattern Library". Contains all the.jsonsignature files used by thegftool to grep for vulnerabilities.
- Go Tools: Compiled natively via
go install. These are single static binaries copied directly for lightning-fast execution. - Pip Tools: Installed via Python's package manager (
pip). We forcefully link their executables into/usr/local/bin/to bypass Kali's strict environment rules. - Custom Wraps: This is the magic part. For tools that are just giant folders of Python code (like
sqlmap,cmseek,commix), the installer creates a smart bash "wrapper" script in/usr/local/bin/that silently points back to the source code in~/BUG_BOUNTY_TOOLS/. This means you can typesqlmapfrom anywhere without needing tocdinto its directory first. - Binaries: Standard compiled binaries (C/C++/Rust) built via
make/cmakeor downloaded directly from GitHub Releases.
Check logs for troubleshooting:
All scripts automatically generate logs in the ~/bugbounty-toolkit/ directory. If you encounter issues, these logs contain the exact errors (like missing dependencies or network timeouts):
# Check what failed during installation
grep "FAILED" ~/bugbounty-toolkit/install.log
# Check what failed during update
grep "FAILED" ~/bugbounty-toolkit/update.log
# Check errors during uninstallation
cat ~/bugbounty-toolkit/uninstall.log
# View full health check history
cat ~/bugbounty-toolkit/check.log
# View GF patterns installation log
cat ~/bugbounty-toolkit/gf-install.logBefore hunting in the wild for VDP or Bug Bounty, test your weapons here first. No need to test on random live sites and make enemies.
These local labs are the best places to safely test this toolkit:
| Lab | Stack | Link | Best for |
|---|---|---|---|
| Mutillidae II | PHP + MySQL | github.com/webpwnized/mutillidae2 | Comprehensive training for OWASP Top 10 |
| DVWA | PHP + MySQL | github.com/digininja/DVWA | Beginners β great for practicing SQLi & XSS |
| bWAPP | PHP + MySQL | sourceforge.net/projects/bwapp/files/bWAPP/ | Massive collection of 100+ different vulnerabilities |
| WebGoat | Java | github.com/WebGoat/WebGoat | Step-by-step guided lessons with hints |
| Juice Shop | Node.js | github.com/juice-shop/juice-shop | Modern UI (Angular) β feels exactly like a real-world target |
π‘ Why start here? Mastering these labs ensures you know why a vulnerability exists, how to exploit it manually, and how to automate the discovery using the 51 tools in this toolkit. Do not rush to live targets until you can confidently compromise these environments.
Now that you have all the tools, you need to know how to chain them together for maximum impact! For a massive collection of ready-to-use Bug Bounty one-liners (for Recon, XSS, SQLi, SSRF, etc.), check out this awesome repository:
- Rootbakar's Simple One-Liner β Highly recommended reference!
- Developed by iMoon
- Inspired by Rootbakar β original toolkit concept
- All tool authors and contributors listed above
This toolkit is intended for legal security testing and educational purposes only.
Always obtain proper authorization before testing any systems.
The developers are not responsible for any misuse of these tools.