A bash script that will automatically install a list of bug hunting tools I sometimes use for recon, exploitation, etc. (minus burp.) (Contributions are always welcome.)
git clone https://github.com/0xApt/awesome-bbht.sh cd awesome-bbht chmod +x awesome-bbht.sh sudo ./awesome-bbht.sh
The list of tools downloaded:
aquatone - A Tool for Domain Flyovers
knockpy - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
assetfinder - Find domains and subdomains related to a given domain
rsdl - Subdomain Scan with the Ping Method
domain_analyzer - Analyze the security of any domain by finding all the information possible. Made in python.
massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
amass - In-depth Attack Surface Mapping and Asset Discovery
sub.sh - Online Subdomain Detect Script
sublist3r - Fast subdomains enumeration tool for penetration testers
Sudomy - Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way . Report output in HTML or CSV format https://github.com/Screetsec/
dnsenum - Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.
s3brute - s3 brute force tool
s3-bucket-finder - Find aws s3 buckets and extract datas.
bucket-stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs.
slurp - Enumerate S3 buckets via certstream, domain, or keywords.
lazys3 - A Ruby script to bruteforce for AWS s3 buckets using different permutations.
cred_scanner - A simple file-based scanner to look for potential AWS access and secret keys in files
DumpsterDiver - A tool used to analyze big volumes of various file types in search of harcoded secrets like keys (AWS Access Key, Azuer Share Key or SSH keys) or passwords.
S3Scanner - Scan for open AWS S3 buckets and dump the contents
relative-url-extractor - A small tool that extracts relative URLs from a file.
Crawler - Crawl website extract links
waybackMachine - Use wayback Machine data to pull a list of paths.
meg - Fetch many paths for many hosts - without killing the hosts
hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
igoturls - WaybackURLS + OtxURLS + CommonCrawl
gobuster - Directory/File, DNS and VHost busting tool written in Go
ffuf - Fast web fuzzer written in Go
dirsearch - Web path scanner
subjack - Subdomain Takeover tool written in Go
subdomain-takeover - Subdomain Takeover Scanner | Subdomain Takeover Tool | by 0x94
takeover - Sub-Domain TakeOver Vulnerability Scanner
SubOver - A Powerful Subdomain Takeover Tool
sqliv - massive SQL injection vulnerability scanner
sqlmate - A friend of SQLmap which will do what you always expected from SQLmap.
XSS-Finder - World's most Powerful and Advanced Cross Site Scripting Software
XSStrike - Most advanced XSS scanner.
XSS-keylogger - A keystroke logger to exploit XSS vulnerabilities in a site - for my personal Educational purposes only
CMSmap - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 170 other CMSs
wpscan - WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites
Joomscan - OWASP Joomla Vulnerability Scanner Project
Droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
Drupwn - Drupal enumeration & exploitation tool
truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
git-dumper - A tool to dump a git repository from a website
Sn1per - Automated pentest framework for offensive security experts
XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
datasploit - An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
Osmedeus - Fully automated offensive security framework for reconnaissance and vulnerability scanning
TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.
discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
lazyrecon - This script is intended to automate your reconnaissance process in an organized fashion
003Recon - Some tools to automate recon - 003random
LazyRecon - An automated approach to performing recon for bug bounty hunting and penetration testing.
SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
nmap - network mapper
Blazy - Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF.
httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
broken-link-checker - Find broken links, missing images, etc within your HTML.
wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.