Skip to content

godzilla74/bounty-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
fuzzing
fuzzing
 
 
generators
generators
 
 
js
js
 
 
servers/php
servers/php
 
 
ssrf
ssrf
 
 
utils
utils
 
 
README.md
README.md
 
 

Repository files navigation

Various tools I've made for bug bounty hunting

/js
  • beautify-js.py:
    • Why: Mass download of JS files and beautify for easier reading/grepping
    • Uses: Recon, Source code
    • Syntax: python3 beautify-js.py --infile [file with a ton of URLS in it] --outdir [where to save the beautified results]
/ssrf
  • sentry-scraping-ssrf.py:
    • Why: Sentry scraping could result in unwanted exposure of debug info
    • Uses: SSRF
    • Syntax: python3 sentry-scraping-ssrf.py --infile [file with a ton of URLS in it] --payload [a malicious callback link (burp collab?) --threads [x]
/generators
  • wayback-words.py:
    • Why: Generate a wordlist based on things from the past
    • Uses: Recon
    • Syntax: python3 wayback-words.py --infile [file with a ton of URLs in it] --outfile [where to save the generated list] --exclusions [extensions to exclude (ie: .png .jpg)]
/fuzzing
  • param-replace.py:
    • Why: Mass find/replace of all parameters in a URL with a given payload.
    • Uses: Open Redirect, SSRF
    • Syntax: python3 param-replace.py --infile [file with ton of URLs in it] --outfile [where to save the results] --payload [a malicious callback link (burp collab>)]
  • param-stuffing.py:
    • Why: Stuff given parameters in a URL with a given payload.
    • Uses: Open Redirect, SSRF
    • Syntax: python3 param-stuffing.py --infile [file with ton of URLs in it] --outfile [where to save the results] --params [url redirect u r etc] --payload [a malicious callback link (burp collab>)]
  • header-check.py:
    • Why: Stuff a payload in URL parameters and see if they are reflected in response headers.
    • Uses: Header tampering, XSS
    • Syntax: python3 header-checky.py --infile [file with ton of URLs in it] --outfile [where to save the results] --payload [a malicious callback link (burp collab>)]
  • header-fuzz.py:
    • Why: Stuff custom headers into a request to see what happens.
    • Uses: Header tampering, Open Redirect, SSRF
    • Syntax: python3 header-fuzz.py --infile [file with ton of URLs in it] --outfile [where to save the results] --headers [User-Agent X-Forwarded-For etc...] --payload [a malicious callback link (burp collab>)]

About

Various tools I've made to make life easier

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages