A multiplatform bug bounty toolkit that can be installed on Debian/Ubuntu or setup with Docker.
- The objective of this toolkit is to provide pentesters, security researchers and bug bounty hunters with a pre-configured environment that has some of the most popular tools and frameworks already installed and configured.
- This toolkit offers a multiplatform base to work with as the script can be installed on Linux, setup with Docker or installed on Windows with WSL (Windows Subsystem For Linux).
- The installer script can be customized to add or remove specific tools based on your requirements.
- Tools are constantly being added, updated and fixed.
- Pull once. Update as needed.
- In addition to the tools that are already installed, you can use the Katoolin script to install additional tools that you may require during your engagements.
Docker Hub Link: https://hub.docker.com/r/hackersploit/bugbountytoolkit
docker pull hackersploit/bugbountytoolkit
docker run -it hackersploit/bugbountytoolkit /bin/bash
docker run -it hackersploit/bugbountytoolkit /usr/bin/zsh
docker build . -t hackersploit/bugbountytoolkit
git clone https://github.com/AlexisAhmed/BugBountyToolkit.git
cd BugBountyToolkit
chmod +x install.sh
./install.sh
You can install new tools from the Kali Linux repositories by utilizing the Katoolin script.
cd ~/toolkit
cd katoolin
./katoolin.py
- altdns
- amass
- awscli
- bucket_finder
- CloudFlair
- commix
- dirb
- dirsearch
- dnsenum
- dnsrecon
- dotdotpwn
- droopescan
- fierce
- ffuf
- gobuster
- gitGraber
- httprobe
- joomscan
- Knockpy
- masscan
- massdns
- Nikto
- Nmap
- Recon-ng
- s3recon
- S3Scanner
- sqlmap
- subfinder
- Sublist3r
- subjack
- SubOver
- teh_s3_bucketeers
- thc-hydra
- theHarvester
- tmux
- virtual-host-discovery
- wafw00f
- waybackurls
- wfuzz
- whatweb
- wpscan
- XSStrike
- zsh
- SecLists
- Sn1per Framework
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent