Important tools i used to find bugbounty

Wpscan - find to scan wordpress website content

Joomscan - find to scan joomla website content

whatcms.org - detect the cms used by the website and version

CMSmap

scrapy - find the website and to crawl from search engine

Builtwith - find the website technology is based on

Wappalyzer - find the website technologies

cookie editor - extention for perform cookie authentication etc

nmap - find the open ports, servics, version no, contentdiscovery

Dirbuster - Bruteforce directories and file name on web application server, or misconfigured server, not able to public exposed or able to hold off.

Knockpy - find the subdomain enumeration using wordlist

Sublist3r - find the subdomain enumeration using searchengine

Wfuzz - pre install with(type) kali, fuzz and discovery tool, to discover web content using wordlist.

Striker - find the vulnerabilities and offensive information collection

Burp Suite - proxy swiss knife for hunt

Massdns

Dnsenum

Masscan

Sn1per

XSStrike - find the xss vulnearbilities from website

Sqlmap - find the sql injection vulnerabilities

wafw00f

https://gchq.github.io/CyberChef/ - used to perform coding and decoding algorithm tool.

google dork -

OWASP ZAP

-------------------Vulnearbilities exploitation--------------------

LFISuite - Find LFI with command line tool(kali only).

Sqlmap - find the sql injection vulnerabilities