Tools I Use For Bug Bounty

Tools I Use For Bug Bounty


First off I would like to start off by saying I don’t blindly use these tools and scan everything. I get interested in an app/website and then see ALL its features then inspect what it’s doing behind the scenes.

Web permalink

  • Burp Suite - Tool for inspecting HTTP/HTTPs traffic, plugins I use are turbo intruder to brute force or FUZZ an endpoint. It uses a python API and its free to use
  • sqlmap - Can dump the DB, especially useful for blind SQLIs

Enumeration permalink

  • feroxbuster - for directory enumeration, gobuster also its very good
  • amass - passive inteligence gathering using google, etc.
  • crt.sh - Find similar certs

Android permalink

  • jadx-gui - To view the java source code
  • rootAVD - Root android studio emulator with magisk
  • magisk-frida - 🔐 Run frida-server on boot with Magisk, always up-to-date
  • Android Studio Emulator - The ONLY good emulator I know for bug bounties
  • TrustUserCerts - Allows you to bypass SSL pinning on any app
  • Objection - Extremely useful for dynamic hooking and analysis
  • Frida - Good for JS scripts for hooking into android stuff