awesome-bbht
github.com/0xapt/awesome-bbht ↗A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me aws s3 bucket resources from awesome-bbht"
Installation instructions →What's inside
Frameworks
- 003Recon
Some tools to automate recon - 003random
- datasploit
An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
- discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
- lazyrecon
This script is intended to automate your reconnaissance process in an organized fashion
- LazyRecon
An automated approach to performing recon for bug bounty hunting and penetration testing.
- Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Other
- altdns
Generates permutations, alterations and mutations of subdomains and then resolves them
- Blazy
Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF.
- broken-link-checker
- httprobe
- nmap
network mapper
- wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Subdomain-enum
- amass
In-depth Attack Surface Mapping and Asset Discovery
- aquatone
A Tool for Domain Flyovers
- assetfinder
Find domains and subdomains related to a given domain
- dnsenum
Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.
- domain_analyzer
Analyze the security of any domain by finding all the information possible. Made in python.
- domain-finder
Content Discovery
- bucket-streamAWS S3 Bucket
Find interesting Amazon S3 Buckets by watching certificate transparency logs.
- CobraCode Audit
Source Code Security Audit (源代码安全审计)
- CrawlerCrawlers
Crawl website extract links
- cred_scannerAWS S3 Bucket
- dirsearchDirectory Bruteforcers & Fuzzers
Web path scanner
- DumpsterDiverAWS S3 Bucket
A tool used to analyze big volumes of various file types in search of harcoded secrets like keys (AWS Access Key, Azuer Share Key or SSH keys) or passwords.
CloudFlare
- CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
CMS
- CMSeeK
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 170 other CMSs
- CMSmap
CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
- Droopescan
- Drupwn
Drupal enumeration & exploitation tool
- Joomscan
OWASP Joomla Vulnerability Scanner Project
- wpscan
WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites
Exploitation
- commixCommand Injection
Automated All-in-One OS command injection and exploitation tool.
- GCPBucketBruteGoogle Cloud Storage
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
- spaces-finderDigital Ocean
A tool to hunt for publicly accessible DigitalOcean Spaces
- sqlivSQLi
massive SQL injection vulnerability scanner
- sqlmapSQLi
Automatic SQL injection and database takeover tool
- sqlmateSQLi
A friend of SQLmap which will do what you always expected from SQLmap.
Git
- git-dumper
A tool to dump a git repository from a website
- truffleHog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Showing a sample of 80 resources. View the full list on GitHub →