Bug Bounty Starter Kit
Beginner ยท 10 tools
Everything you need to start finding vulnerabilities in bug bounty programs. This kit walks you through passive reconnaissance, web content discovery, and automated vulnerability scanning using battle-tested open source tools. Ideal for hunters new to the game or building their first recon pipeline.
Recon
Start by mapping the target's attack surface. Subdomain enumeration reveals hidden assets, while HTTP probing confirms which hosts are alive. URL crawling and archive mining surface endpoints that may have been overlooked or forgotten by the target.
Web Scanning
Brute-force directories and harvest parameters from historical archives and live crawling. These tools help you discover hidden endpoints, backup files, and input parameters that become injection points for further testing.
Vulnerability Discovery
Run targeted vulnerability checks against discovered endpoints. Template-based scanning catches known CVEs and misconfigurations, while specialized tools focus on XSS and parameter injection testing with payload generation.
