Bug Bounty Toolkit



A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.

Why should you use this toolkit?

  • The objective of this toolkit is to provide pentesters, security researchers and bug bounty hunters with a pre-configured environment that has some of the most popular tools and frameworks already installed and configured.
  • This toolkit offers a multiplatform base to work with as the script can be installed on Linux, setup with Docker or installed on Windows with WSL (Windows Subsystem For Linux).
  • The installer script can be customized to add or remove specific tools based on your requirements.
  • Tools are constantly being added, updated and fixed.
  • Pull once. Update as needed.
  • In addition to the tools that are already installed, you can use the Katoolin script to install additional tools that you may require during your engagements.

Docker Pull Instructions

Docker Hub Link: 

docker pull hackersploit/bugbountytoolkit

Docker Run Instructions

Run with Bash

docker run -it hackersploit/bugbountytoolkit /bin/bash

Run with ZSH

docker run -it hackersploit/bugbountytoolkit /usr/bin/zsh

Docker Build Instructions

docker build . -t hackersploit/bugbountytoolkit

Installation Instructions – Ubuntu/Debian

git clone https://github.com/AlexisAhmed/BugBountyToolkit.git
cd BugBountyToolkit
chmod +x install.sh

Installing New Tools

You can install new tools from the Kali Linux repositories by utilizing the Katoolin script.

cd ~/toolkit
cd katoolin

Installed Tools

  •  altdns
  •  amass
  •  awscli
  •  bucket_finder
  •  CloudFlair
  •  commix
  •  dirb
  •  dirsearch
  •  dnsenum
  •  dnsrecon
  •  dotdotpwn
  •  droopescan
  •  fierce
  •  ffuf
  •  gobuster
  •  gitGraber
  •  httprobe
  •  joomscan
  •  Knockpy
  •  masscan
  •  massdns
  •  Nikto
  •  Nmap
  •  Recon-ng
  •  s3recon
  •  S3Scanner
  •  sqlmap
  •  subfinder
  •  Sublist3r
  •  subjack
  •  SubOver
  •  teh_s3_bucketeers
  •  thc-hydra
  •  theHarvester
  •  tmux
  •  virtual-host-discovery
  •  wafw00f
  •  waybackurls
  •  wfuzz
  •  whatweb
  •  wpscan
  •  XSStrike
  •  zsh


  • SecLists

Tools being added

  •  Sn1per Framework