Top 11 Python bug-bounty Projects

dirsearch

12 11,253 7.7 Python

Web path scanner

Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

rengine

4 6,737 9.5 Python

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21

I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.

WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
diodb

10 955 7.6 Python

Open-source vulnerability disclosure and bug bounty program database
clairvoyance

2 908 4.3 Python

Obtain GraphQL API schema even if the introspection is disabled

Project mention: nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled | /r/bugbountybeginner | 2023-09-08

PyCript

5 172 7.8 Python

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty

Project mention: New Release PyCript Burp Suite Extension v0.3 | /r/cybersecurity | 2023-11-23

webdork

1 142 4.1 Python

A Python tool to automate some dorking stuff to find information disclosures.
ParaForge

3 134 2.7 Python

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

Project mention: ParaForge: A BurpSuite extension to create a custom word list of endpoints and parameters for enumeration and fuzzing | /r/cybersecurity | 2023-06-30

InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Layla

1 77 0.0 Python

[EN] BETA: Layla - recon tool for bug bounty
OrgASM

2 25 7.1 Python

A tool for Oragnized ASM (Attack Surface Mapper). Subdomains enumeration, IPs scans, Vulnerability assesment...

Project mention: New Attack Surface Discovery tool : OrgASM | /r/cybersecurity | 2023-05-31

Beginner-Bug-Bounty-Automation

2 22 3.4 Python

Many script that can be modified according to your needs for Information Gathering and Asset discovery in Bug Bounty Hunting (Pull requests are welcome!)
Subfind3r

1 2 6.1 Python

An improved version of Sublist3r, a python based Fast subdomains enumeration tool for penetration testers

Project mention: Contribution invite to the Updated version of sublist3r | /r/bugbounty | 2023-12-11

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python bug-bounty related posts

nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled
1 project | /r/bugbountybeginner | 8 Sep 2023
ParaForge: A BurpSuite extension to create a custom word list of endpoints and parameters for enumeration and fuzzing
1 project | /r/cybersecurity | 30 Jun 2023
ParaForge: A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
1 project | /r/bag_o_news | 27 Jun 2023
How do real hunters handle with rate-limit?
3 projects | /r/bugbounty | 10 Mar 2023
Kali Linux - Finding the required user agent when /robots.txt is not available
2 projects | /r/OSINT | 20 May 2021
A note from our sponsor - SaaSHub
www.saashub.com | 28 Apr 2024

SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source bug-bounty projects in Python? This list will help you:

	Project	Stars
1	dirsearch	11,253
2	rengine	6,737
3	diodb	955
4	clairvoyance	908
5	PyCript	172
6	webdork	142
7	ParaForge	134
8	Layla	77
9	OrgASM	25
10	Beginner-Bug-Bounty-Automation	22
11	Subfind3r	2