Features • Installation • Usage • Workflow • Contributing
HuntTheBug is a comprehensive, automated reconnaissance toolkit designed specifically for bug bounty hunters and security researchers. It combines 30+ industry-leading tools into a unified workflow for efficient vulnerability discovery.
| 🎯 Purpose | Automated reconnaissance for bug bounty programs |
| 🛠️ Tools | 30+ integrated security tools |
| ⚡ Speed | Parallel execution for maximum efficiency |
| 📱 Notifications | Real-time Telegram bot alerts |
+ Multi-Source Discovery
+ Live Domain Verification
+ Status Code Analysis🔧 Tools: Amass, SubFinder, Sublist3r, Crobat, AssetFinder, FindDomain, GitHub, Subscraper, HTTPX, Httprobe, Hakcheckurl + Automated Scanning
+ Real-time Alerts
+ Vulnerability Detection🔧 Tools: SubJack, Nuclei, Telegram Bot | |
+ Historical URL Discovery
+ Live URL Verification
+ Parameter Extraction
+ JavaScript Mining🔧 Tools: GAU, WaybackURLs, FFUF, ParamSpider, SecretFinder, JSFinder + Advanced Fuzzing
+ Port Discovery
+ Vulnerability Assessment🔧 Tools: Dirsearch, Naabu, Nuclei, Custom Wordlists | |
+ Reverse WHOIS Lookup
+ Corporate Asset Mapping
+ IP Intelligence
+ Infrastructure Analysis🔧 Tools: Knockknock, HTTPX, IPinfo | |
| 🚀 Speed | 🎯 Accuracy | 🛡️ Security | 📱 Automation |
|---|---|---|---|
| Parallel execution | Multi-tool validation | Safe scanning practices | Real-time notifications |
| Optimized workflows | Comprehensive coverage | Non-intrusive methods | Scheduled scans |
| Smart caching | False positive reduction | Ethical guidelines | Custom alerting |
| Requirement | Minimum | Recommended |
|---|---|---|
| 💻 OS | Kali Linux | Kali Linux Latest |
| 🔧 CPU | 2+ Cores | 4+ Cores |
| 💾 RAM | 4GB+ | 8GB+ |
| 💿 Storage | 10GB+ | 20GB+ |
⚠️ Warning: Tested with 1GB RAM + 1 Core CPU resulted in system crashes. Ensure minimum requirements.
# ┌─────────────────────────────────────┐
# │ Step 1: Install Deps │
# └─────────────────────────────────────┘
apt install zsh git -y
# ┌─────────────────────────────────────┐
# │ Step 2: Clone Repository │
# └─────────────────────────────────────┘
cd ~
git clone https://github.com/vikrantbatra05/HuntTheBug
# ┌─────────────────────────────────────┐
# │ Step 3: Setup Permissions │
# └─────────────────────────────────────┘
cd ~/HuntTheBug
chmod +x *.zsh
# ┌─────────────────────────────────────┐
# │ Step 4: Run Installer │
# └─────────────────────────────────────┘
./install.zshnano ~/HuntTheBug/config/amass-config.ininano ~/HuntTheBug/config/subfinder-config.yamlnano ~/HuntTheBug/conf.zshResources:
| � Medium Scope | 🎯 Small Scope | 🏢 Organization | 🔓 403 Bypass |
|---|---|---|---|
*.target.com |
app.target.com |
company_name |
https://target.com |
| Comprehensive recon | Focused analysis | Asset discovery | Access testing |
./recon.zsh target.com📋 What this does:
- 🔍 Subdomain enumeration (8+ sources)
- ✅ Live domain verification
- 🎭 Subdomain takeover detection
- 🌐 URL discovery & analysis
- 📁 Directory fuzzing
- 🔌 Port scanning
- 🛡️ Vulnerability assessment
./dom_hunt.zsh app.target.com
./dom_hunt.zsh target.com📋 What this does:
- 🌐 Historical URL gathering
- ✅ Live endpoint testing
- 🔍 Pattern analysis
- 📝 Parameter extraction
- 📜 JavaScript mining
- 📁 Directory discovery
- 🛡️ Vulnerability scanning
./org_hunt.zsh organization_name📋 What this does:
- 🔎 Reverse WHOIS lookup
- ✅ Domain verification
- 🌍 IP intelligence gathering
- 📊 Infrastructure analysis
./403_hunt.zsh https://target.com📋 What this does:
- 🔄 Multiple bypass techniques
- ✅ Access testing
- 📊 Success rate analysis
graph TD
A[🎯 Target Input] --> B[1️⃣ Subdomain Discovery]
B --> C[2️⃣ Live Verification]
C --> D[3️⃣ Status Analysis]
D --> E[4️⃣ Takeover Detection]
E --> F[5️⃣ URL Discovery]
F --> G[6️⃣ Live URL Testing]
G --> H[7️⃣ Parameter Mining]
H --> I[8️⃣ JavaScript Analysis]
I --> J[9️⃣ Directory Fuzzing]
J --> K[🔟 Port Scanning]
K --> L[1️⃣1️⃣ Vulnerability Scanning]
L --> M[📊 Report Generation]
| 🚀 Phase | 🛠️ Tool(s) | 🎯 Purpose | ✅ Output |
|---|---|---|---|
| 1️⃣ Subdomain Discovery | Amass, SubFinder, SubLis3R, Crobat, AssetFinder, FindDomain, GitHub, Subscraper | Comprehensive enumeration | Raw subdomain list |
| 2️⃣ Live Verification | HTTPX, Httprobe | Active subdomain identification | Live domains only |
| 3️⃣ Status Analysis | Hakcheckurl | 200/403 filtering | Responsive subdomains |
| 4️⃣ Takeover Detection | SubJack, Nuclei | Vulnerable subdomain ID | Takeover candidates |
| 5️⃣ URL Discovery | GAU, WaybackURLs | Historical endpoint mapping | URL database |
| 6️⃣ Live URL Testing | FFUF | Active endpoint verification | Live URLs |
| 7️⃣ Parameter Mining | ParamSpider | Attack surface expansion | Parameterized URLs |
| 8️⃣ JavaScript Analysis | SecretFinder, JSFinder | Sensitive data extraction | Secrets & endpoints |
| 9️⃣ Directory Fuzzing | Dirsearch | Hidden endpoint discovery | Directory structure |
| 🔟 Port Scanning | Naabu | Open port identification | Port inventory |
| 1️⃣1️⃣ Vulnerability Scanning | Nuclei | Known vulnerability detection | Vulnerability report |
graph LR
A[🎯 Target] --> B[URL Discovery]
B --> C[Live Testing]
C --> D[Pattern Analysis]
D --> E[Parameter Mining]
E --> F[JS Analysis]
F --> G[Directory Fuzzing]
G --> H[Vulnerability Scanning]
H --> I[📊 Final Report]
| 🚀 Phase | 🛠️ Tool(s) | 🎯 Purpose |
|---|---|---|
| URL Discovery | GAU, WaybackURLs | Historical endpoint collection |
| Live Testing | FFUF | Active endpoint verification |
| Pattern Analysis | GF Tool | Security pattern matching |
| Parameter Extraction | ParamSpider | Parameter discovery |
| JavaScript Mining | JSFinder, jsvar.sh | Endpoint and variable extraction |
| Secret Detection | SecretFinder | Sensitive data discovery |
| Directory Fuzzing | Dirsearch | Hidden directory discovery |
| Vulnerability Scanning | Nuclei | Known vulnerability detection |
graph TD
A[🏢 Organization] --> B[Reverse WHOIS]
B --> C[Domain Collection]
C --> D[Live Verification]
D --> E[IP Intelligence]
E --> F[📊 Asset Report]
| 🚀 Phase | 🛠️ Tool(s) | 🎯 Purpose |
|---|---|---|
| Domain Discovery | Knockknock | Reverse WHOIS lookup |
| Live Verification | HTTPX | Active domain confirmation |
| IP Intelligence | IPinfo | Infrastructure analysis |
| Tool | Purpose | Repository |
|---|---|---|
| Amass | Advanced subdomain enumeration | OWASP/Amass |
| SubFinder | Passive subdomain discovery | projectdiscovery/subfinder |
| Nuclei | Vulnerability scanning | projectdiscovery/nuclei |
| HTTPX | HTTP probing | projectdiscovery/httpx |
| Naabu | Port scanning | projectdiscovery/naabu |
| Tool | Purpose | Repository |
|---|---|---|
| SubJack | Subdomain takeover | haccer/subjack |
| GAU | URL gathering | lc/gau |
| FFUF | Web fuzzing | ffuf/ffuf |
| Dirsearch | Directory brute force | maurosoria/dirsearch |
| SecretFinder | Secret detection in JS | m4ll0k/SecretFinder |
| Tool | Repository |
|---|---|
| byp4xx | lobuhi/byp4xx |
| 403bypasser | yunemse48/403bypasser |
| bypass-403 | iamj0ker/bypass-403 |
HuntTheBug/
├── 📂 config/ # Configuration files
│ ├── amass-config.ini # Amass settings
│ └── subfinder-config.yaml # SubFinder settings
├── 📂 wordlist/ # Custom wordlists
│ ├── raft-*.txt # Raft wordlists
│ ├── all.txt # Comprehensive wordlist
│ └── dns-resolvers.txt # DNS resolvers
├── 🔧 *.zsh # Main reconnaissance scripts
├── ⚙️ conf.zsh # Global configuration
├── 📦 install.zsh # Installation script
└── 📄 LICENSE # GPL v3 License
We welcome contributions! Here's how you can help:
- 🐛 Report Issues: Found a bug? Open an issue
- 💡 Feature Requests: Have an idea? Suggest a feature
- 🔧 Pull Requests: Want to contribute code? Submit a PR
- Follow existing code style
- Test your changes thoroughly
- Update documentation as needed
- Ensure compatibility with Kali Linux
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
Special thanks to all the open-source tools that make HuntTheBug possible:
- ProjectDiscovery - For amazing tools like Nuclei, SubFinder, HTTPX, Naabu
- TomNomNom - For incredible reconnaissance tools
- OWASP - For the Amass project
- All other tool authors - Your contributions are invaluable!
- The bug bounty community for feedback and suggestions
- Security researchers who test and improve these tools
- Everyone who contributes to open-source security
Follow me on Twitter: @Vikrant_infosec
If you find this tool helpful, consider supporting its development:
# ┌─────────────────────────────────────────┐
# │ 🚀 One-Command Setup │
# └─────────────────────────────────────────┘
git clone https://github.com/vikrantbatra05/HuntTheBug && \
cd ~/HuntTheBug && \
chmod +x *.zsh && \
./install.zsh
# ┌─────────────────────────────────────────┐
# │ ⚙️ Configure Settings │
# └─────────────────────────────────────────┘
nano conf.zsh
# ┌─────────────────────────────────────────┐
# │ 🎯 Start Hunting! │
# └─────────────────────────────────────────┘
./recon.zsh target.com| 📊 Metric | 🎯 Target | 📈 Achieved |
|---|---|---|
| Subdomains Found | 500+ | 1000+ |
| Live Endpoints | 200+ | 500+ |
| Vulnerabilities | 10+ | 25+ |
| Takeover Detection | 5+ | 15+ |
+ Use custom wordlists for better results
+ Configure API keys for maximum efficiency
+ Schedule scans during off-peak hours
+ Monitor Telegram alerts for real-time updates+ Always respect rate limits and robots.txt
+ Use VPN/proxy for anonymity
+ Store results in organized directories
+ Regularly update tool databases+ Chain multiple scans for comprehensive coverage
+ Customize Nuclei templates for specific vulnerabilities
+ Integrate with your existing workflow
+ Automate reporting with custom scriptsgraph LR
A[🍴 Fork Repo] --> B[🔧 Make Changes]
B --> C[✅ Test Thoroughly]
C --> D[📤 Pull Request]
D --> E[🎉 Get Merged]
We welcome contributions! Here's how you can help:
- 🐛 Report Issues: Found a bug? Open an issue
- 💡 Feature Requests: Have an idea? Suggest a feature
- 🔧 Pull Requests: Want to contribute code? Submit a PR
- Follow existing code style
- Test your changes thoroughly
- Update documentation as needed
- Ensure compatibility with Kali Linux
! This project is licensed under the GNU General Public License v3.0
! See the LICENSE file for details
! Free to use, modify, and distribute
! Must retain original copyright and license| �️ Category | 👥 Contributors | 🌟 Special Thanks |
|---|---|---|
| Reconnaissance | ProjectDiscovery, TomNomNom, OWASP | Amazing tools that power this framework |
| Scanning | Nuclei Team, FFUF Team | Comprehensive vulnerability detection |
| Wordlists | SecLists, Raft Project | Essential for successful fuzzing |
| Community | Bug Bounty Hunters | Feedback, testing, and improvements |
- The bug bounty community for valuable feedback
- Security researchers who test and improve these tools
- Everyone who contributes to open-source security
- All tool authors for making this possible
Twitter: @Vikrant_infosec
If you find this tool helpful, consider supporting its development:
