Bugbounty Python Packages

bbot

The recursive internet scanner for hackers. 🧡

93K 10K 799

fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

35K 50 4

dirsearch

Web path scanner

23K 14K 2K

qbraid-core

Where qBraid users discuss, report bugs and submit feature requests.

21K 5 1

requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

13K 2K 172

reflutter

Flutter Reverse Engineering Framework

7K 3K 282

apkleaks

Scanning APK file for URIs, endpoints & secrets.

7K 6K 572

netlas

Netlas.io Python SDK & CLI Tool

5K 30 6

ywh2bt

YesWeHack BugTracker

4K 21 7

s3scanner

Scan for misconfigured S3 buckets across S3-compatible APIs!

4K 3K 406

qbraid-cli

Where qBraid users discuss, report bugs and submit feature requests.

3K 5 1

reconninja

⚡ ReconNinja v8.2.1 — 38-phase recon framework for pentesters & bug bounty hunters. Subdomain enum → port scan → web recon → WAF/CORS/JS/cloud bucket detection → GitHub OSINT → CVE lookup → AI threat analysis → HTML report. Domains, IPs, CIDRs, target lists. Plugin system. 598 tests.

3K 39 6

defaultcreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

2K 7K 768

chiasmodon

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.

2K 671 55

webcap

An ultra-lightweight web screenshot tool written in Python

2K 42 4