Bug Bounty Python Packages

dirsearch

Web path scanner

clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

ptai

The most autonomous pentesting AI on the market. MCP server + Python agents with 150+ security tools, exploit chaining, and PoC validation.

numasec

AI agent for penetration testing. Like Claude Code, but for security. Open source, MCP-native, works with any LLM.

tempor

Quick and Easy Infrastructure.

buganize

Python client for the Google Issue Tracking system (Buganizer)

beastcrypt

​Advanced JS Reconnaissance Tool | Wayback & Katana Integration | Auto-Source Map Discovery Automated engine to hunt for exposed secrets, API keys, and sensitive endpoints by analyzing historical JS files and automatically locating hidden .map files.

wshawk

Open source toolkit for WebSocket security testing, web application penetration testing, and stateful attack validation. It combines a CLI scanner, web dashboard, Electron desktop app, browser companion, and project-backed workflows for authorized security assessments.

mcp-recon

Reconnaissance and known-issue scanner for Model Context Protocol (MCP) servers

nuclipy

A template based vulnerability scanner (Inspired by Nuclei Scanner)

dumpall

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

ipv4mutate

performs various mutations on IPv4 addresses, such as converting to binary, hex, octal, urlencoded, and more

noisegate

A policy-aware AI triage assistant that evaluates bug bounty report quality, scope alignment, and impact—so researchers submit better reports and triagers focus on real vulnerabilities.

bot-safe-agents

A library for fetching a list of bot-safe user agents.

brs-xss

Context-aware async XSS scanner powered by BRS-KB

apkshadow

Android APK automation tool for bug bounty

stripe-inspector

Security research tool for Stripe API key enumeration and inspection

subfind3r

An improved version of Sublist3r, a python based Fast subdomains enumeration tool for penetration testers

clairvoyancenext

Obtain GraphQL API schema even if the introspection is disabled

forbidden

Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.

brs-kb

BRS-KB is XSS Knowledge Base API

fastrecvsms

SMS verification CLI. Buy temp numbers and receive OTP codes in one command. Multi-provider (5sim, SMS-Activate). Real-time. 170+ countries.

rekono-cli

Pentesting automation platform that combines hacking tools to complete assessments

jsleak

Production-ready Python tool to scan JavaScript files for exposed secrets, API keys, and endpoints. Built for bug bounty hunters and security researchers.