Top 10 Security Tools for Bug Bounty Hunters


Bug bounty hunting is a career that is known for heavy use of security tools. These tools help the hunters find vulnerabilities in software, web applications and websites, and are an integral part of bounty hunting. Below is our top 10 list of security tools for bug bounty hunters.

HackBar is a security auditing/penetration tool that is a Mozilla Firefox add-on. Bug bounty hunters will find that this tool allows them to test site security, XSS holes and SQL injections. Some of the advantages of HackBar include:

  • All HackBar functions work on text that you currently have selected
  • Hashing of MD5/SHA1/SHA256
  • Sandbox-like textarea
  • Useful MS SQL Server/MySQL shortcuts

If you are interested in HackBar, you can find it here.

Written in Python, Wfuzz is a tool that will help bug bounty hunters bruteforce web applications. Wfuzz is useful for sniffing out resources that are not linked such as directories and scripts, POST and GET parameter-checking for multiple kinds of injections, form parameter checking, fuzzing and other uses. Features that users will find attractive include:

  • Default output is in HTML
  • Capability to check multiple injection points
  • Bruteforcing for all parameters
  • Automatic/artificial request time delays
  • Results can be hidden via word numbers, return code, line numbers and regex

When checking for vulnerabilities in your websites, IronWASP is going to quickly become one of your best friends. This web security scanner is open source and free to use, and more powerful than you think it would be for being so wallet-friendly. Some great features include:

  • Login sequence recording is supported
  • False-positive and negative-positive detection are supported
  • Reporting is available in both RTF and HTML formats
  • Easy to use and with a simple-to-understand GUI, even an inexperienced information security employee can quickly use it

If IronWASP has piqued your interest, you can find (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: