# Bug Bounty Tools

## Before you move on

Before moving on, refer to the [information gathering page](https://notes.sfoffo.com/information-gathering) to try to use leverage Google Dorks, OSINT and information gathering techniques against your target.

Remember to use rate-limiting and user-headers according to the specific program's guideline.

***

## Auto Tools

{% hint style="info" %}
Notice - This page is Incomplete - more tools will be added
{% endhint %}

### Subdomain & VHost Discovery

<https://github.com/edoardottt/scilla>

<https://pentest-tools.com/information-gathering/find-subdomains-of-domain>

<https://pentest-tools.com/information-gathering/find-virtual-hosts>

***

### Information Gathering

<https://github.com/edoardottt/cariddi>

<https://github.com/j3ssie/metabigor>

<https://github.com/BullsEye0/dorks-eye>

<https://pentest-tools.com/information-gathering/google-hacking>

### Scanning for Vulnerabilities

<https://github.com/six2dez/reconftw>

<https://pentest-tools.com/website-vulnerability-scanning/website-scanner>

<https://pentest-tools.com/cms-vulnerability-scanning/wordpress-scanner-online-wpscan>