Skip to content

Developer-Army/BBPTS

Repository files navigation

BBPTS — Bug Bounty Penetration Testing Suite

BBPTS TUI Dashboard

Build Status Go Version Latest Release License Coverage

The only recon pipeline that thinks for itself. Point it at target domains, gather intelligence, and get prioritized, actionable findings instantly.

Contributing: Want to help build or extend BBPTS? Start with CONTRIBUTING.md. If you want proof that it finds real-world issues, read the case study walkthrough.

brew install developer-army/bbpts/bbpts

What Makes BBPTS Different

Feature BBPTS (Go) ReconFTW (Bash) BBOT (Python)
Runtime Single compiled binary, no interpreter Heavy dependencies, shell scripts Python interpreter, virtualenvs
Interface Live TUI + Local Web Dashboard Raw terminal stdout logs Terminal CLI / JSON outputs
FP Filtering Body-fingerprinted active filtering Grep/heuristic-based Signature-based checks
Bounty Native Direct H1/Bugcrowd program & scope loader Manual text file list input Text files / custom integrations

Install in 30 Seconds

macOS

brew tap developer-army/bbpts
brew install bbpts

Linux

git clone https://github.com/Developer-Army/BBPTS.git
cd BBPTS && go build -o bbpts ./cmd/bbpts

Docker

docker pull ghcr.io/developer-army/bbpts:latest
docker run --rm -v $(pwd)/results:/app/results ghcr.io/developer-army/bbpts -i targets.txt

Quick Start

1. Create a Target List (targets.txt)

example.com
https://api.example.com

2. Run the Suite

bbpts -i targets.txt

3. Output

Your reports are automatically generated under the ./results/ folder:

  • report.html — Interactive visual dashboard
  • report.json — Structured machine-readable findings

Visual Pipeline Diagram

[ Targets Input ] ➔ [ Stage 1: Subdomain Discovery ] (subfinder, amass, assetfinder, chaos)
                          │
                          ▼
                    [ Stage 2: DNS & Port Scanning ] (dnsx, puredns, naabu)
                          │
                          ▼
                    [ Stage 3: HTTP & Web Probing ] (httpx, katana, gau, shodan)
                          │
                          ▼
                    [ Stage 4: Fuzzing & Vuln Scanning ] (nuclei, dalfox, cors, default_creds)
                          │
                          ▼
                    [ Interactive HTML/JSON Reports ]

Integrated Tools

BBPTS aggregates and correlates output from the best open-source security tools:

  • Asset Discovery: subfinder, amass, assetfinder, chaos, crtsh, github
  • Network Scan: naabu, dnsx, puredns, massdns
  • Web Recon: httpx, katana, gau, hakrawler, shodan, wafw00f, gowitness
  • Vuln Checkers: nuclei, dalfox, ffuf, gobuster, feroxbuster, trufflehog, cors, jwt_analyzer, bypass403, firebase_recon, mass_assignment, source_map, default_creds

CLI Flag Reference

Core CLI Flags

Flag Short Description Default
-input -i Target domains file or single URL
-tools -t Comma-separated list of specific tools to run
-mode Scan mode: light, medium, or full medium
-threads Go worker threads 32
-rate-limit Max requests per second limit 50
-tui Enable interactive TUI dashboard true
-web -w Launch local web dashboard false
-port Dashboard port 8080
-doctor Verify external tool availability & paths false

Security & Safety Notes

Warning

Active scanning generates substantial network traffic. Ensure you have explicit authorization to scan target networks and keep targets strictly within program scope boundaries.