Releases: Suspecting/thebugbounty
Releases · Suspecting/thebugbounty
thebugbounty v1.0.0 - Initial Release
thebugbounty v1.0.0 - Initial Release
Initial public release of thebugbounty, an evidence-based bug bounty triage scanner for authorized web security testing.
Highlights
- Scope-controlled scanning using
scope.json - Authorization guard for external targets
- Passive-first scanning workflow
- Optional active XSS/SQLi indicator checks using
--active - Same-host crawling
- Security header analysis
- HTML form security checks
- JavaScript bundle recon
- API endpoint extraction from JavaScript
- Dangerous JavaScript sink detection
- Source map exposure detection
- Potential frontend secret indicator detection
- Confidence scoring
- Risk scoring
- Attack surface mapping
- JSON report generation
- HTML report generation
- Bug bounty-style Markdown report generation
- Local vulnerable Flask app for safe testing
- Premium Rich-powered terminal interface
Safety
This tool is designed for educational, defensive, and authorized security testing only.
Only scan:
- Applications you own
- Local labs
- CTF targets
- Bug bounty programs where scanning is explicitly permitted
- Systems where you have written permission
Usage
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python -m scanner.main -u http://127.0.0.1:5000