<div align="center"> <img src="web/logo.png" alt="BugHunter Arsenal Logo" width="200"> <h1>BugHunter Arsenal</h1> <p><strong>Multi-Tool Security Scanning Platform for Bug Bounty Hunters</strong></p> <p>Current Version: <strong>v1.2.2</strong> · <a href="docs/CHANGELOG.md">Changelog</a></p> </div>

📖 Overview

BugHunter Arsenal is a comprehensive, unified security scanning platform designed for bug bounty hunters and security researchers. It provides a single interface to run multiple specialized security tools simultaneously, making vulnerability discovery more efficient and organized.

Unlike standalone security tools, BugHunter Arsenal orchestrates multiple scanners through a unified web dashboard and command-line interface, allowing you to discover vulnerabilities across different attack vectors in parallel.

🛠️ Available Tools

BugHunter Arsenal currently includes four specialized security scanning tools:

🔑 KeyHunter

API Key Detection & Validation - Scans domains, subdomains, and URLs for exposed API keys and secrets from 50+ providers with real-time validation. Automatically categorizes findings as Valid ✓, Invalid ✗, or Manual Review ?.

🎯 XSSHunter

Reflected Cross-Site Scripting (XSS) Vulnerability Scanner - Detects XSS vulnerabilities in URL parameters by testing all GET parameters simultaneously with 911+ customizable payloads. Checks for payload reflection in response content.

🔄 ORHunter

Open Redirect Vulnerability Scanner - Identifies open redirect vulnerabilities in web applications by testing URL parameters for redirect behavior. Useful for SSRF chains and social engineering attacks.

🎯 DTOHunter

Subdomain Takeover Detection Scanner - Detects vulnerable subdomains that can be taken over using fingerprinting from can-i-take-over-xyz. Checks CNAME records, NXDOMAIN responses, and service fingerprints.

✨ Key Features

🎛️ Unified Web Dashboard

Interactive GUI: Manage all scans from a single web interface
Real-time Monitoring: Live scan output streaming with Server-Sent Events (SSE)
Findings Management: Full CRUD operations for organizing vulnerabilities
Multi-Tool Support: Run multiple tools simultaneously on the same targets
Rescan Capabilities: Reuse collected URLs with new parameters (rescan, recrawl, rediscover)

🗄️ Database-Backed Storage

SQLite Database: All scan results stored in organized databases
Per-Domain Databases: Separate database files for each target (optional)
Findings Tracking: Severity levels, verification status, false positive flagging
Scan History: Complete audit trail of all scanning activities
Checkpoint System: Resume interrupted scans from the last checkpoint

⚙️ Advanced Configuration

Database-Backed Configs: Manage API patterns, excluded extensions, and payloads through the web UI
Settings Management: Add, edit, delete, and restore configuration items
YAML Sync: Automatic synchronization from YAML config files to database
Soft Deletes: Preserve user customizations when syncing from YAML
Custom Patterns: Easy addition of new detection patterns and payloads

🔄 Flexible Scanning Options

Resume Support: Automatically resumes incomplete scans by default
Force Restart: Option to start fresh scans when needed
URL Reuse: Reuse collected URLs for different tool scans without re-crawling
Subdomain Enumeration: Optional subdomain discovery using subfinder
Multiple Input Formats: Scan domains, files of domains, or direct URL lists

🔐 Authentication & Headers

Cookie Support: Authenticate with protected endpoints
Custom Headers: Add X-Request-For and other custom headers for bug bounty programs
Random User-Agents: Automatically rotates user agents to avoid detection

📦 Installation

Prerequisites

Python 3.7+
Go (for installing external tools)
External tools: subfinder, waybackurls, katana, httpx

Step-by-Step Installation

Clone the Repository:

git clone https://github.com/bigzooooz/BugHunterArsenal.git
cd BugHunterArsenal

Install Python Dependencies:
```
pip install -r requirements.txt
```

Install External Tools:

Option A: Automatic Installation (recommended, requires sudo):

sudo python3 BugHunterArsenal.py --install

Option B: Manual Installation:

go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/tomnomnom/waybackurls@latest
go install github.com/projectdiscovery/httpx/cmd/httpx@latest
go install github.com/projectdiscovery/katana/cmd/katana@latest

Make sure the Go binaries are in your PATH.

Verify Installation:
```
python3 BugHunterArsenal.py --version
```

🚀 Usage

Command Line Interface

Basic Scanning

Scan a single domain with KeyHunter (default tool):

python3 BugHunterArsenal.py -d example.com

Scan with a specific tool:

python3 BugHunterArsenal.py -d example.com --tool xsshunter

Scan multiple domains from a file:

python3 BugHunterArsenal.py -f domains.txt --tool keyhunter

Scan URLs directly (skip subdomain enumeration):

python3 BugHunterArsenal.py -l urls.txt --tool xsshunter

Run multiple tools simultaneously:

python3 BugHunterArsenal.py -d example.com --tool keyhunter,xsshunter,orhunter

Advanced Options

Disable subdomain enumeration:

python3 BugHunterArsenal.py -d example.com --no-subs --tool keyhunter

Use custom output directory:

python3 BugHunterArsenal.py -d example.com -o my_results --tool xsshunter

Add authentication cookie:

python3 BugHunterArsenal.py -d example.com --cookie "session=abc123" --tool keyhunter

Add custom header (for bug bounty programs):

python3 BugHunterArsenal.py -d example.com --x-request-for "HackerOne" --tool xsshunter

Force restart (delete existing scan and start fresh):

python3 BugHunterArsenal.py -d example.com --restart --tool keyhunter

Enable verbose output:

python3 BugHunterArsenal.py -d example.com -v --tool keyhunter

Web GUI Dashboard

Start the web dashboard:

python3 BugHunterArsenal.py --gui

Then open http://127.0.0.1:5000 in your browser.

Dashboard Features

Target Management: Add, view, and manage scanning targets
Scan Wizard: Interactive interface for configuring and starting scans
Live Monitoring: Real-time output from running scans
Findings Management: View, edit, verify, and organize discovered vulnerabilities
Settings Page: Manage API patterns, excluded extensions, and XSS payloads
Statistics Dashboard: Overview of scans, findings, and subdomains
Export Functionality: Export findings in various formats

Rescan Options

From the target details page, you can:

🔍 Re-scan URLs: Reuse existing URLs with new tool parameters (skip subdomain enum and URL collection)
🕷️ Re-crawl URLs: Keep subdomains, re-collect URLs from existing subdomains
🌐 Re-discover: Fresh start with same parameters (re-enumerate subdomains and crawl)

📖 Documentation

Detailed documentation for each tool is available in the docs/ directory:

KeyHunter Documentation - API key detection and validation guide
XSSHunter Documentation - XSS vulnerability scanning guide
ORHunter Documentation - Open redirect scanning guide
DTOHunter Documentation - Subdomain takeover detection guide

For tool-specific features, usage examples, configuration options, and best practices, see the individual tool documentation files.

🛠️ Command-Line Options

Tool Selection

--tool TOOL_NAME - Specify tool(s) to run (comma-separated). Options: keyhunter, xsshunter, xss, orhunter, openredirect, redirect, dtohunter, takeover. Default: keyhunter

Scanning Options

-d, --domain DOMAIN - Target domain to scan
-f, --file FILE - File containing list of domains to scan
-l, --urls-file FILE - File containing list of URLs to scan directly (skips subdomain enumeration)
-ns, --no-subs - Disable subdomain enumeration
-o, --output DIR - Custom output directory name (default: output)

Authentication & Headers

--cookie COOKIE - Cookie string for authenticated requests
--x-request-for HEADER - Custom X-Request-For header value

Scan Control

--restart - Force restart: delete existing scan and start fresh (default: resumes from checkpoint)
-v, --verbose - Enable verbose output

System Options

--gui - Start the web dashboard GUI server
--install, --setup - Install missing dependencies automatically (requires sudo)
--update - Update BugHunter Arsenal to the latest version
--version - Display version information

⚙️ Configuration

Settings Management (Web UI)

Access the Settings page from the dashboard to manage:

API Patterns: Add, edit, or delete API key detection pattern

BugHunterArsenal

Install / Use

README