Bug Bounty Setup Tools On Fresh VPS. This scripts automatically installs top bug bounty tools and set up environment in newly installed VPS or Linux Operating System.
- Download Setup Go landguage
- Setup Python3 Env for pentesting
- Download most of the tools used in penetration testing and bug bounty
sudo apt-get update -y && sudo apt-get install git -y && cd /tmp && git clone https://github.com/sudosuraj/Bounty-VPS.git && cd Bounty-VPS && chmod +x bounty-vps.sh && sudo bash ./bounty-vps.sh
These tools are primarily for reconnaissance, enumeration, and vulnerability scanning.
- subfinder - Subdomain discovery
- assetfinder - Finds related assets (domains)
- katana - Web crawler
- gau - Fetches archived URLs
- amass - In-depth DNS enumeration
- crobat - Subdomain enumeration
- chaos - Enumerates subdomains from ProjectDiscovery’s Chaos dataset
- gotator - Permutation-based subdomain generator
- cf-check - Cloudflare IP checker
- gowitness - Web screenshot tool
- httpx - HTTP probing
- httprobe - Probes for HTTP servers
- gospider - Web spider
- subzy - Subdomain takeover scanner
- dnsx - DNS resolver and probe
- puredns - Fast recursive DNS resolver
- shuffledns - DNS enumeration using bruteforce and wordlist
- ffuf - Fast web fuzzer
- gobuster - Directory, DNS, and VHost busting tool
- nuclei - Vulnerability scanner
- interactsh-client - Interaction-based payloads
- httpx - HTTP probing
- waybackurls - Fetch URLs from the Wayback Machine
- socialhunter - Social media data finder
- github-subdomains - Finds subdomains in GitHub repositories
- bxss - Blind XSS payload generator
- Jeeves - Enumeration tool
- tok - Enumeration tool
- anew - Appends unique lines to a file
- qsreplace - Replaces query string values
- gron - Converts JSON into greppable data
- fff - Fast file finder
- unfurl - Extracts URLs from input
- mapcidr - Subnetting tool
- cent - Nuclei templates manager
- notify - Notification manager for vulnerabilities
- dalfox - XSS scanner
- kxss - Finds potential XSS points
- Gxss - XSS payload generator
- error-sql - SQL injection error-based tester
- time-sql - SQL injection time-based tester
These tools are primarily for web application testing and OSINT.
- arjun - HTTP parameter discovery tool
- GitHacker - Finds secrets in Git repositories
- SecretFinder - Finds sensitive keys in JavaScript files
- LinkFinder - Extracts URLs from JavaScript files
- uro - URL parser
- urless - URL manipulation tool
- crtsh - Certificate transparency log searcher
- jsbeautifier - Beautifies JavaScript code
- lxml - XML and HTML parsing library
These tools cover a broad spectrum of penetration testing, including network scanning, web application assessment, and wireless security.
- nmap - Network scanner
- masscan - Fast port scanner
- p0f - Passive OS fingerprinting
- dnsenum - DNS enumeration tool
- dnsmap - DNS map generator
- dnstracer - Traces DNS path
- wireshark - Network packet analyzer
- sqlmap - SQL injection tool
- wpscan - WordPress vulnerability scanner
- arachni - Web application vulnerability scanner
- skipfish - Web application security scanner
- wfuzz - Web fuzzer
- w3af - Web application attack and audit framework
- metasploit - Exploitation framework
- beef-xss - Browser exploitation framework
- backdoor-factory - Injects backdoors into binaries
- weevely - Web shell generator
- hash-identifier - Identifies hash types
- john - Password cracker
- rainbowcrack - Uses rainbow tables for password cracking
- patator - Multi-purpose brute-forcer
- aircrack-ng - Wireless security auditing
- kismet - Wireless network detector
- pixiewps - Offline WPS attack tool
- reaver - WPA attack tool
- theharvester - Collects emails, subdomains, hosts, and more
- recon-ng - Reconnaissance framework
- metagoofil - Collects public documents from Google
- fierce - DNS reconnaissance tool
- firewalk - Traces firewall rules
Once the script completes, your VPS will be fully set up for penetration testing and reconnaissance, with a wide range of tools installed.