If you’re a white hat hacker or penetration tester you could be making some money on the side as a bug bounty hunter.

Bug bounty programs are a way for companies to find errors and vulnerabilities in their software and increase their security. For ethical hackers, they’re a great way to test your hacking skills and capabilities on some of the most secure software around, without being in a legal gray area.

With the hacking tools on this list, you can search for and find vulnerabilities in software and submit your findings to the company to earn some extra money.  Let us take a look at the bug bounty tools every ethical hacker should use to start their bug bounty hunting journey.

Burpsuite

Burpsuite is a java based platform used for security testing web applications and is classified as an Interception Proxy. It comprises of various tools bundled together into a suite. BurpSuite tools work together to perform application security testing and penetration testing.

The tool can be used to intercept traffic for analysis purposes, as a security scanner or as a way of performing automated attacks and identifying vulnerabilities.  The tool is developed by PortSwigger Web Security and can be downloaded at https://portswigger.net/

The YouTube channel HackerSploit also recommends downloading the following browser add-ons to aid your experience: FoxyProxy, Cookie Editor, and Builtwith.

What Can I Do With BurpSuite?

1. Harvest useful data
2. Fuzzing for vulnerabilities and session tokens
3. Spidering/Crawling
4. Perform attacks including brute force attacks
5. Repeating or manipulating individual requests

Maltego

Maltego is an interactive data mining tool developed by Paterva that generates graphs for link analysis. The tool focuses on analyzing real-world relationships between people and the applications and websites they use, making it great for gathering intel for your target.

The tool is popular with information security researches and private investigators. Maltego is available for Windows, Linux, and Mac OS as long as you have Java 1.8 or above installed. You can download Maltego here.

What Can I Do With Maltego?

Maltego can be used to determine the relationships between:

1. People
   • Names, Email addresses, and Aliases
2. Groups of people (social networks)
3. Companies, Organizations, Websites
4. Affiliations
5. Documents and files
6. Internet Infrastructure:
   • Domains
   • DNS names
   • Netblocks
   • IP Addresses

OpenVAS

OpenVAS is a penetration testing tool for network vulnerability, vulnerability scanning, and vulnerability management. OpenVAS plugins are written in the Nessus Attack Scripting Language (NASL). The company Greenbone operates the tool and offers a free or paid version called Greenbone Community Feed, and Greenbone Security Feed, respectively.

The latter is aimed at enterprise scale penetration testing operations so the free version is all you need as a lone ethical hacker. You can download OpenVAS here.

What Can I Do With OpenVAS?

1. Conduct thorough infrastructure tests that will identify everything from weak passwords and missing security patches, to misconfigured servers. There are over 50,000 network vulnerability tests available
2. Vulnerability Scanning
3. Can multiple networks and subnets
4. Identify and manage false positives

Metasploit

Metasploit is an open source Ruby-based framework first developed in 2003 that is used by InfoSec professionals for hacking and testing. The framework offers penetration testing tools, anti-forensic tools, and advanced evasion tools to help you in your hacking endeavors. Metasploit is powerful and versatile making it highly popular with hackers. You can download Metasploit here.

What Can I Do With Metasploit?

1. Develop, test, and execute exploits
2. Test security vulnerabilities
3. Enumerate networks
4. Execute attacks
5. Evade detection

Scrappy

Scrappy is an open source Python-based framework used for extracting data from a website in a simple and fast way. Download Scrappy here.

What Can I Do With Scrappy?

1. Crawl websites and extract structured data that can be used for various means like information processing, data mining, or historical archival.
2. Create your own web crawlers
3. Use the built-in extensions for handling crawl depth restriction, cookies and session handling, authentication, user-agent spoofing, and more.

Nmap

Nmap is a free open source network mapping tool used by security professionals to audit and manage network security. The tool has been around since 1997 and is widely considered one of the best network mappers out their by InfoSec professionals. The tool can be run on Linux, OpenBSD, Solaris, Mac OS, and Microsoft Windows. You can download Nmap here.

What Can I Do With Nmap?

1. Vulnerability detecting and security scanning
2. Port scanning
3. OS detection
4. Network mapping
5. Security auditing

Knockpy

Knockpy is a python based tool designed to enumerate subdomains on a target domain through a wordlist. The tool will brute force and determine the list of subdomains associated with a particular domain. Black hat hackers can use subdomains to conduct phishing attacks so ensuring the security of subdomains is a must. You can download Knockpy here.

What Can I Do With Knockpy?

1. Scan for subdomains with an internal wordlist
2. Scan for subdomains with an external wordlist
3. Resolve domain names.

John the Ripper

John the Ripper is a free password cracking tool originally developed for Unix but now can run on 15 platforms. The tool is fully configurable and designed to be fast and feature-rich. The tool can auto-detect the encryption type used on a password and change its method to suit the task. For this reason and many others John the Ripper is one the most popular password cracking tools out there. Download John the Ripper here.

What Can I Do With John the Ripper?

1. Use password lists to crack passwords (for example dictionary lists)
2. Check password strength
3. Perform brute force attacks

Wfuzz

Wfuzz is a bug bounty and hacking tool designed for brute forcing web applications. Wfuzz will help you expose several types of vulnerabilites on web applications such as predictable credentials, injections, path traversals, overflows, cross-site scripting, authentication flaws, predictable session identifiers and more. Download Wfuzz here.

What Can I Do With Wfuzz?

1. Cookies fuzzing
2. Bruteforcing
3. Proxy support
4. Multi threading
5. USe multiple encoders per payload.

Wireshark

Wireshark is another free and open source hacking tool that allows hackers to analyze network traffic in real time. This tool is one of, if not THE most popular network traffic analyzer among InfoSec professionals. You can download Wireshark here.

What Can I Do With Wireshark?

1. Identify malicious activity on the network
2. Deeply analyze and filter traffic
3. Identify latency issues and dropped packets.
4. Identify how much traffic is crossing your network
5. Wireshark supports over 2000 network protocols.

That’s our pick for the best bug bounty hunting tools every ethical hacker should use!