Bug bounty tools

Specialist bug bounty tools will really help you take your hacking to the next level. But what's the best bug bounty hunting software for you? And what sort of features should you look for?

A 2018 HackerOne survey of over 3,500 respondents showed that Burp Suite was the most widely used tool among bug bounty hunters worldwide (32.7%). This was ahead of other software, such as Fiddler (14.7%) and WebInspect (11.1%).

Most popular bug bounty tools - chart

Which bug bounty software is right for you?

There are three versions of Burp Suite. Bug bounty hunters will be most interested in either Burp Suite Professional or Burp Suite Community Edition.

Burp Suite Community Edition is free to download, but lacks many of the power functions you'll find in Burp Suite Pro. It's therefore really aimed at beginners only.

If you want to make money bug bounty hunting, then Burp Suite Pro is the way to go. It gives you access to all the bug bounty tools mentioned on this page. It's the hacking software of choice for pentesters all over the world. With a little effort, we think you'll find Burp Suite pays for itself quite quickly on bug bounty programs.

"I love @Burp_Suite because it's helped me make a killing on bug bounties for a small investment of $300"


"I got my hands on a professional license for Burp Suite and I am just beginning to realize how MUCH this thing does. My ignorant self, thought this thing was just a fuzzer for the longest time."


"If you're not using @Burp_Suite then you're not doing bug bounties right! Seriously, it took me a long time to realize Burp was a thing, but since I began using it a year ago I can no longer live without it, and that's a good thing!"


"The best invest a bug bounty hunter can ever make." @Burp_Suite


Bug bounty hunting using Burp Suite Professional

The Burp Suite bug bounty hunting workflow

Burp Suite is made up of many interlinked tools, but a bug bounty hunting workflow will generally start with Burp Proxy. Proxying web traffic allows you to select individual components of a web app for further testing. These items can then be sent to other bug hunting tools within Burp Suite to check for vulnerabilities.

The diagram above shows some of Burp Suite's major components, and where they might sit within different types of workflow. Whether you prefer automated bug bounty tools, a fully manual approach, or a mixture of the two, Burp Suite has you covered. Let's have a closer look at how some of Burp's popular functions work on an individual basis:

  • Burp Proxy

    Burp proxy is the foundation the rest of Burp Suite is built on. It's an intercepting proxy that allows you to see all HTTP communications sent between your browser and a target server. Crucially, it then allows you to edit the requests you send, or intercept and edit responses before they're sent to the browser. As you can imagine, it's a very useful bug bounty tool.

    Of course, most of the internet now uses the encrypted HTTPS standard, rather than unencrypted HTTP. Fortunately, Burp Proxy is able to see through HTTPS encryption by using a self-signed CA certificate.

    Read more
  • Site map

    The site map tool is one of Burp Suite's most widely used functions. You can generate a site map by manually navigating/proxying an app using Burp Scanner, and/or by using the content discovery function. Advanced crawling logic means Burp Scanner is capable of this even where a web app uses a lot of dynamic content.

    Burp Suite also includes a target scope configuration. By setting this, you can exclude out-of-scope content at a suite-wide level. This helps to keep you on track and out of trouble. You won't suddenly find that Burp Suite has run an active scan against out-of-scope web content, for instance.

    Read more
  • Burp Scanner

    Burp Scanner is Burp Suite Pro's most highly automated component. It protects many of the world's largest businesses and is used by the majority of pro pentesters. Our scanner covers the whole OWASP Top 10 - in addition to many other bugs - and you'll also have access to regular updates from our Research Team.

    Perhaps most importantly, Burp Scanner is customizable. This allows you to stay ahead of the crowd, by augmenting scans with your own routines. Once you've got it set up to your liking, Burp Scanner is like bug bounty hunting in easy mode.

    Read more
  • Content discovery

    Burp Suite Pro's content discovery function can expose attack surface that would otherwise be hidden to you. This generally means content and functionality not linked to from an app's visible areas. This can then be added to a site map.

    The content discovery function is fully adjustable and can use a variety of methods to discover hidden areas. These include word lists, web crawling, and extrapolation from previous successful guesses.

    Read more
  • Burp Repeater

    There are situations in manual bug bounty hunting where it's helpful to send similar (but subtly different) HTTP requests a number of times. You might be trying to determine a value for a certain parameter that will produce a desired effect, for example.

    Burp Repeater is designed to make these situations as easy as possible. As its name suggests, it allows you to take a single HTTP request, alter it as much (or as little) as you like, and send it at the touch of a button. In manual testing, this can save you a lot of time.

    Read more
  • Burp Intruder

    Burp Intruder allows you to orchestrate and direct customized attacks against a target. It's one of the killer automated features that make Burp Suite Pro such a powerful package. If you want to check a lot of different input variables across a web app for any particular reason (e.g. fuzzing, or another form of brute force attack), then this is your tool.

    For testing even larger numbers of payloads, there's a free extension called Turbo Intruder. Configured using Python for flexibility, Turbo Intruder is easily capable of exceeding 30,000 requests per second (RPS). To put this in perspective, many similar tools struggle to hit 1,000 RPS.

    Read more
  • Burp Extender API

    One of Burp Suite's real strengths is that anyone can write extensions using its Burp Extender API. You can then submit these to PortSwigger's free BApp store. So if you can think of a bug bounty tool or function you'd like to see in Burp Suite, you can more or less make it happen.

    This is how popular manual extensions like SAML Raider, Logger++, and Software Version Reporter came to be. Many of these extensions (like SAML Raider) are aimed at specific technologies - allowing you to customize Burp Suite to suit your own bug bounty interests.

    Read more
  • Manual power tools

    Burp Suite simplifies hacking by putting major bug hunting tools in front of you. But in addition to these better-known functions, it includes a whole host of smaller tools to make your life as a bug bounty hunter easier.

    A prime example is the cross-site request forgery (CSRF) proof of concept generator. Manually crafting HTML to trigger a CSRF exploit can be cumbersome - so this tool can do it for you. Burp Suite also includes tools to make encoding and decoding data simple - which means no more digging around for a Base64 or hex encoder.

What to look for in a good bug bounty tool

We'll admit to a little bias when talking about bug bounty hunting tools. We are, after all, the makers of Burp Suite. So what should you look for when considering which tools to use?

A good user community

Firstly, we'd recommend choosing a tool with a good community around it - especially if you're just starting out bug bounty hunting. If a tool has a good userbase, you'll be able to pick their brains when you occasionally get stuck.

Developer-led support

With this in mind, support from a tool's creator is invaluable if you have a deeper query the user community can't help with. In the case of Burp Suite, customer support is something PortSwigger takes pride in.

Flexibility is key

Finally, flexibility is a great quality to have in your tools. Flexibility saves having to launch multiple applications to complete a task - streamlining your workflow.

One tool to rule them all

It's important to remember at this point that the tools on this page are by no means the limit of what Burp Suite can do. In fact, we've barely scratched the surface here. Burp Suite isn't called the hacker's Swiss Army knife for nothing. Happy hunting.