An AI-powered bug bounty CLI tool that leverages Kali Linux penetration testing tools, OpenAI for intelligent exploit generation, and automated vulnerability scanning based on the OWASP Top 10 framework.
-
π― OWASP Top 10 Vulnerability Detection
- Broken Access Control
- Remote Code Execution (RCE)
- Injection (SQL, Command, LDAP, etc.)
- Insecure Design
- Security Misconfiguration
- Account Takeover (ATO)
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Server-Side Request Forgery (SSRF)
- Cross-Site Scripting (XSS)
- Cryptographic Failures
-
π€ AI-Powered Exploit Generation
- Uses OpenAI API to generate custom exploits based on discovered vulnerabilities
- Intelligent payload crafting and testing
- Automated proof-of-concept generation
-
π― Metasploit Framework Integration
- Automated Metasploit module search for discovered vulnerabilities
- AI-powered module selection based on exploit rank and relevance
- Automatic exploitation with session management
- Support for CVE-based and type-based exploit matching
-
π§ Kali Linux Tools Integration
- Nmap for reconnaissance and port scanning
- SQLMap for SQL injection testing
- Nikto for web server scanning
- Dirb/Dirbuster for directory enumeration
- Metasploit integration for exploit testing
- And many more...
-
π NVD CVE Database Integration
- Automatic CVE lookup for identified software versions
- Vulnerability scoring and severity assessment
- Historical vulnerability tracking
-
π§ Intelligent URL Analysis
- ML-based pattern recognition to predict vulnerability types
- Smart parameter detection
- Automated attack surface mapping
-
π Exploit Database Scraping
- Real-time exploit collection from Exploit-DB
- PacketStorm Security integration
- Local caching for offline use
-
π Comprehensive Reporting
- Detailed vulnerability reports
- Steps to reproduce
- Severity ratings based on CVSS
- Remediation recommendations
- Export to HTML, PDF, JSON
- Operating System: Kali Linux (recommended) or any Linux distribution with penetration testing tools
- Python: 3.9 or higher
- Tools: Ensure the following Kali tools are installed:
sudo apt-get update sudo apt-get install -y nmap sqlmap nikto dirb metasploit-framework hydra wpscan
- OpenAI API Key: Optional - Only needed for AI exploit generation (Get API Key)
- Without this, the tool still works with Metasploit and basic scanning
- Metasploit module selection will use heuristic-based ranking instead of AI
- NVD API Key: Optional - Recommended for faster CVE lookups (Request API Key)
git clone https://github.com/yourusername/bountymaster.git
cd bountymasterpython3 -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activatepip install -r requirements.txtcp .env.example .env
# Edit .env and add your API keys
nano .envpip install -e .bugbounty scan --target https://example.combugbounty scan --target https://example.com --types xss,sqli,rcebugbounty pentest --target https://example.com --ai-exploits --metasploit --intensity highbugbounty pentest --target https://example.com --no-metasploit --intensity mediumbugbounty analyze-url --url "https://example.com/admin.php?id=123&user=admin"bugbounty cve-scan --target https://example.com --output report.htmlbugbounty update-exploitsbugbounty report --scan-id abc123 --format pdf --output vulnerability_report.pdf| Command | Description |
|---|---|
scan |
Perform vulnerability scan on target |
pentest |
Full penetration test with exploit generation |
analyze-url |
Intelligent URL vulnerability prediction |
cve-scan |
Check for known CVEs in target software |
update-exploits |
Update local exploit database |
report |
Generate comprehensive vulnerability report |
config |
Manage configuration and API keys |
| Option | Description |
|---|---|
--target URL |
Target URL or IP address |
--types TYPES |
Comma-separated list of vulnerability types |
--intensity LEVEL |
Scan intensity: low, medium, high, extreme |
--ai-exploits |
Enable AI-powered exploit generation |
--threads N |
Number of concurrent threads (default: 10) |
--timeout N |
Request timeout in seconds (default: 30) |
--output FILE |
Save results to file |
--format FORMAT |
Output format: json, html, pdf, markdown |
Edit the .env file to configure:
OPENAI_API_KEY=sk-...
NVD_API_KEY=...
MAX_THREADS=10
TIMEOUT_SECONDS=30
RATE_LIMIT_DELAY=1
EXPLOIT_DB_UPDATE_INTERVAL=86400
CACHE_EXPIRY_DAYS=7
LOG_LEVEL=INFObug-bounty-cli/
βββ src/
β βββ main.py # CLI entry point
β βββ config.py # Configuration management
β βββ scanner/
β β βββ base_scanner.py # Base scanner class
β β βββ xss_scanner.py # XSS detection
β β βββ sqli_scanner.py # SQL injection
β β βββ rce_scanner.py # RCE detection
β β βββ ...
β βββ ai/
β β βββ exploit_generator.py # OpenAI integration
β β βββ prompt_templates.py # AI prompts
β βββ nvd/
β β βββ cve_client.py # NVD API client
β βββ intelligence/
β β βββ url_analyzer.py # ML-based URL analysis
β βββ exploits/
β β βββ scraper.py # Exploit database scraper
β β βββ cache.py # Local exploit cache
β βββ testing/
β β βββ exploit_executor.py # Safe exploit testing
β βββ reporting/
β βββ report_generator.py # Report generation
βββ tests/
βββ docs/
βββ requirements.txt
- Always obtain written permission before testing
- Use only on systems you own or have explicit authorization to test
- Be aware of the legal implications in your jurisdiction
- Follow responsible disclosure practices
- Do not use for malicious purposes
Contributions are welcome! Please read our contributing guidelines and code of conduct.
MIT License - See LICENSE file for details
This tool is provided for educational and authorized security testing purposes only. The developers assume no liability for misuse or damage caused by this program.
For issues, questions, or contributions:
- GitHub Issues: https://github.com/yourusername/bountymaster/issues
- Documentation: https://github.com/yourusername/bountymaster/wiki
- OWASP Foundation for the OWASP Top 10 framework
- Kali Linux project for penetration testing tools
- OpenAI for AI capabilities
- NVD for vulnerability database
- Security research community