Two focused security CLIs for bug bounty and API recon. Built to detect and report, never to exploit.
Both tools share a single philosophy: detection only, never exploitation. They send recon and analysis requests, classify observations, and report. They do not send payloads, attempts, or exploit chains.
Every network action is gated by a YAML scope file — allow / deny for bounthunt, targets with ! deny patterns for gqlhunter. Anything out of scope is refused before a single request leaves the host.
Results land in SQLite, render to Markdown/HTML, and export to JSON or SARIF 2.1.0 — so findings drop straight into your existing triage workflow instead of a proprietary silo.
Two tools, two domains: bounthunt for infra/host recon and continuous monitoring, gqlhunter for GraphQL schema and authorization analysis. No overlap, no monolith.
# from source (Python >= 3.11) git clone https://github.com/bess1lie/bounthunt.git cd bounthunt && pip install . # or docker (bundles subfinder/dnsx/httpx/naabu/nuclei/katana) docker build -t bountyhunt . docker run --rm -v $(pwd)/scope.yaml:/data/scope.yaml:ro bountyhunt --help
# from source (Python >= 3.11) git clone https://github.com/bess1lie/gqlhunter.git cd gqlhunter && pip install . # or docker docker build -t gqlhunter . docker run --rm -v $(pwd):/app gqlhunter --help