BHunty is a Python-based bug bounty reconnaissance toolkit by Trabbit0ne.
It automates subdomain enumeration, Wayback Machine URL collection, and optional sensitive keyword scanning for juicy recon findings.
- Python 3.6+
- External tools required:
subfinderassetfinderwaybackurls
- Optional:
wcwidth(pip install wcwidth) — for proper message box width rendering
-
Clone this repository:
git clone https://github.com/Trabbit1/BHunty cd BHunty -
(Optional) Install the
wcwidthmodule:pip3 install -r requirements.txt
-
Make sure the required binaries (
subfinder,assetfinder,waybackurls) are in your$PATH.
python3 bhunty.py <domain or URL> [option(s)]You can also pass a full URL (e.g., https://sub.example.com/page) — BHunty will extract the domain automatically.
You’ll be prompted whether you want to scan the archive URLs for sensitive keywords.
domain="domain.com"; yes y | bhunty "$domain" --param; clear; cat "results/$domain/params.txt" | dalfox pipedomain="domain.com"; yes y | bhunty "$domain" --sensitive; clear; cat "results/$domain/sensitive.txt" | httpx -silent -scdomain="domain.com"; yes y | bhunty "$domain"; clear; cat "results/$domain/waybackurls.txt" | httpx -silent -mc 403domain="domain.com"; yes y | bhunty "$domain"; clear; cat "results/$domain/waybackurls.txt" | grep -Eo 'eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+'results/
└── example.com/
├── subdomains.txt # Enumerated subdomains
├── waybackurls.txt # URLs pulled from the Wayback Machine
├── params.txt # (Optional) Parameters in URLs
└── sensitive.txt # (Optional) Matched keywords in URLs
BHunty/
├── bhunty.py
└── README.md
Made by Trabbit0ne