GBounty: Multi-step website vulnerability scanner
GBounty
GBounty is a multi-step website vulnerability scanner developed in Golang designed to help companies, pentesters, and bug hunters identify potential vulnerabilities in web applications. It takes a target URL, list of URL, raw request or multiples raw requests in a zip file as input and uses a set of pre-defined rules (called “profiles”) to analyze the target and identify potential vulnerabilities. GBounty supports a number of flags that allow you to customize the behavior of the tool.
GBounty Profiles Designer
GBounty Profiles Designer gives you the ability to create your own vulnerability profiles through a easy graphical interface. With this tool you will be able to create new vulnerability profiles in a simple and fast way, which will allow you to integrate new web vulnerabilities into your tests in a few seconds.
It has a unique customization capacity, with new insertion points and new search types. Through the design of passive and active vulnerability profiles, you will be able to carry out a complete review of the web application.
-
Active Profiles
- Passive Request Profiles: GBounty Profiles Designer gives you the ability to create your own vulnerability profiles to the passive scanner. Passive Request Scanner: Look for strings/regex (or the absence of them) in HTTP requests.
-
Passive Response Profiles: GBounty Profiles Designer gives you the ability to create your own vulnerability profiles to the passive scanner. Passive Response Scanner: Look for strings/regex (or the absence of them) in HTTP response
