Multi-Technology Vulnerability Scanner for Bug Bounty Hunting
Hunt for vulnerabilities across multiple technologies using Shodan API. Perfect for bug bounty hunters and security researchers.
- π― 10+ Technologies: Citrix, Jenkins, GitLab, Jira, Confluence, WordPress, Apache Tomcat, Grafana, Kibana, Exposed Files
- π Efficient Scanning: Optimized Shodan queries with safe rate handling
- π Organized Queries: Technology-specific query files for precision
- πΎ Clean Output: Deduplicated results ready for Nuclei scanning
- π¨ Beautiful UI: Colored terminal output for better readability
- π§ Extensible: Easy to add new technologies
git clone https://github.com/algamil7x/ShodanHunter.git
cd ShodanHunterpython3 -m venv venv
source venv/bin/activatepip install -r requirements.txtexport SHODAN_API_KEY="your_api_key_here"python shodanhunter.py -list- Get your API key from account page
This tool requires a Shodan PRO or Academic API key.
ShodanHunter relies heavily on advanced Shodan filters such as:
product:http.favicon.hashssl.cert.*- technology-specific components
Free Shodan accounts will return little to no results.
If you are serious about bug bounty hunting with this tool, a paid Shodan account is strongly recommended.
shodanhunter -listshodanhunter -tech citrix -d target.com
output/target.com/citrix.txtshodanhunter -tech all -d target.comoutput/target.com| Technology | Query File | Known CVEs | Bug Bounty Popular |
|---|---|---|---|
| Citrix Gateway | citrix.txt | 50+ | βββ |
| Jenkins | jenkins.txt | 100+ | βββ |
| GitLab | gitlab.txt | 80+ | βββ |
| Atlassian Jira | jira.txt | 60+ | ββ |
| Confluence | confluence.txt | 70+ | ββ |
| Apache Tomcat | apache.txt | 90+ | ββ |
| WordPress | wordpress.txt | 200+ | βββ |
| Grafana | grafana.txt | 40+ | ββ |
| Kibana | kibana.txt | 30+ | β |
| Exposed Files | exposed.txt | N/A | βββ |
Perfect workflow for bug bounty:
# Step 1: Hunt with ShodanHunter
python3 shodanhunter.py -tech citrix -d target.com
# Step 2: Scan with Nuclei
cat targets.txt | nuclei -tags citrix,xss -severity high,critical -o vulns.txt
# Step 3: Review vulnerabilities
cat vulns.txtShodanHunter/
βββ shodanhunter.py # Main tool
βββ requirements.txt # Python dependencies
βββ README.md # This file
βββ queries/ # Query files directory
β βββ citrix.txt # Citrix/NetScaler queries
β βββ jenkins.txt # Jenkins queries
β βββ gitlab.txt # GitLab queries
β βββ jira.txt # Jira queries
β βββ confluence.txt # Confluence queries
β βββ wordpress.txt # WordPress queries
β βββ apache.txt # Apache Tomcat queries
β βββ grafana.txt # Grafana queries
β βββ kibana.txt # Kibana queries
β βββ exposed.txt # Exposed files queries
βββ examples/ # Example outputs
β βββ demo_output.txt
Contributions are welcome! See CONTRIBUTING.md for details.
- Fork the repository
- Create feature branch (
git checkout -b feature/NewTech) - Add queries to
queries/newtech.txt - Update
AVAILABLE_TECHinshodanhunter.py - Commit changes (
git commit -m 'Add NewTech support') - Push to branch (
git push origin feature/NewTech) - Open Pull Request
For educational and authorized security testing only.
- β Use only on bug bounty programs with permission
- β Read and follow program scope carefully
- β Do NOT use on unauthorized targets
- β Do NOT abuse Shodan API
The authors are not responsible for misuse of this tool.
This project is licensed under the MIT License - see LICENSE file.
- Inspired by real-world bug bounty hunting workflows
- Built for the security community
- Powered by Shodan
- Thanks to all contributors
- Twitter/X: @algamil7x
- GitHub: @algamil7x
- Issues: Report bugs
- Pull Requests: Contribute
Happy Hunting! π―π₯
Made with β€οΈ by Bug Bounty Hunters, for Bug Bounty Hunters
