- Katılım
- 2 Ocak 2026
- Mesajlar
- 14
- Tepkime puanı
- 34
- Puan
- 13
Bug bounty yaparken bu kadar çok aracı aynı anda kullanmana gerek yok. Hatta çoğu zaman gerek bile yok. Asıl farkı yaratan şey; doğru metodoloji, hedefi anlayabilme, manuel test refleksi ve az ama etkili araçları derinlemesine kullanabilme becerisidir. Araç listeleri bir noktadan sonra insanı tool içinde boğar, “çalışıyormuş gibi hissettirir” ama gerçek bulgu üretmez. İyi bir hunter; önce manuel bakar, mantığı kurar, sonra gerektiği yerde aracı devreye sokar. Bug bounty’de başarı, kaç araç bildiğinle değil, ne aradığını ne zaman arayacağını bilmenle gelir.
Her aracı çalıştırmak verim değildir, otomasyon → manuel düşüncenin yerine geçmez, tool sadece büyüteçtir, akıl değildir.
Aşağıdaki liste bir ansiklopedi gibidir; hepsini kullanmak zorunda değilsin, bilmen yeterlidir, araçlar bilgi amaçlıdır.
"The quieter you become, the more you are able to hear." — Kali Linux
Her aracı çalıştırmak verim değildir, otomasyon → manuel düşüncenin yerine geçmez, tool sadece büyüteçtir, akıl değildir.
Aşağıdaki liste bir ansiklopedi gibidir; hepsini kullanmak zorunda değilsin, bilmen yeterlidir, araçlar bilgi amaçlıdır.
"The quieter you become, the more you are able to hear." — Kali Linux
| BÖLÜM 1 – RECON (KEŞİF) | |
| Subdomain Enumeration (Alt Alan Adı Keşfi) | ||
ARAÇ | ÖZELLİK | ADRES |
| Sublist3r | Penetrasyon testçileri için hızlı alt alan adı keşif aracıdır. |
GitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testersFast subdomains enumeration tool for penetration testers - aboul3la/Sublist3r
github.com
|
| High-performance DNS stub resolver | Toplu DNS sorguları ve recon için yüksek performanslı DNS çözümleyici. |
GitHub - blechschmidt/massdns: A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) - blechschmidt/massdns
github.com
|
| Findomain | Çok hızlı, çapraz platform alt alan adı keşif aracıdır. |
GitHub - Findomain/Findomain: The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sThe fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, ...
github.com
|
| Sudomy | Bug bounty ve pentest için otomatik recon yapan alt alan adı toplama ve analiz aracıdır. |
GitHub - screetsec/Sudomy: Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentestingSudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting - screetsec/Sudomy
github.com
|
| chaos-client | Chaos DNS API ile iletişim kurmak için kullanılan Go istemcisidir. |
GitHub - projectdiscovery/chaos-client: Go client to communicate with Chaos DB API.Go client to communicate with Chaos DB API. . Contribute to projectdiscovery/chaos-client development by creating an account on GitHub.
github.com
|
| domained | Birden fazla yöntemi kullanan çok amaçlı alt alan adı keşif aracıdır. |
GitHub - TypeError/domained: Multi Tool Subdomain EnumerationMulti Tool Subdomain Enumeration. Contribute to TypeError/domained development by creating an account on GitHub.
github.com
|
| shuffledns | Özelleştirilebilir resolver listeleriyle hızlı DNS brute-force yapar. |
GitHub - projectdiscovery/shuffledns: MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support. - projectdiscovery/shuffledns
github.com
|
| puredns | Wildcard filtreleme destekli hızlı DNS çözümleme ve brute-force aracıdır. |
GitHub - d3mondev/puredns: Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. - d3mondev/puredns
github.com
|
| Turbolist3r | Bulunan domainleri analiz eden alt alan adı keşif aracıdır. |
GitHub - fleetcaptain/Turbolist3r: Subdomain enumeration tool with analysis features for discovered domainsSubdomain enumeration tool with analysis features for discovered domains - fleetcaptain/Turbolist3r
github.com
|
| as3nt | Alternatif bir alt alan adı keşif aracıdır. |
GitHub - cinerieus/as3nt: Another Subdomain ENumeration ToolAnother Subdomain ENumeration Tool. Contribute to cinerieus/as3nt development by creating an account on GitHub.
github.com
|
| Subra | subfinder tabanlı web arayüzlü alt alan adı keşif aracıdır. |
GitHub - si9int/Subra: A Web-UI for subdomain enumeration (subfinder)A Web-UI for subdomain enumeration (subfinder). Contribute to si9int/Subra development by creating an account on GitHub.
github.com
|
| Substr3am | Gerçek zamanlı olarak subdomain ve endpoint yakalamaya odaklanır. |
GitHub - nexxai/Substr3am: Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issuedPassive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued - nexxai/Substr3am
github.com
|
| Recon-ng | Recon-ng framework’ü için domain keşif scriptidir. |
GitHub - lanmaster53/recon-ng: Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources. - lanmaster53/recon-ng
github.com
|
| altdns | Alt alan adı permütasyonları üretip DNS üzerinden doğrular. |
GitHub - infosec-au/altdns: Generates permutations, alterations and mutations of subdomains and then resolves themGenerates permutations, alterations and mutations of subdomains and then resolves them - infosec-au/altdns
github.com
|
| brutesubs | Docker üzerinden paralel subdomain brute-force otomasyon framework’üdür. |
GitHub - anshumanbh/brutesubs: An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker ComposeAn automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose - anshumanbh/brutesubs
github.com
|
| dnscan | Wordlist tabanlı Python DNS subdomain tarayıcısıdır. |
GitHub - rbsec/dnscanContribute to rbsec/dnscan development by creating an account on GitHub.
github.com
|
| hakrevdns | Reverse DNS üzerinden subdomain keşfi yapar. |
GitHub - hakluke/hakrevdns: Small, fast tool for performing reverse DNS lookups en masse.Small, fast tool for performing reverse DNS lookups en masse. - hakluke/hakrevdns
github.com
|
| knock | Wordlist kullanarak subdomain keşfi yapan Python aracıdır. |
GitHub - guelfoweb/knockpy: Knock Subdomain ScanKnock Subdomain Scan. Contribute to guelfoweb/knockpy development by creating an account on GitHub.
github.com
|
| dnsx | Çok amaçlı, yüksek hızlı DNS sorgu aracıdır. |
GitHub - projectdiscovery/dnsx: dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. - projectdiscovery/dnsx
github.com
|
| subfinder | Pasif kaynaklar üzerinden geçerli alt alan adlarını keşfeder. |
GitHub - projectdiscovery/subfinder: Fast passive subdomain enumeration tool.Fast passive subdomain enumeration tool. Contribute to projectdiscovery/subfinder development by creating an account on GitHub.
github.com
|
| crtndstry | SSL sertifikalarından subdomain toplayan araçtır. |
GitHub - nahamsec/crtndstry: Yet another subdomain finderYet another subdomain finder. Contribute to nahamsec/crtndstry development by creating an account on GitHub.
github.com
|
| VHostScan | Virtual host taraması yaparak gizli siteleri bulur. |
GitHub - codingo/VHostScan: A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. - codingo/VHostScan
github.com
|
| scilla | DNS, subdomain, port ve dizin keşfi yapan bilgi toplama aracıdır. |
GitHub - edoardottt/scilla: Information Gathering tool - DNS / Subdomains / Ports / Directories enumerationInformation Gathering tool - DNS / Subdomains / Ports / Directories enumeration - edoardottt/scilla
github.com
|
| sub3suite | Araştırma odaklı subdomain ve attack surface haritalama araç setidir. |
GitHub - 3nock/OTE: OSINT Template EngineOSINT Template Engine. Contribute to 3nock/OTE development by creating an account on GitHub.
github.com
|
| cero | SSL sertifikalarından domain isimleri toplar. |
GitHub - glebarez/cero: Scrape domain names from SSL certificates of arbitrary hostsScrape domain names from SSL certificates of arbitrary hosts - glebarez/cero
github.com
|
| Port Scanning (Port Taraması) | ||
| Masscan | Asenkron SYN paketleriyle çok hızlı TCP port taraması yapar. |
GitHub - robertdavidgraham/masscan: TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. - robertdavidgraham/masscan
github.com
|
| RustScan | Modern, hızlı ve Nmap entegrasyonlu port tarayıcıdır. |
GitHub - bee-san/RustScan: 🤖 The Modern Port Scanner 🤖🤖 The Modern Port Scanner 🤖. Contribute to bee-san/RustScan development by creating an account on GitHub.
github.com
|
| naabu | Basit ve güvenilir Go tabanlı port tarayıcıdır. |
GitHub - projectdiscovery/naabu: A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentestsA fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests - project...
github.com
|
| nmap | Ağ keşfi ve servis tespiti için endüstri standardıdır. |
GitHub - nmap/nmap: Nmap - the Network Mapper. Github mirror of official SVN repository.Nmap - the Network Mapper. Github mirror of official SVN repository. - nmap/nmap
github.com
|
| sandmap | Gelişmiş profillerle çalışan Nmap otomasyon aracıdır. |
GitHub - trimstray/sandmap: Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles. - trimstray/sandmap
github.com
|
| ScanCannon | Büyük hedef listeleri için optimize edilmiş tarama aracıdır. |
GitHub - johnnyxmas/ScanCannon: A script for credentials-based attack surface enumeration and general reconnaissance of massive networksA script for credentials-based attack surface enumeration and general reconnaissance of massive networks - johnnyxmas/ScanCannon
github.com
|
| BÖLÜM 2 – GÖRSEL KEŞİF, TEKNOLOJİ & İÇERİK | ||
| Screenshots (Ekran Görüntüsü Alma) | ||
| EyeWitness | Web sitelerinin ekran görüntüsünü alır, server header bilgilerini toplar ve varsayılan kimlik bilgilerini tespit etmeye çalışır. |
GitHub - RedSiege/EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. - RedSiege/EyeWitness
github.com
|
| aquatone | Çok sayıda host üzerinde HTTP tabanlı saldırı yüzeyini görsel olarak incelemek için kullanılır. |
GitHub - michenriksen/aquatone: A Tool for Domain FlyoversA Tool for Domain Flyovers. Contribute to michenriksen/aquatone development by creating an account on GitHub.
github.com
|
| screenshoteer | Komut satırından web sitesi ve mobil görünüm ekran görüntüsü alır. |
GitHub - vladocar/screenshoteer: Make website screenshots and mobile emulations from the command line.Make website screenshots and mobile emulations from the command line. - vladocar/screenshoteer
github.com
|
| gowitness | Headless Chrome kullanan Go tabanlı web ekran görüntüsü aracıdır. |
GitHub - sensepost/gowitness: 🔍 gowitness - a golang, web screenshot utility using Chrome Headless🔍 gowitness - a golang, web screenshot utility using Chrome Headless - sensepost/gowitness
github.com
|
| WitnessMe | Pyppeteer (headless Chrome) kullanarak web sayfalarının ekran görüntüsünü alır ve envanter çıkarır. |
GitHub - byt3bl33d3r/WitnessMe: Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier. - byt3bl33d3r/WitnessMe
github.com
|
| scrying | RDP, web ve VNC servislerinden ekran görüntüsü toplayan merkezi araçtır. |
GitHub - nccgroup/scrying: A tool for collecting RDP, web and VNC screenshots all in one placeA tool for collecting RDP, web and VNC screenshots all in one place - nccgroup/scrying
github.com
|
| Depix | Pikselize edilmiş görüntülerden veri kurtarmaya odaklanır. |
GitHub - spipm/Depixelization_poc: Depix is a PoC for a technique to recover plaintext from pixelized screenshots.Depix is a PoC for a technique to recover plaintext from pixelized screenshots. - spipm/Depixelization_poc
github.com
|
| httpscreenshot | Çok sayıda web sitesinin ekran görüntüsünü ve HTML içeriğini toplar. |
GitHub - breenmachine/httpscreenshotContribute to breenmachine/httpscreenshot development by creating an account on GitHub.
github.com
|
| Technologies (Teknoloji Tespiti) | ||
| wappalyzer | Web sitelerinde kullanılan framework, CMS, sunucu ve kütüphaneleri tespit eder. | |
| webanalyze | Web teknolojilerini tanımlamak için Wappalyzer benzeri çalışan araçtır. |
GitHub - rverton/webanalyze: Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning. - rverton/webanalyze
github.com
|
| python-builtwith | BuiltWith API kullanan Python istemcisidir. |
GitHub - claymation/python-builtwith: BuiltWith API clientBuiltWith API client. Contribute to claymation/python-builtwith development by creating an account on GitHub.
github.com
|
| whatweb | Gelişmiş fingerprint teknikleriyle web teknolojilerini tanımlar. |
GitHub - urbanadventurer/WhatWeb: Next generation web scannerNext generation web scanner. Contribute to urbanadventurer/WhatWeb development by creating an account on GitHub.
github.com
|
| retire.js | Güvenlik açığı bulunan JavaScript kütüphanelerini tespit eder. |
GitHub - RetireJS/retire.js: scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds. - RetireJS/retire.js
github.com
|
| httpx | HTTP servislerini hızlıca doğrulamak, probe etmek ve fingerprint almak için kullanılır. |
GitHub - projectdiscovery/httpx: httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. - projectdiscovery/httpx
github.com
|
| fingerprintx | Açık portlardaki servisleri fingerprint eden bağımsız keşif aracıdır. |
GitHub - praetorian-inc/fingerprintx: Standalone utility for service discovery on open ports!Standalone utility for service discovery on open ports! - GitHub - praetorian-inc/fingerprintx: Standalone utility for service discovery on open ports!
github.com
|
| Content Discovery (İçerik Keşfi) | ||
| gobuster | Web dizinleri, dosyalar, DNS ve VHost brute-force işlemleri yapar. |
GitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in GoDirectory/File, DNS and VHost busting tool written in Go - OJ/gobuster
github.com
|
| recursebuster | Recursive dizin brute-force işlemi yapar. |
GitHub - C-Sto/recursebuster: rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessmentsrapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments - C-Sto/recursebuster
github.com
|
| feroxbuster | Hızlı ve recursive çalışan Rust tabanlı içerik keşif aracıdır. |
GitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.A fast, simple, recursive content discovery tool written in Rust. - epi052/feroxbuster
github.com
|
| dirsearch (Python) | Web dizin ve dosya taraması yapan klasik araçtır. |
GitHub - maurosoria/dirsearch: Web path scannerWeb path scanner. Contribute to maurosoria/dirsearch development by creating an account on GitHub.
github.com
|
| dirsearch (Go) | dirsearch’ün Go ile yazılmış versiyonudur. |
GitHub - evilsocket/dirsearch: A Go implementation of dirsearch.A Go implementation of dirsearch. Contribute to evilsocket/dirsearch development by creating an account on GitHub.
github.com
|
| filebuster | Çok hızlı ve esnek web fuzzer aracıdır. |
GitHub - henshin/filebuster: An extremely fast and flexible web fuzzerAn extremely fast and flexible web fuzzer. Contribute to henshin/filebuster development by creating an account on GitHub.
github.com
|
| dirstalk | Dirbuster/Dirb araçlarına modern bir alternatiftir. |
GitHub - stefanoj3/dirstalk: Modern alternative to dirbuster/dirbModern alternative to dirbuster/dirb. Contribute to stefanoj3/dirstalk development by creating an account on GitHub.
github.com
|
| dirbuster-ng | Java tabanlı DirBuster’ın C ile yazılmış CLI versiyonudur. |
GitHub - digination/dirbuster-ng: dirbuster-ng is C CLI implementation of the Java dirbuster tooldirbuster-ng is C CLI implementation of the Java dirbuster tool - digination/dirbuster-ng
github.com
|
| gospider | Hızlı Go tabanlı web crawler/spider aracıdır. |
GitHub - jaeles-project/gospider: Gospider - Fast web spider written in GoGospider - Fast web spider written in Go. Contribute to jaeles-project/gospider development by creating an account on GitHub.
github.com
|
| hakrawler | Basit ve hızlı link ile içerik keşfi yapan crawler’dır. |
GitHub - hakluke/hakrawler: Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web applicationSimple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application - hakluke/hakrawler
github.com
|
| crawley | Unix felsefesine uygun, hızlı ve özellikli web crawler’dır. |
GitHub - s0rg/crawley: The unix-way web crawlerThe unix-way web crawler. Contribute to s0rg/crawley development by creating an account on GitHub.
github.com
|
| BÖLÜM 3 – LINK, PARAMETRE & FUZZING | DEVAMI BİR SONRAKİ KONUDA EKLENECEKTİR | TOPLAM 13 BÖLÜM BULUNMAKTADIR |
