Skip to content

Micro0x00/Arsenal

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

118 Commits
Arsenal.sh
Arsenal.sh
 
 
README.md
README.md
 
 

Repository files navigation

Arsenal

arsenal

Bug Bounty Toolkit Installer — v3

Arsenal is a Bash script that automatically installs and configures the most important Bug Bounty & penetration testing tools on Debian/Ubuntu Linux — saving you hours of manual setup on every new machine.

⚠️ Disclaimer

This toolkit is intended for authorized security testing and bug bounty hunting only. Only use these tools against systems you have explicit permission to test. The author is not responsible for any misuse or damage caused.

Tools in Arsenal

ProjectDiscovery Suite

Name Description
httpX Fast and multi-purpose HTTP toolkit for probing live hosts and fingerprinting
Subfinder Passive subdomain enumeration tool leveraging dozens of online APIs
Nuclei Template-based vulnerability scanner — updated to v3
dnsX Fast and multi-purpose DNS toolkit for running multiple DNS queries
Katana Next-generation crawling and spidering framework with headless browser support
Naabu Fast SYN/CONNECT port scanner written in Go
shuffleDNS Wrapper around massdns for active subdomain bruteforce with wildcard handling
uncover Go wrapper for search engines (Shodan, Fofa, Censys) to discover exposed hosts
asnmap Quickly map organization IP ranges using ASN information
mapCIDR CIDR manipulation and load distribution for mass scanning operations
tlsx Fast TLS/SSL prober for certificate data and technology detection (new)
alterx Fast and customizable subdomain wordlist generator using DSL patterns (new)
cvemap Navigate the CVE jungle — search and explore vulnerabilities (new)

Tomnomnom Tools

Name Description
httprobe Take a list of domains and probe for working HTTP/HTTPS servers
assetfinder Find domains and subdomains related to a given domain via passive sources
gf A wrapper around grep to avoid typing common patterns
meg Fetch paths for many hosts in parallel while being nice to servers
waybackurls Fetch known URLs from the Wayback Machine for a given domain
anew Append unique lines to a file — essential for deduplication in pipelines (new)
unfurl Extract specific components (keys, values, paths) from URLs (new)

Fuzzing & Scanning

Name Description
ffuf Fast web fuzzer written in Go — updated to v2
Gobuster Brute-force DNS, web content, and open S3 buckets
dalfox Powerful XSS scanner and parameter analyzer
CRLFuzz Fast CRLF injection vulnerability scanner

Recon & OSINT

Name Description
GoSpider Fast web spider written in Go
Hakrawler Simple and fast Go web crawler for URLs and JS file discovery
subzy Subdomain takeover checker using fingerprints from can-i-take-over-xyz
socialhunter Finds broken social media links that can be hijacked
csprecon Discover new target domains using Content Security Policy headers
Gotator Generate DNS wordlists through permutations
getJS Extract all JavaScript files from a set of given URLs
jsleak Uncover secrets, tokens, and endpoints inside JavaScript files
GoLinkFinder Minimal JS endpoint extractor from HTML and JavaScript
osmedeus Workflow engine for offensive security recon
dontGO403 Tool to bypass 40X errors using multiple techniques

Ruby Tools

Name Description
wpscan WordPress vulnerability scanner

Python Tools

Name Description
knockpy Fast subdomain enumeration via dictionary attack

Optional Tools (prompted during install)

Name Description
XSS-Strike Advanced XSS detection suite
ParamSpider Parameter discovery from web archives
Arjun HTTP parameter brute-forcer for URL endpoints
JWT Toolkit v2 Validate, forge, scan, and tamper JWTs
Logsensor Discover login panels and scan POST forms for SQLi
Altdns Subdomain permutations and alterations
xnLinkFinder Discover endpoints by crawling a target
NoSQLMap Automate NoSQL injection attacks and audit default configs
GraphQLmap Scripting engine for GraphQL endpoint pentesting
commix Automated command injection detection and exploitation
WhatWeb Next-generation web technology fingerprinter
HTTP Request Smuggling HTTP request smuggling detection tool
Gitleaks Scan git repos for secrets and leaked keys

Requirements ✔️

Requirement Details
OS Debian / Ubuntu (22.04 / 24.04 recommended)
Privileges Must run as root
Architecture x86-64 (amd64)
Go 1.26.2 — auto-installed & auto-upgraded
Python / Ruby / Rust / Git All auto-installed

All dependencies are handled automatically by the script.

Go Installation (Manual — optional)

If you prefer to install Go manually before running the script:

sudo apt-get remove -y golang-go
sudo rm -rf /usr/local/go
wget https://go.dev/dl/go1.26.2.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.26.2.linux-amd64.tar.gz

# Add to /etc/profile or ~/.bashrc:
export GOPATH=$HOME/go
export PATH=$PATH:/usr/local/go/bin
export PATH=$PATH:$GOPATH/bin

source /etc/profile

How to Install

git clone https://github.com/Micro0x00/Arsenal.git
cd Arsenal
sudo chmod +x arsenal.sh
sudo ./arsenal.sh

After installation, reload your PATH:

source /etc/profile.d/go.sh

Quick Recon Workflow

# 1. Passive subdomain discovery
subfinder -d target.com -o subs.txt

# 2. Generate permutations and resolve
alterx -l subs.txt | dnsx -silent >> subs.txt

# 3. Probe live hosts
cat subs.txt | httpx -silent -o live.txt

# 4. Port scan
naabu -l live.txt -o ports.txt

# 5. Crawl
katana -l live.txt -o urls.txt

# 6. Vulnerability scan
nuclei -l live.txt -o vulns.txt

Folder Structure

~/Arsenal/
├── arsenal.sh          # Main installer
├── dontgo403/          # Built from source
├── knock/              # knockpy
├── XSStrike/           # Optional
├── ParamSpider/        # Optional
├── Arjun/              # Optional
├── jwt_tool/           # Optional
├── Gf-Patterns/        # gf patterns → auto-copied to ~/.gf
└── ...

Go binaries → ~/go/bin and /usr/local/bin

Changelog

v3 — 2025

  • Upgraded Go 1.22.31.26.2 with automatic upgrade on outdated installs
  • Upgraded Nuclei v2v3 (breaking import path change)
  • Upgraded ffuf v1v2
  • Added: naabu, tlsx, alterx, cvemap, anew, unfurl
  • Added: automatic gf-patterns setup
  • Fixed: dontgo403 re-installing on every run
  • Fixed: go get replaced with go mod tidy (deprecated in modern Go)
  • Fixed: pip3 updated for Ubuntu 24.04 compatibility (--break-system-packages)
  • Fixed: Go PATH now persisted via /etc/profile.d/go.sh
  • Refactored with helper functions — no more repeated code blocks
  • Added color-coded output and install summary

v2 — 2023

  • Initial public release

arsenal

Support:

Micro0x00



About

Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty

Topics

shell osint hacking penetration-testing bug-bounty infosec pentesting recon bugbounty security-tools reconnaissance

Resources

Readme
Activity

Stars

285 stars

Watchers

4 watching

Forks

44 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages