Bug Bounty Recon Scanner

Bug Bounty Recon Scanner

by iamuendo

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised ...

11 runs
3 users
Try This Actor

Opens on Apify.com

About Bug Bounty Recon Scanner

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.

What does this actor do?

Bug Bounty Recon Scanner is a web scraping and automation tool available on the Apify platform. It's designed to help you extract data and automate tasks efficiently in the cloud.

Key Features

  • Cloud-based execution - no local setup required
  • Scalable infrastructure for large-scale operations
  • API access for integration with your applications
  • Built-in proxy rotation and anti-blocking measures
  • Scheduled runs and webhooks for automation

How to Use

  1. Click "Try This Actor" to open it on Apify
  2. Create a free Apify account if you don't have one
  3. Configure the input parameters as needed
  4. Run the actor and download your results

Documentation

Bug Bounty Recon Scanner Production-ready attack surface mapper for bug bounty hunters, red teams, and DevSecOps. Discovers exposed admin panels, missing security headers, sensitive files, and HTTPS issues across domains. Built in with robust error handling, SSL bypass, and dataset export. ## 🎯 What It Does The Bug Bounty Recon Scanner crawls your target domains and automatically flags high-impact vulnerabilities: - Exposed Admin Panels (/admin, /wp-admin, /login, /dashboard) - no auth required - Missing Security Headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, X-Content-Type-Options) - Sensitive File Exposure (.env, config.json, backup.sql, .git/HEAD) - HTTPS Issues (expired certs, HTTP fallback, weak configs) - Page Analysis (admin detection, sensitive content regex, form detection) Perfect for: HackerOne, Bugcrowd, Intigriti hunters needing fast recon on new invites. ## πŸš€ Key Features | Feature | Status | Bounty Impact | | :-- | :-- | :-- | | 22+ Admin Paths | βœ… Live | A1:2025 Broken Access Control | | 6 Security Headers | βœ… Scored 0-30 | A5:2025 Security Misconfiguration | | Risk Scoring | βœ… 0-100 per URL | Prioritization | | SSL Bypass | βœ… ignoreHTTPSErrors | Expired cert scanning | | Error Resilience | βœ… Network failures β†’ dataset | 100% completion | | Dataset Views | βœ… High-risk filtering | Apify Console | ## βš™οΈ Technical Specs βœ… PlaywrightCrawler (Crawlee 3.15.3) βœ… maxConcurrency: 2 (stable) βœ… maxRequestRetries: 1 (fast fail) βœ… 45 req/min rate limit βœ… 25s navigation timeout βœ… 2GB RAM / 1 CPU (production) βœ… Python analyzer (pandas) ## πŸŽͺ Quick Start ### Apify Console (Recommended) 1. Deployed Actor 2. Input β†’ Run β†’ View Dataset ## πŸ“‹ Input Configuration | Parameter | Type | Description | Default | | :-- | :-- | :-- | :-- | | startUrls | array[{url:string}] | Required [{"url": "https://target.com"}] | [] | | adminPaths | array[string] | ["/admin", "/.env", "/config"] | 22 paths | | maxDepth | integer | Link crawling (0=disable) | 2 | | maxRequests | integer | Total limit | 500 | | checkXSS | boolean | Form reflection test | true | | proxyConfiguration | object | Apify Proxy (RESIDENTIAL) | {} | Example Input: json { "startUrls": [ {"url": "https://example.com"}, {"url": "https://google-gruyere.appspot.com"} ], "maxRequests": 100, "adminPaths": ["/admin", "/.env", "/config", "/login"] } ## πŸ“Š Sample Output json { "url": "https://im.com/admin", "status": 200, "type": "page", "isHttps": true, "riskScore": 30, "riskTags": ["sensitive_leak", "missing_headers"], "headerFindings": { "strict-transport-security": {"status": "missing", "score": 0} }, "pageFindings": { "isSensitive": true }, "timestamp": "2025-12-12T17:00:00Z" } Dataset Views (Apify Console): - High Risk (riskScore >= 70) - Exposed Admins (exposed_admin tag) - Network Errors (SSL failures, timeouts) ## πŸ‘₯ Who Benefits | Role | Use Case | | :-- | :-- | | Bug Bounty Hunters | Map attack surface for HackerOne/Bugcrowd invites | | Red Teamers | Engagement scoping + initial foothold discovery | | DevSecOps | Pre-prod hardening audits across staging/prod | | Pen Testers | Quick vuln discovery before Nuclei/ZAP deep scans | | SREs | Monitor 3rd-party vendors for security drift | ## βš–οΈ Legal \& Ethical Use βœ… Authorized targets only: - Domains you own - Bug bounty program scopes - Authorized pentest engagements - Your staging/prod environments ❌ Never scan: - Random websites - Competitor domains - Without explicit permission Rate limited to 45 req/min with 3 concurrent browsers to respect targets. ## πŸ”— Integrations (Upcoming) Dataset β†’ Burp Suite (JSON import) β†’ Nuclei templates (endpoint discovery) β†’ Slack/Zapier (high-risk webhook) β†’ Google Sheets (team sharing) β†’ GitHub Issues (vuln tracking) ## πŸ› οΈ File Structure bug_bounty_recon_scanner/ β”œβ”€β”€ .actor/ β”‚ β”œβ”€β”€ actor.json # Actor metadata β”‚ β”œβ”€β”€ input_schema.json # Input form schema β”‚ β”œβ”€β”€ output_schema.json # Output validation β”‚ └── dataset_schema.json # Dataset views β”œβ”€β”€ src/ β”‚ └── main.js # Crawlee + Playwright core β”œβ”€β”€ Dockerfile # Node + Playwright + Python β”œβ”€β”€ package.json # Dependencies └── README.md # This file ## πŸ› Troubleshooting | Issue | Solution | | :-- | :-- | | SSL Errors | Auto-bypassed (ignoreHTTPSErrors: true) | | Network Timeouts | Dataset entry with network_error | | Memory | 2GB allocated | | No Proxy | apify login β†’ RESIDENTIAL | ## πŸ“ˆ Dataset Views - High Risk (riskScore >= 70) - Exposed Admins (riskTags contains "exposed_admin") - Missing Headers (missing_headers tag) - Dataset Export β†’ JSON/CSV/Excel ## 🀝 Support - Issues: Apify Console β†’ Issues tab - Telegram β†’ t.me/Iamuendo - Custom requests: Contact via Apify messaging ## πŸ“œ Changelog | Version | Date | Changes | | :-- | :-- | :-- | | 0.1.7 | 2025-12-12 | Initial release | | 0.2 | Soonβ„’ | WAF bypass + more paths | *** Built with ❀️ for the bug bounty community. Happy hunting! Respect robots.txt | Stay legal | Report responsibly

Categories

AUTOMATION INTEGRATIONS

Common Use Cases

Market Research

Gather competitive intelligence and market data

Lead Generation

Extract contact information for sales outreach

Price Monitoring

Track competitor pricing and product changes

Content Aggregation

Collect and organize content from multiple sources

Ready to Get Started?

Try Bug Bounty Recon Scanner now on Apify. Free tier available with no credit card required.

Start Free Trial

Actor Information

Developer
iamuendo
Pricing
Paid
Total Runs
11
Active Users
3

Related Actors

Video Transcript Scraper: Youtube, X, Facebook, Tiktok, etc.

Video Transcript Scraper: Youtube, X, Facebook, Tiktok, etc.

by invideoiq

 Linkedin Profile Details Scraper + EMAIL (No Cookies Required)

Linkedin Profile Details Scraper + EMAIL (No Cookies Required)

by apimaestro

 Twitter (X.com) Scraper Unlimited: No Limits

Twitter (X.com) Scraper Unlimited: No Limits

by apidojo

 Content Checker

Content Checker

by jakubbalada
Browse All Actors
Apify Platform

Apify provides a cloud platform for web scraping, data extraction, and automation. Build and run web scrapers in the cloud.

Learn more about Apify

Need Professional Help?

Couldn't solve your problem? Hire a verified specialist on Fiverr to get it done quickly and professionally.

Find a Specialist

Trusted by millions | Money-back guarantee | 24/7 Support