Scope-aware recon orchestration for bug bounty programs.
$ bounthunt monitor scope.yaml
🔄 Starting monitoring loop...
[INFO] Checking scope.yaml...
[INFO] Scan completed. 12 new hosts discovered.
[INFO] 2 new endpoints found on example.com
[INFO] 1 new vulnerability found via nuclei
[SUCCESS] Sending notification to Telegram...
$ bounthunt report --format html
📊 Generating diff report...
✅ Report saved to reports/diff_2026_07_12.html| Question | Manual approach | With bounthunt |
|---|---|---|
| What changed since last week? | diff two terminal buffers |
bounthunt monitor |
| Did I scan out of scope? | "Hope you checked" | Scope guard blocks it |
| Where is my scan data? | Scattered text files | SQLite with full history |
| Can I share findings? | Paste terminal output | Professional HTML/MD reports |
- Scope Guard — YAML allow/deny list prevents accidental out-of-scope scanning
- Diff Monitoring — Tracks new hosts, ports, findings, endpoints across scan runs
- SQLite Persistence — Every scan stored with timestamps, queryable and auditable
- Professional Reports — HTML/Markdown via Jinja2 with diff sections
- Smart Notifications — Telegram and Discord webhook alerts on changes
- Dockerized Workflow — Multi-stage Docker build,
docker compose up -dfor 24/7 scans
- Language: Python 3.11+
- Orchestration: subfinder · dnsx · httpx · naabu · nuclei · katana
- Database: SQLite
- Reports: Jinja2
- Notifications: Telegram / Discord webhooks
- Deployment: Docker
graph TD
S[Scope YAML] --> G{Scope Guard}
G -->|allow| SF[subfinder]
SF --> DX[dnsx]
DX --> HX[httpx]
HX --> NB[naabu]
NB --> NC[nuclei]
NC --> KT[katana]
KT --> SC[secrets]
SC --> DB[(SQLite)]
DB --> DIFF[Diff Engine]
DIFF --> RPT[Report]
DIFF --> NOT[Notifications]
NOT --> TG[Telegram]
NOT --> DC[Discord]
G -->|deny| X[❌ Blocked]
- Python 3.11+
- Docker (recommended) or Go tools installed locally
docker compose build
docker compose run --rm bounthunt scan /data/scope.yaml --all
docker compose up -dgit clone https://github.com/bess1lie/bounthunt.git
cd bounthunt
pip install .
bounthunt init scope.yaml
bounthunt scan scope.yaml --all| Feature | Status |
|---|---|
| Core Recon Pipeline | ✅ |
| Scope Guard & Diff Engine | ✅ |
| SQLite Persistence | ✅ |
| Docker Deployment | ✅ |
| Real-time Web Dashboard | 🚧 In Progress |
| Custom Notification Templates | 🔮 Planned |
Contributions welcome! See CONTRIBUTING.md.
MIT — see LICENSE.