Bug Bounty Recon Scanner

Pricing

from $0.20 / 1,000 results

Bug Bounty Recon Scanner

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.

Pricing

from $0.20 / 1,000 results

Rating

0.0

(0)

Developer

Isaac Muendo

Maintained by Community

Actor stats

Bookmarked

Total users

Monthly active users

17 days ago

Last modified

🎯 What It Does

The Bug Bounty Recon Scanner crawls your target domains and automatically flags high-impact vulnerabilities:

Exposed Admin Panels (/admin, /wp-admin, /login, /dashboard) - no auth required
Missing Security Headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, X-Content-Type-Options)
Sensitive File Exposure (.env, config.json, backup.sql, .git/HEAD)
HTTPS Issues (expired certs, HTTP fallback, weak configs)
Page Analysis (admin detection, sensitive content regex, form detection)

Perfect for: HackerOne, Bugcrowd, Intigriti hunters needing fast recon on new invites.

🚀 Key Features

Feature	Status	Bounty Impact
22+ Admin Paths	✅ Live	A1:2025 Broken Access Control
6 Security Headers	✅ Scored 0-30	A5:2025 Security Misconfiguration
Risk Scoring	✅ 0-100 per URL	Prioritization
SSL Bypass	✅ `ignoreHTTPSErrors`	Expired cert scanning
Error Resilience	✅ Network failures → dataset	100% completion
Dataset Views	✅ High-risk filtering	Apify Console

⚙️ Technical Specs

✅ PlaywrightCrawler (Crawlee 3.15.3)
✅ maxConcurrency: 2 (stable)
✅ maxRequestRetries: 1 (fast fail)
✅ 45 req/min rate limit
✅ 25s navigation timeout
✅ 2GB RAM / 1 CPU (production)
✅ Python analyzer (pandas)

🎪 Quick Start

Apify Console (Recommended)

Deployed Actor
Input → Run → View Dataset

📋 Input Configuration

Parameter	Type	Description	Default
`startUrls`	`array[{url:string}]`	Required `[{"url": "https://target.com"}]`	`[]`
`adminPaths`	`array[string]`	`["/admin", "/.env", "/config"]`	22 paths
`maxDepth`	`integer`	Link crawling (0=disable)	`2`
`maxRequests`	`integer`	Total limit	`500`
`checkXSS`	`boolean`	Form reflection test	`true`
`proxyConfiguration`	`object`	Apify Proxy (RESIDENTIAL)	`{}`

Example Input:

{
  "startUrls": [
    {"url": "https://example.com"},
    {"url": "https://google-gruyere.appspot.com"}
  ],
  "maxRequests": 100,
  "adminPaths": ["/admin", "/.env", "/config", "/login"]
}

📊 Sample Output

{
  "url": "https://im.com/admin",
  "status": 200,
  "type": "page",
  "isHttps": true,
  "riskScore": 30,
  "riskTags": ["sensitive_leak", "missing_headers"],
  "headerFindings": {
    "strict-transport-security": {"status": "missing", "score": 0}
  },
  "pageFindings": {
    "isSensitive": true
  },
  "timestamp": "2025-12-12T17:00:00Z"
}

Dataset Views (Apify Console):

High Risk (riskScore >= 70)
Exposed Admins (exposed_admin tag)
Network Errors (SSL failures, timeouts)

👥 Who Benefits

Role	Use Case
Bug Bounty Hunters	Map attack surface for HackerOne/Bugcrowd invites
Red Teamers	Engagement scoping + initial foothold discovery
DevSecOps	Pre-prod hardening audits across staging/prod
Pen Testers	Quick vuln discovery before Nuclei/ZAP deep scans
SREs	Monitor 3rd-party vendors for security drift

⚖️ Legal & Ethical Use

✅ Authorized targets only:

Domains you own
Bug bounty program scopes
Authorized pentest engagements
Your staging/prod environments

❌ Never scan:

Random websites
Competitor domains
Without explicit permission

Rate limited to 45 req/min with 3 concurrent browsers to respect targets.

🔗 Integrations (Upcoming)

Dataset → Burp Suite (JSON import)
      → Nuclei templates (endpoint discovery)
      → Slack/Zapier (high-risk webhook)
      → Google Sheets (team sharing)
      → GitHub Issues (vuln tracking)

🛠️ File Structure

bug_bounty_recon_scanner/
├── .actor/
│   ├── actor.json              # Actor metadata
│   ├── input_schema.json       # Input form schema
│   ├── output_schema.json      # Output validation
│   └── dataset_schema.json     # Dataset views
├── src/
│   └── main.js                 # Crawlee + Playwright core
├── Dockerfile                  # Node + Playwright + Python
├── package.json               # Dependencies
└── README.md                  # This file

🐛 Troubleshooting

Issue	Solution
SSL Errors	Auto-bypassed (`ignoreHTTPSErrors: true`)
Network Timeouts	Dataset entry with `network_error`
Memory	2GB allocated
No Proxy	`apify login` → RESIDENTIAL

📈 Dataset Views

High Risk (riskScore >= 70)
Exposed Admins (riskTags contains "exposed_admin")
Missing Headers (missing_headers tag)
Dataset Export → JSON/CSV/Excel

🤝 Support

Issues: Apify Console → Issues tab
Telegram → t.me/Iamuendo
Custom requests: Contact via Apify messaging

📜 Changelog

Version	Date	Changes
`0.1.7`	2025-12-12	Initial release
`0.2`	Soon™	WAF bypass + more paths

Built with ❤️ for the bug bounty community. Happy hunting!

Respect robots.txt | Stay legal | Report responsibly

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

SAHIL KUMAR

Google Play Review & Bug Report Extractor (AI-Powered)

apilab/google-play-review-bug-report-extractor

Extracts Google Play reviews and automatically converts them into structured bug reports. It identifies technical issues, assigns severity, suggests owners (Product/Engineering), and summarizes user complaints into actionable insights. Perfect for automating your QA and product feedback loop.

Apilab

Export Instagram Comments and Posts

apify/export-instagram-comments-posts

This unique tool allows you to scrape Instagram posts and its comments in one run. Export scraped data, run the scraper via API, schedule and monitor runs, or integrate with other tools.

Apify

2.5K

4.8

Website Security Auditor

zyrox/website-security-auditor

A powerful security tool to scan websites for exposed API keys and XSS vulnerabilities.

HIDDEN GHOST

📩 Google Maps Email Extractor

poidata/google-maps-email-extractor

Quickly collect all business details, including emails, phone numbers, and social media links from Google Maps listings and their websites. Export data as JSON or CSV. Run via API, schedule runs, or integrate with your tools.

Poidata

1.4K

3.2

Network Security Scanner

dz_omar/network-security-scanner

The SSL Checker actor scans IPs or subnets for SSL certificate details using masscan. It retrieves response headers, titles, and redirected URLs for HTTP and HTTPS. Customize parameters and set result limits for efficient scanning

FlowExtract API

5.0

TikTok Explore Scraper

clockworks/tiktok-explore-scraper

Extract data from TikTok explore categories including post, author, video, and music data. Export scraped data, run the scraper via API, schedule and monitor runs or integrate with other tools.

Clockworks

141

4.8

Best Tiktok Profile Scraper

scrape-creators/best-tiktok-profile-scraper

Scrape TikTok profiles and videos: get followers, shares, comments, hearts, links, video/music metadata. Export data, run via API, schedule jobs, monitor runs, and integrate with your tools.

Scrape Creators

300

1.0

Instagram Scraper

apify/instagram-scraper

Scrape and download Instagram posts, profiles, places, hashtags, photos, and comments. Get data from Instagram using one or more Instagram URLs or search queries. Export scraped data, run the scraper via API, schedule and monitor runs or integrate with other tools.

Apify

160K

4.7

TikTok Trends Scraper

clockworks/tiktok-trends-scraper

Scrape TikTok Trends data. Just add one or more channels and the scraper will extract related videos, posts, authors, music, and channel information. Export scraped data, run the scraper via API, schedule and monitor runs, or integrate with other tools.

Clockworks

583

4.6