# Bug Bounty Recon Scanner (`p4ck37pun5/bug-bounty-recon-scanner`) Actor

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.

- **URL**: https://apify.com/p4ck37pun5/bug-bounty-recon-scanner.md
- **Developed by:** [Packetpuns](https://apify.com/p4ck37pun5) (community)
- **Categories:** Automation, Integrations
- **Stats:** 23 total users, 0 monthly users, 100.0% runs succeeded, 0 bookmarks
- **User rating**: No ratings yet

## Pricing

from $0.20 / 1,000 results

This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events.

Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event

## What's an Apify Actor?

Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases.
In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours,
and optionally produces a well-defined JSON output, datasets with results, or files in key-value store.
In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server.
Actors are written with capital "A".

## How to integrate an Actor?

If asked about integration, you help developers integrate Actors into their projects.
You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready.
The best way to integrate Actors is as follows.

In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md):

```bash
npm install apify-client
```

In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md):

```bash
pip install apify-client
```

In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md):

````bash
# MacOS / Linux
curl -fsSL https://apify.com/install-cli.sh | bash
# Windows
irm https://apify.com/install-cli.ps1 | iex
```bash

In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md).

If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md).

For usage examples, see the [API](#api) section below.

For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt).


# README

## Bug Bounty Recon Scanner

**Production-ready attack surface mapper** for bug bounty hunters, red teams, and DevSecOps. Discovers exposed admin panels, missing security headers, sensitive files, and HTTPS issues across domains. Built in with robust error handling, SSL bypass, and dataset export.

### 🎯 What It Does

The Bug Bounty Recon Scanner crawls your target domains and automatically flags **high-impact vulnerabilities**:

- **Exposed Admin Panels** (`/admin`, `/wp-admin`, `/login`, `/dashboard`) - no auth required
- **Missing Security Headers** (HSTS, CSP, X-Frame-Options, Referrer-Policy, X-Content-Type-Options)
- **Sensitive File Exposure** (`.env`, `config.json`, `backup.sql`, `.git/HEAD`)
- **HTTPS Issues** (expired certs, HTTP fallback, weak configs)
- **Page Analysis** (admin detection, sensitive content regex, form detection)

**Perfect for:** HackerOne, Bugcrowd, Intigriti hunters needing fast recon on new invites.

### 🚀 Key Features

| Feature | Status | Bounty Impact |
| :-- | :-- | :-- |
| **22+ Admin Paths** | ✅ Live | **A1:2025 Broken Access Control** |
| **6 Security Headers** | ✅ Scored 0-30 | **A5:2025 Security Misconfiguration** |
| **Risk Scoring** | ✅ 0-100 per URL | **Prioritization** |
| **SSL Bypass** | ✅ `ignoreHTTPSErrors` | **Expired cert scanning** |
| **Error Resilience** | ✅ Network failures → dataset | **100% completion** |
| **Dataset Views** | ✅ High-risk filtering | **Apify Console** |

### ⚙️ Technical Specs

````

✅ PlaywrightCrawler (Crawlee 3.15.3)
✅ maxConcurrency: 2 (stable)
✅ maxRequestRetries: 1 (fast fail)
✅ 45 req/min rate limit
✅ 25s navigation timeout
✅ 2GB RAM / 1 CPU (production)
✅ Python analyzer (pandas)

````

### 🎪 Quick Start

#### **Apify Console** (Recommended)

1. [Deployed Actor](https://console.apify.com/actors/ZTjdNekNaSBdrc9o4)
2. Input → Run → View Dataset


### 📋 Input Configuration

| Parameter | Type | Description | Default |
| :-- | :-- | :-- | :-- |
| `startUrls` | `array[{url:string}]` | **Required** `[{"url": "https://target.com"}]` | `[]` |
| `adminPaths` | `array[string]` | `["/admin", "/.env", "/config"]` | 22 paths |
| `maxDepth` | `integer` | Link crawling (0=disable) | `2` |
| `maxRequests` | `integer` | Total limit | `500` |
| `checkXSS` | `boolean` | Form reflection test | `true` |
| `proxyConfiguration` | `object` | Apify Proxy (RESIDENTIAL) | `{}` |

**Example Input:**

```json
{
  "startUrls": [
    {"url": "https://example.com"},
    {"url": "https://google-gruyere.appspot.com"}
  ],
  "maxRequests": 100,
  "adminPaths": ["/admin", "/.env", "/config", "/login"]
}
````

### 📊 Sample Output

```json
{
  "url": "https://im.com/admin",
  "status": 200,
  "type": "page",
  "isHttps": true,
  "riskScore": 30,
  "riskTags": ["sensitive_leak", "missing_headers"],
  "headerFindings": {
    "strict-transport-security": {"status": "missing", "score": 0}
  },
  "pageFindings": {
    "isSensitive": true
  },
  "timestamp": "2025-12-12T17:00:00Z"
}
```

**Dataset Views (Apify Console):**

- **High Risk** (`riskScore >= 70`)
- **Exposed Admins** (`exposed_admin` tag)
- **Network Errors** (SSL failures, timeouts)

### 👥 Who Benefits

| Role | Use Case |
| :-- | :-- |
| **Bug Bounty Hunters** | Map attack surface for HackerOne/Bugcrowd invites |
| **Red Teamers** | Engagement scoping + initial foothold discovery |
| **DevSecOps** | Pre-prod hardening audits across staging/prod |
| **Pen Testers** | Quick vuln discovery before Nuclei/ZAP deep scans |
| **SREs** | Monitor 3rd-party vendors for security drift |

### ⚖️ Legal & Ethical Use

✅ **Authorized targets only:**

- Domains you own
- Bug bounty program scopes
- Authorized pentest engagements
- Your staging/prod environments

❌ **Never scan:**

- Random websites
- Competitor domains
- Without explicit permission

**Rate limited** to 45 req/min with 3 concurrent browsers to respect targets.

### 🔗 Integrations (Upcoming)

```
Dataset → Burp Suite (JSON import)
      → Nuclei templates (endpoint discovery)
      → Slack/Zapier (high-risk webhook)
      → Google Sheets (team sharing)
      → GitHub Issues (vuln tracking)
```

### 🛠️ File Structure

```
bug_bounty_recon_scanner/
├── .actor/
│   ├── actor.json              # Actor metadata
│   ├── input_schema.json       # Input form schema
│   ├── output_schema.json      # Output validation
│   └── dataset_schema.json     # Dataset views
├── src/
│   └── main.js                 # Crawlee + Playwright core
├── Dockerfile                  # Node + Playwright + Python
├── package.json               # Dependencies
└── README.md                  # This file
```

### 🐛 Troubleshooting

| Issue | Solution |
| :-- | :-- |
| **SSL Errors** | Auto-bypassed (`ignoreHTTPSErrors: true`) |
| **Network Timeouts** | Dataset entry with `network_error` |
| **Memory** | 2GB allocated |
| **No Proxy** | `apify login` → RESIDENTIAL |

### 📈 Dataset Views

- **High Risk** (`riskScore >= 70`)
- **Exposed Admins** (`riskTags contains "exposed_admin"`)
- **Missing Headers** (`missing_headers` tag)
- **Dataset Export** → JSON/CSV/Excel

### 🤝 Support

- **Issues**: Apify Console → Issues tab
- **Telegram** → [`t.me/Iamuendo`](https://t.me/Iamuendo)
- **Custom requests**: Contact via Apify messaging

### 📜 Changelog

| Version | Date | Changes |
| :-- | :-- | :-- |
| `0.1.7` | 2025-12-12 | Initial release |
| `0.2` | Soon™ | WAF bypass + more paths |

***

**Built with ❤️ for the bug bounty community. Happy hunting!**

*Respect `robots.txt` | Stay legal | Report responsibly*

# Actor input Schema

## `startUrls` (type: `array`):

List of starting URLs or domains to scan for vulnerabilities.

## `adminPaths` (type: `array`):

Select common admin/sensitive paths to probe (multi-select).

## `maxDepth` (type: `integer`):

Maximum link levels to follow from start URLs.

## `maxRequests` (type: `integer`):

Total HTTP requests limit per run.

## `checkXSS` (type: `boolean`):

Test basic XSS reflection on forms (non-intrusive).

## `proxyConfiguration` (type: `object`):

Proxy configuration for WAF bypass and geo-targeting.

## Actor input object example

```json
{
  "startUrls": [
    {
      "url": "https://httpbin.org"
    },
    {
      "url": "https://example.com"
    }
  ],
  "adminPaths": [
    "/admin",
    "/admin/login",
    "/wp-admin",
    "/login"
  ],
  "maxDepth": 2,
  "maxRequests": 500,
  "checkXSS": true
}
```

# Actor output Schema

## `scanResults` (type: `string`):

No description

# API

You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup.

## JavaScript example

```javascript
import { ApifyClient } from 'apify-client';

// Initialize the ApifyClient with your Apify API token
// Replace the '<YOUR_API_TOKEN>' with your token
const client = new ApifyClient({
    token: '<YOUR_API_TOKEN>',
});

// Prepare Actor input
const input = {
    "startUrls": [
        {
            "url": "https://httpbin.org"
        },
        {
            "url": "https://example.com"
        }
    ]
};

// Run the Actor and wait for it to finish
const run = await client.actor("p4ck37pun5/bug-bounty-recon-scanner").call(input);

// Fetch and print Actor results from the run's dataset (if any)
console.log('Results from dataset');
console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`);
const { items } = await client.dataset(run.defaultDatasetId).listItems();
items.forEach((item) => {
    console.dir(item);
});

// 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs

```

## Python example

```python
from apify_client import ApifyClient

# Initialize the ApifyClient with your Apify API token
# Replace '<YOUR_API_TOKEN>' with your token.
client = ApifyClient("<YOUR_API_TOKEN>")

# Prepare the Actor input
run_input = { "startUrls": [
        { "url": "https://httpbin.org" },
        { "url": "https://example.com" },
    ] }

# Run the Actor and wait for it to finish
run = client.actor("p4ck37pun5/bug-bounty-recon-scanner").call(run_input=run_input)

# Fetch and print Actor results from the run's dataset (if there are any)
print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"])
for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

# 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start

```

## CLI example

```bash
echo '{
  "startUrls": [
    {
      "url": "https://httpbin.org"
    },
    {
      "url": "https://example.com"
    }
  ]
}' |
apify call p4ck37pun5/bug-bounty-recon-scanner --silent --output-dataset

```

## MCP server setup

```json
{
    "mcpServers": {
        "apify": {
            "command": "npx",
            "args": [
                "mcp-remote",
                "https://mcp.apify.com/?tools=p4ck37pun5/bug-bounty-recon-scanner",
                "--header",
                "Authorization: Bearer <YOUR_API_TOKEN>"
            ]
        }
    }
}

```

## OpenAPI specification

```json
{
    "openapi": "3.0.1",
    "info": {
        "title": "Bug Bounty Recon Scanner",
        "description": "Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.",
        "version": "0.1",
        "x-build-id": "YK3OMnlRLKIY9A3fZ"
    },
    "servers": [
        {
            "url": "https://api.apify.com/v2"
        }
    ],
    "paths": {
        "/acts/p4ck37pun5~bug-bounty-recon-scanner/run-sync-get-dataset-items": {
            "post": {
                "operationId": "run-sync-get-dataset-items-p4ck37pun5-bug-bounty-recon-scanner",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK"
                    }
                }
            }
        },
        "/acts/p4ck37pun5~bug-bounty-recon-scanner/runs": {
            "post": {
                "operationId": "runs-sync-p4ck37pun5-bug-bounty-recon-scanner",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor and returns information about the initiated run in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/runsResponseSchema"
                                }
                            }
                        }
                    }
                }
            }
        },
        "/acts/p4ck37pun5~bug-bounty-recon-scanner/run-sync": {
            "post": {
                "operationId": "run-sync-p4ck37pun5-bug-bounty-recon-scanner",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK"
                    }
                }
            }
        }
    },
    "components": {
        "schemas": {
            "inputSchema": {
                "type": "object",
                "required": [
                    "startUrls"
                ],
                "properties": {
                    "startUrls": {
                        "title": "Start URLs / domains",
                        "type": "array",
                        "description": "List of starting URLs or domains to scan for vulnerabilities.",
                        "items": {
                            "type": "object",
                            "properties": {
                                "url": {
                                    "title": "URL",
                                    "type": "string",
                                    "description": "Target URL or domain to scan"
                                }
                            },
                            "required": [
                                "url"
                            ],
                            "additionalProperties": false
                        }
                    },
                    "adminPaths": {
                        "title": "Admin / sensitive paths",
                        "type": "array",
                        "description": "Select common admin/sensitive paths to probe (multi-select).",
                        "items": {
                            "type": "string",
                            "enumSuggestedValues": [
                                "/admin",
                                "/admin/login",
                                "/administrator",
                                "/wp-admin",
                                "/wp-login.php",
                                "/login",
                                "/signin",
                                "/auth",
                                "/dashboard",
                                "/panel",
                                "/cpanel",
                                "/controlpanel",
                                "/manage",
                                "/backend",
                                "/.env",
                                "/config",
                                "/config.json",
                                "/backup",
                                "/backup.sql",
                                "/robots.txt",
                                "/sitemap.xml",
                                "/.git/HEAD",
                                "/db.sql"
                            ]
                        },
                        "default": [
                            "/admin",
                            "/admin/login",
                            "/wp-admin",
                            "/login"
                        ]
                    },
                    "maxDepth": {
                        "title": "Max crawl depth",
                        "minimum": 0,
                        "maximum": 5,
                        "type": "integer",
                        "description": "Maximum link levels to follow from start URLs.",
                        "default": 2
                    },
                    "maxRequests": {
                        "title": "Max requests",
                        "minimum": 1,
                        "maximum": 10000,
                        "type": "integer",
                        "description": "Total HTTP requests limit per run.",
                        "default": 500
                    },
                    "checkXSS": {
                        "title": "Enable XSS check",
                        "type": "boolean",
                        "description": "Test basic XSS reflection on forms (non-intrusive).",
                        "default": true
                    },
                    "proxyConfiguration": {
                        "title": "Proxy settings",
                        "type": "object",
                        "description": "Proxy configuration for WAF bypass and geo-targeting."
                    }
                }
            },
            "runsResponseSchema": {
                "type": "object",
                "properties": {
                    "data": {
                        "type": "object",
                        "properties": {
                            "id": {
                                "type": "string"
                            },
                            "actId": {
                                "type": "string"
                            },
                            "userId": {
                                "type": "string"
                            },
                            "startedAt": {
                                "type": "string",
                                "format": "date-time",
                                "example": "2025-01-08T00:00:00.000Z"
                            },
                            "finishedAt": {
                                "type": "string",
                                "format": "date-time",
                                "example": "2025-01-08T00:00:00.000Z"
                            },
                            "status": {
                                "type": "string",
                                "example": "READY"
                            },
                            "meta": {
                                "type": "object",
                                "properties": {
                                    "origin": {
                                        "type": "string",
                                        "example": "API"
                                    },
                                    "userAgent": {
                                        "type": "string"
                                    }
                                }
                            },
                            "stats": {
                                "type": "object",
                                "properties": {
                                    "inputBodyLen": {
                                        "type": "integer",
                                        "example": 2000
                                    },
                                    "rebootCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "restartCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "resurrectCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "computeUnits": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            },
                            "options": {
                                "type": "object",
                                "properties": {
                                    "build": {
                                        "type": "string",
                                        "example": "latest"
                                    },
                                    "timeoutSecs": {
                                        "type": "integer",
                                        "example": 300
                                    },
                                    "memoryMbytes": {
                                        "type": "integer",
                                        "example": 1024
                                    },
                                    "diskMbytes": {
                                        "type": "integer",
                                        "example": 2048
                                    }
                                }
                            },
                            "buildId": {
                                "type": "string"
                            },
                            "defaultKeyValueStoreId": {
                                "type": "string"
                            },
                            "defaultDatasetId": {
                                "type": "string"
                            },
                            "defaultRequestQueueId": {
                                "type": "string"
                            },
                            "buildNumber": {
                                "type": "string",
                                "example": "1.0.0"
                            },
                            "containerUrl": {
                                "type": "string"
                            },
                            "usage": {
                                "type": "object",
                                "properties": {
                                    "ACTOR_COMPUTE_UNITS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_WRITES": {
                                        "type": "integer",
                                        "example": 1
                                    },
                                    "KEY_VALUE_STORE_LISTS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_INTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_EXTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_RESIDENTIAL_TRANSFER_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_SERPS": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            },
                            "usageTotalUsd": {
                                "type": "number",
                                "example": 0.00005
                            },
                            "usageUsd": {
                                "type": "object",
                                "properties": {
                                    "ACTOR_COMPUTE_UNITS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_WRITES": {
                                        "type": "number",
                                        "example": 0.00005
                                    },
                                    "KEY_VALUE_STORE_LISTS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_INTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_EXTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_RESIDENTIAL_TRANSFER_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_SERPS": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
```
