v1.2.0 beta · Linux

NexHunt Bug Bounty, Automated.

The complete attack toolkit for bug bounty hunters. Recon to exploitation, chained and automated on your Linux machine.

Download Free Get PRO
$ curl -fsSL https://github.com/sentinelsec-org/nexhunt/releases/download/v1.2.0/nexhunt-1.2.0.tar.gz | tar xz && sudo bash install.sh
meridian-corp.io
RECON SCAN EXPLOIT
0
Subdomains
0
Endpoints
0
Live hosts
0
Findings
subfinder amass httpx katana nuclei ffuf sqlmap dalfox
subfinder amass httpx nmap nuclei ffuf nikto gobuster dirsearch sqlmap dalfox xsstrike katana gau waybackurls commix interactsh gowitness paramspider arjun trufflehog hydra subfinder amass httpx nmap nuclei ffuf nikto gobuster dirsearch sqlmap dalfox xsstrike katana gau waybackurls commix interactsh gowitness paramspider arjun trufflehog hydra

See it in action

Real sessions. Real targets. Full automation.

NexHunt - Reconnaissance
NexHunt recon pipeline showing subfinder, amass, and httpx running in parallel, 13 subdomains discovered, 282 endpoints found
Full Recon Pipeline. subfinder and amass ran in parallel on mcdonalds.com.ar, httpx probed every host automatically, katana crawled live targets, gowitness screenshotted them all.

Recon to report, without switching tools

Five phases. Each one feeds the next. All running locally on your machine.

Reconnaissance

Subdomain enumeration, live host probing, port scanning, web crawling, URL history, and parameter discovery. All parallel, all automatic.

subfinder amass httpx nmap katana gau arjun

Vulnerability Scanning

8,000+ Nuclei templates, CVE correlation by detected tech stack, directory brute-force with smart wordlist selection, web server audits.

nuclei ffuf nikto gobuster dirsearch

Exploitation

SQLi, XSS, command injection, SSRF, JWT attacks. Validate findings and prove impact before writing the report.

sqlmap dalfox xsstrike commix interactsh 10 JWT attacks

Proxy and Reporting

Capture and replay live traffic, use the Burp-style site map, fuzz with Intruder (PRO), and generate a full vulnerability report with the AI Copilot (PRO).

proxy repeater site map Intruder PRO AI Report PRO
NexHunt PRO

Go further with PRO

Unlock automation, AI assistance, and advanced attack modules that would take hours to configure manually.

AI Copilot

Paste any hostname and get a full attack surface breakdown. Feed in your findings and get a professional vulnerability report, ready to submit.

Automated Pipelines

Full XSS chain, SQLi chain, and complete recon pipelines triggered in one click. Each tool's output feeds directly into the next.

Bulk Operations

Run Nuclei, CORS scans, subdomain takeover checks, and screenshots across every discovered host in your project at once.

Advanced Attack Suite

10 JWT attack techniques, Proxy Intruder with cluster bomb and pitchfork modes, brute force module with custom wordlists.

Two tiers. No tricks.

The free tier is genuinely useful. No time limits, no feature degradation, no nag screens.

Free
$0
Forever. No card required.
  • Full recon suite (subfinder, amass, httpx, nmap, katana, gau, arjun)
  • Single-target scanning: nuclei, ffuf, nikto, gobuster, dirsearch
  • Proxy capture, repeater, site map
  • Single-target exploitation: sqlmap, dalfox, xsstrike, commix
  • Findings database, projects, methodology guide
  • Security tools: CORS, 403 bypass, cloud buckets, GitHub secret scanner
Download Free
PRO
Lifetime
One-time purchase. All future updates included.
  • Everything in Free, plus:
  • AI Copilot - attack surface analysis, report generation
  • Automated pipelines - full XSS, SQLi, and recon chains
  • Bulk scanning - nuclei, CORS, screenshots on all hosts
  • JWT attack suite - 10 techniques with step-by-step guidance
  • Proxy Intruder - cluster bomb, pitchfork, payload filtering
  • Priority support
Get PRO

Up and running in under 5 minutes

The installer sets up all 20+ tools, the Python backend, and the Electron app. No manual configuration.

~$ curl -fsSL https://github.com/sentinelsec-org/nexhunt/releases/download/v1.2.0/nexhunt-1.2.0.tar.gz | tar xz && sudo bash install.sh

Requires Linux (Kali, Debian, Ubuntu) • Python 3.10+ • ~2 GB disk • Internet for initial install • View on GitHub