Share
## https://sploitus.com/exploit?id=C2137002-EAF6-5C01-ADE6-15FDFD8FD284
# Ja4Scanner โ Bug Bounty Hunter's Toolkit
A Python CLI tool for security researchers to calculate CVSS v3.1 scores, generate professional bug bounty reports, and get PoC payload suggestions.
---
## Features
| Feature | Description |
|---------|-------------|
| **CVSS v3.1 Calculator** | Interactive metric prompts โ precise base score + severity |
| **Report Generator** | Fills a professional Markdown report with auto-embedded CVSS & PoC |
| **PoC Suggester** | Common payloads + reproduction steps for 10 vuln types |
| **All-in-One Mode** | CVSS โ Report in one flow, score auto-filled |
| **Color-coded output** | Severity displayed with rich terminal colors |
### Supported Vulnerability Types
XSS ยท SQLi ยท IDOR ยท RCE ยท SSRF ยท LFI ยท Open Redirect ยท XXE ยท CSRF ยท Auth Bypass
---
## Installation (Linux) โ Recommended
```bash
git clone https://github.com/Ja4-4/Ja4Scanner.git
cd Ja4Scanner
chmod +x install.sh
sudo ./install.sh
```
Then run from anywhere:
```bash
ja4scanner
```
The installer will:
- Verify Python 3.8+ is present
- Install `colorama` and `rich` via pip automatically
- Copy the tool to `/opt/ja4scanner/`
- Create a global `/usr/local/bin/ja4scanner` launcher
> **Distro notes:**
> - Debian/Ubuntu: `sudo apt install python3 python3-pip` if not present
> - Fedora/RHEL: `sudo dnf install python3 python3-pip`
> - Arch: `sudo pacman -S python python-pip`
---
## Installation (Manual / Windows)
```bash
cd Ja4Scanner
pip install -r requirements.txt
```
---
## Usage
```bash
# After Linux install:
ja4scanner
# Manual / Windows:
python main.py
```
### Menu Options
```
[1] CVSS v3.1 Calculator โ compute base score interactively
[2] Bug Bounty Report Generator โ produce a Markdown report
[3] PoC Suggester โ payloads & steps for a vuln type
[4] All-in-One โ CVSS score โ report in one flow
[5] Severity Reference Chart โ score ranges and action guidance
[Q] Quit
```
---
## Example Workflow
### Option 1 โ CVSS Calculator only
```
Select an option: 1
CVSS v3.1 Base Score Calculator
Attack Vector (AV)
[1] Network (N)
[2] Adjacent (A)
[3] Local (L)
[4] Physical (P)
> 1
...
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score : 10.0 [Critical]
```
### Option 4 โ All-in-One
```
Select an option: 4
Step 1: Calculate CVSS Score
...
CVSS Score locked in: 8.8 (High)
Step 2: Generate Report
Vulnerability Title: Reflected XSS in Search Parameter
Affected URL: https://target.com/search?q=test
...
Report saved: report_2026-03-25.md
```
---
## Output โ Sample Report Structure
```markdown
# Bug Bounty Report: Reflected XSS in Search Parameter

| Field | Value |
|----------------|-------------------------------|
| CVSS Score | 8.8 / 10.0 (High) |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/... |
...
## Steps to Reproduce
## Proof of Concept (PoC)
## Remediation
## References
```
---
## File Structure
```
Ja4Scanner/
โโโ main.py # Entry point & menu
โโโ cvss_calculator.py # CVSS v3.1 engine
โโโ report_generator.py # Markdown report builder
โโโ poc_suggester.py # PoC payloads database
โโโ install.sh # Linux one-command installer
โโโ requirements.txt
โโโ README.md
```
---
## Disclaimer
This tool is intended for **authorized security testing and bug bounty programs only**. Always have explicit written permission before testing any system you do not own.