sh00t: open platform for manual bug hunters


  • is a task manager that makes sure you “check that thing”.
  • provides checklists with which you will never regret forgetting to “test that thing”.
  • helps to easily handle custom bug templates that can be separated for your different needs.


  • Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for Security
  • Automated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for Security
  • Manage custom bug templates for different purposes and automatically generate the bug report
  • Support multiple Assessments & Projects to logically separate your different needs
  • Use like a paper – Everything’s saved automatically
  • Export auto-generated bug report into Markdown & submit blindly on HackerOne! (WIP)
  • Integration with JIRA, ServiceNow (WIP)
  • Export bug report into Markdown (WIP)
  • Customize everything under-the-hood


  • Flag: A Flag is a target that is sh00ted at. It’s a test case that needs to be tested. Flags are generated automatically based on the testing methodology chosen. The bug might or might not be found – but the goal is to aim and sh00t at it. Flag contains detailed steps for testing. If the bug is confirmed, then it’s called a sh0t.
  • Sh0t: Sh0ts are bugs. Typically Sh0t contain the technical description of the bug, Affected Files/URLs, Steps To Reproduce and Fix Recommendation. Most of the contents of Sh0t is one-click generated and only the dynamic content like Affected Parameters, Steps has to be changed. Sh0ts can belong to Assessment.
  • Assessment: Assessment is a testing assessment. It can be an assessment of an application, a program – up to the user the way wanted to manage. It’s a part of a project.
  • Project: Project contains assessments. A project can be a logical separation of what you do. It can be a different job, bug bounty, up to you to decide.

How does it work?

Begin with creating a new Assessment. Choose what methodology you want to test with. Today there are 330 test cases, grouped into 86 Flags, belonging to 13 Modules which are created with reference to “Web Application Hacker’s Handbook” Testing Methodology. Modules & Flags can be handpicked & customized. Once Assessments are created with the Flags, now the tester has to test them either manually, or semi-automated with the help of scanners, tools or however it’s required, mark it “Done” on completion. While performing assessment we often come with custom test cases that are specific to a certain scenario in the application. A new Flag can be created easily at any point in time.

Whenever a Flag is confirmed to be a valid bug, a Sh0t can be created. One can choose a bug template that matches best, and sh00t will auto-fill the bug report based on the template chosen.

flagnew-assessmentnew-sh0t-from-templateInstall && Use

Copyright (c) 2017 Pavan