The
for Penetration Testing
The perfect helper for bug bounty hunters, security teams, and penetration testers to accelerate their work.
Press Enter in the URL field to start
BugBunny gets to work immediately after you provide an authorized target
Agentic Security Composition
Automated Reconnaissance
Multiple agents work together to perform comprehensive reconnaissance, discovering attack surfaces and potential vulnerabilities automatically.
Intelligent Testing
Advanced testing algorithms that adapt to different targets, whether black-box web applications or white-box source code analysis.
PoC Validation
Automatically validates discovered vulnerabilities with proof-of-concept exploits, providing actionable reports with verified security issues.
Interactive Security Testing
Experience the future of penetration testing with our AI-powered security analysis platform. Real-time vulnerability discovery and exploitation guidance.
Automated testing coverage: OWASP Top 10 | Custom payloads: 1000+ | Real-time analysis: 24/7
Comprehensive security testing for authorized targets only
Real Vulnerabilities Discovered
BugBunny.ai has identified critical security vulnerabilities in production systems, resulting in official CVE assignments and responsible disclosures.
BugBunny found vulnerabilities in flagship products from these companies
CVE-2026-22807
vLLM auto_map RCE via Untrusted Dynamic Module Loading
BugBunny.ai discovered a critical remote code execution vulnerability in vLLM where Hugging Face auto_map dynamic modules are loaded during model resolution without gating on trust_remote_code. This allows arbitrary Python code execution when loading models from untrusted sources.
CVE-2026-21884
React Router SSR XSS in ScrollRestoration
BugBunny.ai discovered a cross-site scripting vulnerability in React Router's ScrollRestoration API during Server-Side Rendering. Unescaped JSON in inline scripts allows arbitrary JavaScript execution when user-controlled data is used in getKey or storageKey props.
CVE-2025-61622
Python RCE via Unguarded Pickle Fallback in pyfory/pyfury
BugBunny.ai identified a critical deserialization issue in Apache Fory's Python modules (pyfory/pyfury) where unsupported object types fall back to Python's unsafe pickle loader. Crafted data streams from untrusted sources force the pickle fallback, enabling arbitrary code execution across affected versions (0.1.0โ0.10.3 and 0.12.0โ0.12.2).
CVE-2025-58434
Account Takeover (Local & Cloud) - Token Leak
BugBunny.ai discovered a critical vulnerability in flowise.ai that allows complete account takeover through token leakage affecting both local and cloud deployments. This vulnerability enables unauthorized access to user accounts and sensitive data through exposed authentication tokens.
CVE-2025-59057
Stored XSS Vulnerability in React Router
React Router, a widely used routing library in the React ecosystem, is affected by a stored cross-site scripting (XSS) issue under specific input handling conditions. This may allow persistent script execution impacting application users.
CVE-2025-61686
Path Traversal in React Router File Session Storage
BugBunny.ai uncovered a path traversal issue in React Router's file session storage adapter. Crafted session IDs could escape the intended directory and overwrite arbitrary files on the host, impacting any deployment persisting sessions to disk. The maintainers shipped a fix and coordinated disclosure via GitHub Security Advisories.
Latest Discovery: CVE-2026-22807 โ vLLM auto_map RCE via Untrusted Dynamic Module Loading
All vulnerabilities are discovered through automated AI-powered security testing and reported through responsible disclosure
How It Works
Provide Target URL
Submit a website URL you're authorized to test, or point to an open-source repository for local analysis.
Agents Get to Work
Multiple specialized agents perform reconnaissance, vulnerability scanning, and security testing simultaneously.
Interactive Results
Engage in chat-like interactions while receiving real-time reports and validated proof-of-concept exploits.
Choose Your Plan
From basic scanning to deep vulnerability analysis. Higher tiers unlock more thorough scans and better detection rates.
Starter
Get started with security scanning
- 1 domain audit per month
- 2 credits for AI follow-ups
- Basic vulnerability scanning
- Surface-level reconnaissance
- Email notification on audit completion
- Email support
Skript Kiddie
For individual security researchers
- 3 domain audits per month
- 5 credits for AI follow-ups
- Deeper scans with higher bug detection
- Better pentesting techniques
- Detailed scan notes support
- Email notification on audit completion
- Shareable audit report link
- Email support
N00b
For growing security teams
- 10 domain audits per month
- 15 credits for AI follow-ups
- Advanced pentesting techniques
- Detailed scan notes support
- Connect GitHub repositories
- Email notification on audit completion
- Shareable audit report link
- Priority email support
- Chrome extension access
Elite
For professional security teams
- 50 domain audits per month
- 100 credits for AI follow-ups
- Maximum scan depth & coverage
- Highest chance of finding vulnerabilities
- Advanced pentesting techniques
- Detailed scan notes support
- Connect GitHub repositories
- Email notification on audit completion
- Shareable audit report link
- Priority email support
- Chrome extension access
- API access on request
- Dedicated account manager
Ready to Accelerate Your Security Testing?
Join security professionals who trust BugBunny.ai to enhance their penetration testing workflow.