The
for Penetration Testing
The perfect helper for bug bounty hunters, security teams, and penetration testers to accelerate their work.
Press Enter to start
BugBunny gets to work immediately after you provide an authorized target
Agentic Security Composition
Automated Reconnaissance
Multiple agents work together to perform comprehensive reconnaissance, discovering attack surfaces and potential vulnerabilities automatically.
Intelligent Testing
Advanced testing algorithms that adapt to different targets, whether black-box web applications or white-box source code analysis.
PoC Validation
Automatically validates discovered vulnerabilities with proof-of-concept exploits, providing actionable reports with verified security issues.
Interactive Security Testing
Experience the future of penetration testing with our AI-powered security analysis platform. Real-time vulnerability discovery and exploitation guidance.
Automated testing coverage: OWASP Top 10 | Custom payloads: 1000+ | Real-time analysis: 24/7
Comprehensive security testing for authorized targets only
Real Vulnerabilities Discovered
BugBunny.ai has identified critical security vulnerabilities in production systems, resulting in official CVE assignments and responsible disclosures.
BugBunny found vulnerabilities in flagship products from these companies
CVE-2025-58434
Account Takeover (Local & Cloud) - Token Leak
BugBunny.ai discovered a critical vulnerability in flowise.ai that allows complete account takeover through token leakage affecting both local and cloud deployments. This vulnerability enables unauthorized access to user accounts and sensitive data through exposed authentication tokens.
CVE-2025-59057
Stored XSS Vulnerability in React Router
React Router, a widely used routing library in the React ecosystem, is affected by a stored cross-site scripting (XSS) issue under specific input handling conditions. This may allow persistent script execution impacting application users.
CVE-2025-61686
Path Traversal in React Router File Session Storage
BugBunny.ai uncovered a path traversal issue in React Router's file session storage adapter. Crafted session IDs could escape the intended directory and overwrite arbitrary files on the host, impacting any deployment persisting sessions to disk. The maintainers shipped a fix and coordinated disclosure via GitHub Security Advisories.
Latest Discovery: CVE-2025-61686 โ Path Traversal in React Router File Session Storage
All vulnerabilities are discovered through automated AI-powered security testing and reported through responsible disclosure
How It Works
Provide Target URL
Submit a website URL you're authorized to test, or point to an open-source repository for local analysis.
Agents Get to Work
Multiple specialized agents perform reconnaissance, vulnerability scanning, and security testing simultaneously.
Interactive Results
Engage in chat-like interactions while receiving real-time reports and validated proof-of-concept exploits.
Ready to Accelerate Your Security Testing?
Join security professionals who trust BugBunny.ai to enhance their penetration testing workflow.