Here is a list of tools and services that you can use during your Bug Bounty for Out-of-Band Exploitation.
| Tools / Services | Description | |
| Burp Collaborator [ Pro Only] | Burp Collaborator to induce your target application to interact with the external Collaborator server, and then identify that the interaction has occurred. | @PortSwigger |
| https://app.interactsh.com/ | An OOB interaction gathering server and client library | @pdiscoveryio |
| https://webhook.site | You instantly get a unique, random URL and e-mail address. Everything that’s sent to these addresses are shown instantly. | @webhooksite |
| https://requestcatcher.com | Request Catcher will create a subdomain on which you can test an application. All requests sent to any path on the subdomain are forwarded to your browser in real time. | requestcatcher.com |
| https://canarytokens.org/generate | Canarytokens helps track activity and actions on your network. | @thinkst |
| http://dnsbin.zhack.ca | The request.bin of DNS request | https://blog.ettic.ca/about |
| https://ngrok.com | ngrok is a secure unified ingress platform that combines your reverse proxy, firewall, API gateway and global load balancing into a production service. | @ngrokHQ |
| http://serveo.net | Expose local servers to the internet | @trevordixon |
| https://public.requestbin.com/r/ | A modern request bin to inspect any event | @RequestBin |
| http://beeceptor.com | Create a mock server and start building… | @beeceptor |
| https://www.toptal.com/developers/postbin/ | Use PostBin to collect all requests to a special URL which you can use to test your API Clients or your WebHooks. Inspect your bin visually on this website, or use our API to programmatically test your libraries, clients, projects, SaaS or websites. | @toptal |
| https://github.com/sudosammy/knary | A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support | @sudosammy |