Projects in Awesome Lists tagged with bug-bounty

https://github.com/maurosoria/dirsearch

Web path scanner

appsec brute bug-bounty bugbounty dirsearch enumeration fuzzer fuzzing hacking hacking-tool infosec penetration-testing pentest-tool pentesting python red-teaming redteam scanner security wordlist

Last synced: 16 Dec 2024

https://github.com/nahamsec/resources-for-beginner-bug-bounty-hunters

A list of resources for those interested in getting started in bug bounties

bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss

Last synced: 03 Dec 2024

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss

Last synced: 31 Oct 2024

https://github.com/yogeshojha/rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

bug-bounty bugbounty hacking information-gathering infosec osint penetration-testing pentesting recon recon-engine reconnaissance rengine scanner scanner-web scanning security-tools

Last synced: 18 Dec 2024

https://github.com/LasCC/HackTools

The all-in-one browser extension for offensive security professionals 🛠

bug-bounty cheatsheet chrome-extension firefox-addon hack hack-tools hackbar hacking hackingtools hacktools metasploit msfvenom payloads purpleteam redteam reverse-shell web-pentesters xss-payloads

Last synced: 01 Nov 2024

https://github.com/six2dez/reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty dns fuzzing hacking nuclei osint penetration-testing pentest pentest-tool pentesting recon reconnaissance scanner security security-tools subdomain vulnerabilities

Last synced: 18 Dec 2024

https://github.com/LasCC/Hack-Tools

The all-in-one browser extension for offensive security professionals 🛠

bug-bounty cheatsheet chrome-extension firefox-addon hack hack-tools hackbar hacking hackingtools hacktools metasploit msfvenom payloads purpleteam redteam reverse-shell web-pentesters xss-payloads

Last synced: 04 Sep 2024

https://github.com/lascc/hacktools

The all-in-one browser extension for offensive security professionals 🛠

bug-bounty cheatsheet chrome-extension firefox-addon hack hack-tools hackbar hacking hackingtools hacktools metasploit msfvenom payloads purpleteam redteam reverse-shell web-pentesters xss-payloads

Last synced: 15 Oct 2024

https://github.com/j3ssie/osmedeus

A Workflow Engine for Offensive Security

attack-surface attack-surface-management bug-bounty bugbounty go golang hacking hacking-tool information-gathering osint penetration-testing pentest-tool pentesting reconnaissance scanning security security-tools

Last synced: 17 Dec 2024

https://github.com/j3ssie/Osmedeus

A Workflow Engine for Offensive Security

attack-surface attack-surface-management bug-bounty bugbounty go golang hacking hacking-tool information-gathering osint penetration-testing pentest-tool pentesting reconnaissance scanning security security-tools

Last synced: 24 Oct 2024

https://github.com/pry0cc/axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

axiom bug-bounty dnsgen dnsx ffuf gau gowitness hacking-vps httprobe httpx masscan massdns meg nmap nuclei shuffledns subfinder tmux

Last synced: 17 Dec 2024

https://github.com/skerkour/black-hat-rust

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

audit beacon bug-bounty bug-hunting c2 hacking infosec offensive-security pentest pentesting phishing red-team rust scanner security security-tools shellcodes trojan virus wasm

Last synced: 17 Dec 2024

https://github.com/zan8in/afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.

afrog bug-bounty penetration-testing pentest poc red-teaming vulnerability-scanner vulnerability-scanning-tools

Last synced: 17 Dec 2024

https://github.com/inonshk/31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

api-pentest api-security bug-bounty bugbounty bugbountytips infosec pentest security

Last synced: 26 Oct 2024

https://github.com/kpcyrd/sn0int

Semi-automatic OSINT framework and package manager

bug-bounty certificate-transparency intelligence investigation location lua osint osint-framework pentesting recon reconnaissance rust security security-audit security-scanner

Last synced: 17 Dec 2024

https://github.com/tom0li/collection-document

Collection of quality safety articles. Awesome articles.

awesome bounty-hunters bug-bounty cloud dns fuzz github hacker hacking java list pentest redteam research sec security src waf web xss

Last synced: 26 Sep 2024

https://github.com/haccer/subjack

Subdomain Takeover tool written in Go

bug-bounty bugbounty go golang hostile infosec pentesting security subdomain subdomain-takeover takeover

Last synced: 26 Sep 2024

https://github.com/nsonaniya2010/subdomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

bug-bounty bugbounty cloud-storage-services external-javascripts find-secrets find-subdomains madeinindia python3 s3-bucket s3-buckets secretfinder secrets security security-automation security-tools subdomain-enumeration subdomain-scanner

Last synced: 21 Dec 2024

https://github.com/nsonaniya2010/SubDomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

bug-bounty bugbounty cloud-storage-services external-javascripts find-secrets find-subdomains madeinindia python3 s3-bucket s3-buckets secretfinder secrets security security-automation security-tools subdomain-enumeration subdomain-scanner

Last synced: 28 Oct 2024

https://github.com/wagiro/burpbounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

bug-bounty bugbounty burp-extensions burpsuite vulnerability-detection vulnerability-scanner

Last synced: 03 Nov 2024

https://github.com/wagiro/BurpBounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

bug-bounty bugbounty burp-extensions burpsuite vulnerability-detection vulnerability-scanner

Last synced: 01 Nov 2024

https://github.com/0xhjk/dumpall

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

bug-bounty dumpall githack hacking pentesting python3 scanner security spider svn tools

Last synced: 20 Dec 2024

https://github.com/0xHJK/dumpall

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

bug-bounty dumpall githack hacking pentesting python3 scanner security spider svn tools

Last synced: 03 Nov 2024

https://github.com/cyber-guy1/api-securityempire

API Security Project aims to present unique attack & defense methods in API Security field

api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips

Last synced: 05 Dec 2024

https://github.com/Cyber-Guy1/API-SecurityEmpire

API Security Project aims to present unique attack & defense methods in API Security field

api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips

Last synced: 28 Nov 2024

https://github.com/xalgord/massive-web-application-penetration-testing-bug-bounty-notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

bug-bounty bugbounty bugbountytips collection ethical-hacking hacking owasp owasp-top-10 resources xalgord

Last synced: 29 Nov 2024

https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

bug-bounty bugbounty bugbountytips collection ethical-hacking hacking owasp owasp-top-10 resources xalgord

Last synced: 21 Nov 2024

https://github.com/j3ssie/metabigor

OSINT tools and more but without API key

asn bug-bounty bugbounty bugbounty-tools bugbountytips infosec ip-osint ip-range osint pentesting recon reconnaissance security security-tools subdomain subdomains

Last synced: 21 Dec 2024

https://github.com/trickest/inventory

Asset inventory of over 800 public bug bounty programs.

bug-bounty bugbounty bugbountytips fuzzing hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance red-team security security-tools software-security threat-intelligence

Last synced: 19 Dec 2024

https://github.com/0xpugal/one-liners

A collection of one-liners for bug bounty hunting.

bug-bounty bugbounty enumeration onliner-scripts subdomain-enumeration

Last synced: 05 Dec 2024

https://github.com/0xPugal/One-Liners

A collection of one-liners for bug bounty hunting.

bug-bounty bugbounty enumeration onliner-scripts subdomain-enumeration

Last synced: 05 Nov 2024

https://github.com/uniswap/v3-periphery

🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3

automated-market-maker bug-bounty ethereum periphery smart-contracts uniswap

Last synced: 18 Dec 2024

https://github.com/Uniswap/v3-periphery

🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3

automated-market-maker bug-bounty ethereum periphery smart-contracts uniswap

Last synced: 08 Nov 2024

https://github.com/payloadbox/xxe-injection-payload-list

🎯 XML External Entity (XXE) Injection Payload List

bug-bounty bugbounty cyber-security cybersecurity hacking information-security infosec payload payloads web-application-security websecurity websecurity-reference xml xml-entity xxe xxe-example xxe-injection xxe-payload xxe-payload-list xxe-payloads

Last synced: 04 Dec 2024

https://github.com/nikitastupin/clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

bug-bounty graphql penetration-testing security

Last synced: 19 Dec 2024

https://github.com/h4r5h1t/webcopilot

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

bug-bounty bugbounty enumeration recon reconnaissance

Last synced: 19 Dec 2024

https://github.com/yassineaboukir/sublert

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

bug-bounty certificate-transparency certificate-transparency-logs hacking information-gathering monitoring-tool penetration-testing pentest python reconnaissance security sublert

Last synced: 03 Nov 2024

https://github.com/disclose/diodb

Open-source vulnerability disclosure and bug bounty program database

bug-bounty bug-bounty-hunters data disclosure-policy hackers legal responsible-disclosure safe-harbor-framework safety security-research simplicity vulnerability-disclosure

Last synced: 03 Nov 2024

https://github.com/ice3man543/subover

A Powerful Subdomain Takeover Tool

bug-bounty bugbounty hostile hostile-subdomain-takeover pentesting subdomain subdomain-takeover subdomains takeover takeover-subdomain

Last synced: 21 Dec 2024

https://github.com/Ice3man543/SubOver

A Powerful Subdomain Takeover Tool

bug-bounty bugbounty hostile hostile-subdomain-takeover pentesting subdomain subdomain-takeover subdomains takeover takeover-subdomain

Last synced: 28 Oct 2024

https://github.com/ehrishirajsharma/swiftnessx

A cross-platform note-taking & target-tracking app for penetration testers.

bug-bounty checklist electronjs penetration-testing security-tools

Last synced: 17 Dec 2024

https://github.com/ehrishirajsharma/SwiftnessX

A cross-platform note-taking & target-tracking app for penetration testers.

bug-bounty checklist electronjs penetration-testing security-tools

Last synced: 11 Nov 2024

https://github.com/alexbieber/Bug_Bounty_writeups

BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔

alexbieber bug bug-bounty bug-bounty-hunters bug-bounty-hunting bug-bounty-poc bug-bounty-recon bug-poc bugbounty bugcrowd facebook google hackerone integriti

Last synced: 21 Nov 2024

https://github.com/drew-alleman/datasurgeon

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

bug-bounty ctf-tools cybersecurity email file-search hacking incident-response infosec ip-address osint pentesting recon reconnaissance regex rust rust-lang search search-tools security-tools windows

Last synced: 20 Dec 2024

https://github.com/bl4de/security-tools

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

bug-bounties bug-bounty bugbounty ctf ctf-tools hacking infosec itsecurity pentesting python scanner security-testing security-tools static-analysis webappsec

Last synced: 03 Nov 2024

https://github.com/Drew-Alleman/DataSurgeon

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

bug-bounty ctf-tools cybersecurity email file-search hacking incident-response infosec ip-address osint pentesting recon reconnaissance regex rust rust-lang search search-tools security-tools windows

Last synced: 24 Nov 2024

https://github.com/aaaguirrep/offensive-docker

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

bug-bounty bugbounty ctf-tools hacking hacking-tools htb pentest pentesting pentesting-tools

Last synced: 26 Oct 2024

https://github.com/utkusen/socialhunter

crawls the website and finds broken social media links that can be hijacked

bug-bounty bugbounty osint redteam redteaming

Last synced: 21 Dec 2024

https://github.com/r3curs1v3-pr0xy/vajra

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

bug-bounty hacking information-gathering osint pentest-tool pentesting recon scanner vajra web-hacking

Last synced: 05 Nov 2024

https://github.com/iamthefrogy/frogy

My subdomain enumeration script. It's unique in the way it is built upon.

bug-bounty bugbounty infosec osint reconnaissance

Last synced: 07 Nov 2024

https://github.com/B3nac/InjuredAndroid

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

android android-security android-studio apk bug-bounty ctf flutter flutter-security flutter-xss kotlin kotlin-android pentesting security-testing vulnerabilities webview

Last synced: 06 Nov 2024

https://github.com/lord-alfred/ipranges

🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.

amazon-aws azure bing bingbot bug-bounty bugbounty cidr cidr-ranges digitalocean facebook google-cloud googlebot ip-ranges iplist microsoft network-security oracle osint pentesting twitter

Last synced: 07 Nov 2024

https://github.com/ivan-sincek/penetration-testing-cheat-sheet

Work in progress...

bug-bounty ethical-hacking offensive-security penetration-testing red-team-engagement security web web-penetration-testing

Last synced: 16 Oct 2024

https://github.com/eslam3kl/SQLiDetector

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

bug-bounty bugbounty infosec penetration-testing pentesting sqlinjection

Last synced: 16 Nov 2024

https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups

Collection of Facebook Bug Bounty Writeups

bug-bounty bugbounty bugbounty-writeups facebook-security

Last synced: 21 Nov 2024

https://github.com/nyancrimew/goop

Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.

bug-bounty git infosec offensive-security

Last synced: 21 Nov 2024

https://github.com/0xApt/awesome-bbht

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

bug-bounty bug-hunting bugbounty enumerate-subdomains exploitation hacking hacking-tool hacking-tools penetration-testing recon reconnaissance security-tools

Last synced: 25 Oct 2024

https://github.com/phra/rustbuster

A Comprehensive Web Fuzzer and Content Discovery Tool

bug-bounty hacktoberfest pentesting reconnaissance security security-tools

Last synced: 21 Dec 2024

https://github.com/hueristiq/xurlfind3r

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

bug-bounty bug-bounty-tools contentdiscovery ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 21 Dec 2024

https://github.com/trickest/resolvers

The most exhaustive list of reliable DNS resolvers.

brute-force bug-bounty cybersecurity dns infosec network pentesting red-team resolver resolvers security security-tool

Last synced: 06 Nov 2024

https://github.com/Li4n0/revsuit

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

bug-bounty dnslog oob out-of-band pentest-tool rce reverse-connection ssrf xxe

Last synced: 21 Nov 2024

https://github.com/payloadbox/rfi-lfi-payload-list

🎯 RFI/LFI Payload List

application-security appsec bug-bounty bugbounty lfi lfi-exploitation lfi-vulnerability payload payload-list payloads rfi rfi-exploiton rfi-vulnerabillity security security-research security-researcher security-researchers web-application-security web-hacking websecurity

Last synced: 15 Nov 2024

https://github.com/kleiton0x00/ppmap

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

bug-bounty bugbounty bugbounty-tool cybersecurity infosec prototype-pollution xss xss-detection xss-exploitation xss-vulnerability

Last synced: 15 Dec 2024

https://github.com/M4DM0e/DirDar

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

bug-bounty bugcrowd bypass dir-listing forbiddens golang hackerone hacking pentest

Last synced: 16 Nov 2024

https://github.com/ivan-sincek/wifi-penetration-testing-cheat-sheet

Work in progress...

aircrack-ng bug-bounty ethical-hacking evil-twin offensive-security penetration-testing red-team-engagement security wifi wifi-penetration-testing wifi-pineapple

Last synced: 06 Dec 2024

https://github.com/pablosnt/rekono

Pentesting automation platform that combines hacking tools to complete assessments

bug-bounty bug-hunter easm external-attack-surface-management hacking hacking-collaboration-platform hacking-copilot infosec pentesting pentesting-automation read-team recon security security-assessments vulnerability-management vulnerability-scanners

Last synced: 28 Nov 2024

https://github.com/Josue87/gotator

Gotator is a tool to generate DNS wordlists through permutations.

bug-bounty bugbounty reconnaissance security-tools subdomain

Last synced: 16 Nov 2024

https://github.com/aydinnyunus/exiflooter

ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap

bug-bounty bugbounty cyber-security exif exif-metadata exiftool golang hack hacking image metadata metadata-extraction osint redteam security

Last synced: 17 Dec 2024

https://github.com/pwnwriter/hysp

📦 An independent package manager that every hacker deserves.

bug-bounty bug-bounty-recon hactoberfest linux package-manager privelage-escalation pwnwriter

Last synced: 05 Nov 2024

https://github.com/aydinnyunus/exifLooter

ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap

bug-bounty bugbounty cyber-security exif exif-metadata exiftool golang hack hacking image metadata metadata-extraction osint redteam security

Last synced: 05 Nov 2024

https://github.com/reconmap/reconmap

Vulnerability assessment and penetration testing automation and reporting platform for teams.

bounty-hunting bug-bounty collaboration-platform devsecops hacking hacktoberfest infosec penetration-testing pentesting security security-automation vulnerability vulnerability-management

Last synced: 15 Dec 2024

https://github.com/anlominus/bug-bounty

bug-bounty bug-bounty-hunting bug-bounty-recon bug-bounty-tools bugbounty hacking infosec penetration-testing

Last synced: 16 Dec 2024

https://github.com/Anlominus/Bug-Bounty

bug-bounty bug-bounty-hunting bug-bounty-recon bug-bounty-tools bugbounty hacking infosec penetration-testing

Last synced: 28 Nov 2024

https://github.com/ivan-sincek/android-penetration-testing-cheat-sheet

Work in progress...

android android-penetration-testing bug-bounty ethical-hacking frida magisk mobile-penetration-testing mobsf objection offensive-security penetration-testing red-team-engagement security

Last synced: 29 Oct 2024

https://github.com/edoardottt/lit-bb-hack-tools

Little Bug Bounty & Hacking Tools⚔️

bug-bounty bug-bounty-recon bugbounty cli cli-tool ctf-tool ctf-tools hacking hacking-tool hacking-tools hacktoberfest infosec infosectools penetration-testing-tools security-tools tools

Last synced: 01 Nov 2024

https://github.com/intigriti/misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

bug-bounty bugbounty cybersecurity hacking hacking-tool misconfig misfconfiguration services

Last synced: 23 Oct 2024

https://github.com/disclose/resources

Tools, data, and contact lists relevant to The disclose.io Project.

bug-bounty bugbounty certs infosec security vulnerability-disclosure

Last synced: 21 Nov 2024

https://github.com/r3curs1v3-pr0xy/sub404

A python tool to check subdomain takeover vulnerability

bug-bounty bugbounty bugbounty-tool pentesting sub404 subdomain subdomain-takeover takeover-subdomain vulnerability-scanner

Last synced: 16 Nov 2024

https://github.com/d4rckh/vaf

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

bruteforce bug-bounty bugbounty burpsuite fuzzer fuzzing hacking hacking-tools nim penetration-testing pentest-tool recon security-tools vaf web xss

Last synced: 03 Nov 2024

https://github.com/ivan-sincek/powershell-reverse-tcp

PowerShell scripts for communicating with a remote host.

bind-shell bind-tcp bug-bounty defensive-security ethical-hacking networking offensive-security penetration-testing powershell red-team-engagement reverse-shell reverse-tcp security tcp

Last synced: 17 Dec 2024

https://github.com/martinzhou2015/SRCMS

SRCMS企业应急响应与缺陷管理系统

bug-bounty bug-tracking-system content-management content-management-system php

Last synced: 19 Nov 2024

https://github.com/martinzhou2015/srcms

SRCMS企业应急响应与缺陷管理系统

bug-bounty bug-tracking-system content-management content-management-system php

Last synced: 03 Nov 2024

https://github.com/edoardottt/missing-cve-nuclei-templates

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

automation bug-bounty bug-hunting bugbounty bugbounty-tool bugbountytips cve cve-scanning hacking nuclei nuclei-engine nuclei-templates penetration-testing pentesting projectdiscovery security security-tools vulnerability-detection vulnerability-scanners