Projects in Awesome Lists tagged with bugbounty
A curated list of projects in awesome lists tagged with bugbounty .
https://github.com/BLACK-SCORP10/Email-Vulnerability-Checker
Find Email Spoofing Vulnerablity of domains
automation bash big bug-bounty bug-checker bugbounty bugbounty-tool bulk checker dmarc infosys shell spf spf-record vulnerablity
Last synced: 06 Jan 2025
https://github.com/macmod/goblob
A fast enumeration tool for publicly exposed Azure Storage blobs.
azure-blob-storage azure-storage blob-storage brute-force bruteforce bug-bounty bugbounty enumeration go golang infosec pentest recon reconnaissance scanner security
Last synced: 22 Mar 2025
https://github.com/effortlessdevsec/ninjasworkout
Vulnerable NodeJS Web Application
bugbounty nodejs penetration-testing vulnerability-assessment
Last synced: 21 Nov 2024
https://github.com/gwen001/vhost-brute
A PHP tool to brute force vhost configured on a server.
bugbounty pentesting php security-tools subdomain vhost
Last synced: 09 May 2025
https://github.com/tarunkoyalwar/talosplus
Talosplus is a fast and robust template based Intelligent automation framework primarily developed for Bug Bounty Automation
automation automation-framework bash bashscripting bugbounty go golang infosec linux recon shell template-engine
Last synced: 17 Mar 2025
https://github.com/i5nipe/nipejs
Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
bug-bounty bugbounty bugbounty-tool infosec penetration-testing-tools pentesting
Last synced: 21 Nov 2024
https://github.com/InfoSecWarrior/Offensive-Pentesting-Scripts
Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work more efficient and effective.
automation bash-script bugbounty gotools nmap-scripts pentesting subdomain-enumeration subdomain-wordlist
Last synced: 11 Apr 2025
https://github.com/gwen001/dnspy
Find subdomains and takeovers.
bash bugbounty dns pentesting python security-tools shell subdomain-takeover subdomains
Last synced: 09 May 2025
https://github.com/udit-thakkur/AdvancedKeyHacks
API Key/Token Exploitation Made easy.
apikey bugbounty bugbounty-tool exploit hacking-tool infosec pentesters
Last synced: 21 Nov 2024
https://github.com/dub-flow/subsnipe
SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.
bugbounty ethical-hacking penetration-testing
Last synced: 09 Apr 2025
https://github.com/Sy3Omda/burp-bounty
Burp Bounty profiles
bugbounty burp-extensions burpbounty burpsuite scanner vulnerability-detection vulnerability-scanner
Last synced: 13 Mar 2025
https://github.com/anof-cyber/mobsecco
Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins
android apk bug-bounty bugbounty cordova cybersecurity mobile-security penetration-testing pentesting pentesting-tools python
Last synced: 12 Apr 2025
https://github.com/Nickguitar/YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
backdoor bugbounty ctf-tools cve-2021-4034 exploit hacking netcat netcat-reverse penetration-testing pentest pentest-script pentest-tool pentesting php rat reverse-shell reverse-tcp web-shell webhacking
Last synced: 21 Nov 2024
https://github.com/chopicalqui/KaliIntelligenceSuite
Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
bugbounty data-mining intelligence-gathering kali-linux kali-linux-tools osint penetration-testing penetration-testing-framework
Last synced: 21 Nov 2024
https://github.com/p0dalirius/cve-2021-43008-adminerread
Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
adminer bugbounty cve cve-2021-43008 exploit file hacking pentest read tool vulnerability
Last synced: 30 Dec 2024
https://github.com/m8sec/taser
Python resource library for creating security related tooling
bugbounty hacking pentesting python3 security
Last synced: 10 May 2025
https://github.com/a3h1nt/subcert
Subcert is a subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
bugbounty certificate-transparency infosec osint-tool pentesting-tools python3 subdomain-enumeration
Last synced: 22 Mar 2025
https://github.com/R0X4R/Pinaak
A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
bash-script bugbounty fastscanner find-vulnerabilities nuclei sqlinjection vulnerabilities vulnerability-scanners xss-vulnerability
Last synced: 21 Nov 2024
https://github.com/dwisiswant0/hinject
Host Header Injection Checker
bugbounty go golang penetration-testing
Last synced: 24 Mar 2025
https://github.com/m8r0wn/taser
Python resource library for creating security related tooling
bugbounty hacking pentesting python3 security
Last synced: 22 Feb 2025
https://github.com/az0mb13/frida_setup
One-click installer for Frida and Burp certs for SSL Pinning bypass
adb android bug-bounty bugbounty frida hacking-tools pentesting pentesting-tools reconnaissance
Last synced: 13 Apr 2025
https://github.com/l34r00t/mainRecon
mainRecon is an automated reconnaissance docker image for bugbounty hunter write in bash script.
automation bash-script bugbounty docker docker-image mainrecon subdomains telegram-bot telegram-webhook
Last synced: 10 Mar 2025
https://github.com/un4gi/dirtywords
A targeted word list generation tool
bugbounty content-discovery enumeration golang pentesting web
Last synced: 21 Nov 2024
https://github.com/enenumxela/subdomains.sh
A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.
amass asset-discovery bash-scripting bug-bounty bugbounty dns enumeration findomain hakrevdns passive-dns penetration-testing pentesting reconnaissance reverse-dns reverse-dns-lookup subdomain subdomains subdomains-enumeration subfinder xsubfind3r
Last synced: 10 Apr 2025
https://github.com/dotnetrussell/minerinthemiddle
This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads
bug-bounty bugbounty hacking hacking-tool info-sec information-security infosec infosectools injection miner monero penetration-testing penetration-testing-tools python red-team
Last synced: 09 Feb 2025
https://github.com/aufzayed/HydraRecon
All In One, Fast, Easy Recon Tool
bugbounty bugbounty-tool bugbountytips crawler hacking hacking-tools information-gathering open-source-intelligence osnit pentest pentest-tools pentesting python recon recon-tools
Last synced: 10 May 2025
https://github.com/blackhatethicalhacking/fetchmeurls
A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)
bugbounty bugbountytool recon reconnaissance
Last synced: 16 Mar 2025
https://github.com/Evil-Twins-X/SubEvil
SubEvil is an advanced open source intelligence framework (OSINT) for grouping subdomains.
bugbounty domain-enumeration enumeration-tool osint pentesting recon redteaming subdomain-enumeration subdomain-recon threatminer tls-bufferover urlscan-api virustotal-api virustotal-search whoisxmlapi
Last synced: 10 Mar 2025
https://github.com/BugHunterID/BugHunterID
Para pencari bug / celah kemanan bisa bergabung.
bounty bug bugbounty bughunterid hackerone indonesia security
Last synced: 10 Mar 2025
https://github.com/anof-cyber/pycript-websocket
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket
bugbounty burp-extensions burpsuite infosec penetration-testing pentesting websocket
Last synced: 10 Apr 2025
https://github.com/gwen001/bugbountytips
Webapp to search tips on Twitter through #bugbountytips
bugbounty bugbountytips hashtag pentesting php security twitter
Last synced: 09 May 2025
https://github.com/gnebbia/halive
A fast http and https prober, to check which URLs are alive
alive-hosts asynchronous asyncio bugbounty http https probe probe-requests prober reconnaissance requests
Last synced: 09 Apr 2025
https://github.com/tintinweb/bugbounty-companion
A BugBounty companion that checks out high-reward yielding bug bounty code-bases from Immunefi/code4rena 🙌 (use at own risk)
bugbounty code4rena immunefi smart-contracts
Last synced: 26 Apr 2025
https://github.com/hahwul/websocket-connection-smuggler
websocket-connection-smuggler
bugbounty hacking security testing-tools websocket websocket-connection-smuggling
Last synced: 06 May 2025
https://github.com/edoverflow/legal-bug-bounty
#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
bugbounty infosec legal security
Last synced: 24 Feb 2025
https://github.com/ethicalhackingplayground/dnsresolver
A Lightning-Fast DNS Resolver written in Rust 🦀
bugbounty dns http-prober resolver
Last synced: 09 Apr 2025
https://github.com/typeerror/bookmarks
Reclaim control of your Burp Suite Repeater tabs with this powerful extension
appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro
Last synced: 14 Apr 2025
https://github.com/p0dalirius/lfidump
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
bugbounty dump file inclusion local pentesting
Last synced: 30 Dec 2024
https://github.com/gwen001/github-regexp
Basically a regexp over a GitHub search.
bugbounty github go golang pentesting private regexp secrets security-tools
Last synced: 09 May 2025
https://github.com/yeswehack/YesWeBurp
YesWeHack Api Extension for Burp
bugbounty burp-extensions hacking pentest tools
Last synced: 19 Apr 2025
https://github.com/TypeError/Bookmarks
Reclaim control of your Burp Suite Repeater tabs with this powerful extension
appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro
Last synced: 12 Mar 2025
https://github.com/blackhatethicalhacking/ScopeHunter
ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.
bugbounty hacking infosec kali-linux penetration-testing pentesting
Last synced: 10 Mar 2025
https://github.com/blackhatethicalhacking/scopehunter
ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.
bugbounty hacking infosec kali-linux penetration-testing pentesting
Last synced: 16 Mar 2025
https://github.com/p0dalirius/ldapconsole
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
active-directory bugbounty ldap pentesting search
Last synced: 03 Apr 2025
https://github.com/elfarsaouiomar/monitor-new-subdomain
MNS is a security and reconnaissance tool for monitoring new subdomains
bugbounty monitoring python3 recon subdomains
Last synced: 21 Nov 2024
https://github.com/demon1a/discord-recon
Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server
automation bugbounty bugbounty-tool discord discord-recon hacking hackingtools nuclei python3 recon reconnaissance wayback-machine
Last synced: 02 Apr 2025
https://github.com/InitRoot/BurpSQLTruncSanner
Messy BurpSuite plugin for SQL Truncation vulnerabilities.
bugbounty burpsuite-extender sql-truncation
Last synced: 02 Apr 2025
https://github.com/codingo/dooked
DNS and Target HTTP History Local Storage and Search
bounties bug bugbounty bugbounty-tool infosec reconnaissance security security-tools
Last synced: 23 Apr 2025
https://github.com/jimen0/differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters
bugbounty cloudrun go golang serverless url
Last synced: 22 Mar 2025
https://github.com/radenvodka/pentol
PENTOL - Pentester Toolkit for Fiddler2
bugbounty exploit exploiting-vulnerabilities fiddler-extension fiddler2 kitploit pentest-tool pentesting security security-tools tools
Last synced: 11 May 2025
https://github.com/theunknownsoul/htb-certified-bug-bounty-hunter-exam-cheetsheet
All cheetsheets with main information from HTB CBBH role path in one place.
bugbounty cheetsheet htb security
Last synced: 14 Apr 2025
https://github.com/Th0h0/autopoisoner
Web cache poisoning vulnerability scanner.
automation bugbounty python3 web-cache-deception web-cache-misconfiguration web-cache-poisoning
Last synced: 10 May 2025
https://github.com/0xkayala/custom-nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
bugbounty custom-nuclei-templates exploit-development exploits fingerprint nuclei nuclei-checks nuclei-templates nucleifuzzer security vulnerability-detection
Last synced: 10 Apr 2025
https://github.com/Zarcolio/grepaddr
Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.
bugbounty command-line ctf ctf-tools e-mail extract grep-like hacking ip-addresses ipv4 ipv6 mac-address pentesting python python3 recon reconnaissance urls
Last synced: 07 Apr 2025
https://github.com/rix4uni/medium-writeups
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance reconnaissance-bugbounty-writeups security security-tools threat-intelligence
Last synced: 15 Apr 2025
https://github.com/ghsec/BBProfiles
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
Last synced: 13 Mar 2025
https://github.com/EdOverflow/smith
Simple wrapper for meg that sieves through meg's output for you.
bugbounty security security-tools
Last synced: 18 Jan 2025
https://github.com/hahwul/gitls
🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
bugbounty butbountytips cli-tool fetcher git github security security-tools tool whitebox-testing
Last synced: 10 Apr 2025
https://github.com/kabilan1290/grapX
grapX will iterate through the URLs and grep the endpoints with all possible extensions.
automation bugbounty bugbounty-tool bugbountytips cybersecurity opensource python python-script security-automation security-vulnerability
Last synced: 21 Nov 2024
https://github.com/nullt3r/rapiddns
Rapidly enumerate subdomains and domains using rapiddns.io.
bugbounty bugbountytips domain-discovery enumeration scanner subdomains-enumeration
Last synced: 21 Nov 2024
https://github.com/z3dc0ps/0x0p1n3r
0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover
bugbounty enumeration enumerations subdomain subdomain-enumeration subdomain-scanner vulnerability
Last synced: 21 Nov 2024
https://github.com/gerosecurity/gerobug
The First Open Source Bug Bounty Platform
bounty-hunting bug-bounty bug-bounty-platform bugbounty bugbounty-platform bugbounty-tool cybersecurity infosec vdp vulnerability-disclosure
Last synced: 02 Jan 2025
https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213
https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8
Last synced: 21 Nov 2024
https://github.com/nikhil1232/Bucket-Flaws
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
application-security aws-s3 bucket bug-bounty bugbounty s3 s3-bucket s3-buckets security-misconfiguration wapt
Last synced: 21 Nov 2024
https://github.com/dwisiswant0/continuous-nuclei
Running nuclei Continuously
automation bugbounty bugbounty-tool nuclei projectdiscovery
Last synced: 21 Nov 2024
https://github.com/dwisiswant0/bounty-targets-alert
It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.
bugbounty bugbountytips bugcrowd federacy hackenproof hackerone intigriti vdp vrp yeswehack
Last synced: 24 Mar 2025
https://github.com/Adversis/PandorasBox
Security tool to quickly audit Public Box files and folders.
bugbounty cloud-security penetration-testing security-tools
Last synced: 07 May 2025
https://github.com/azathothas/arsenal
Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
bug-bounty bugbounty hacking recon recon-tools security security-tools tools
Last synced: 12 May 2025
https://github.com/darklotuskdb/SSTI-XSS-Finder
XSS Finder Via SSTI
bug bugbounty bugbounty-tool bugbountytips dorks hacking ssti tool vulnerability xss
Last synced: 21 Nov 2024
https://github.com/jcsec-security/cosmwasm-audit-roadmap
Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities
audit blockchain bug bugbounty contract cosmos cosmossdk cosmwasm dapp defi hacking roadmap rust security smart smartcontract vulnerabilities
Last synced: 07 Apr 2025
https://github.com/Josue87/roboxtractor
Extract endpoints marked as disallow in robots files to generate wordlists.
bug-bounty bugbounty enumeration fuzzing hacking wordlist
Last synced: 21 Nov 2024
https://github.com/themarkib/google-acquisitions
Most of the Google Acquisitions for Bug Bounty Hunter.
bugbounty ethical-hacking googlevrp penetration-testing
Last synced: 31 Mar 2025
https://github.com/birdbee44/Resources
bugbounty honey honey-pots osint phishing resources scanner sql-injection xss
Last synced: 21 Nov 2024
https://github.com/Sh1Yo/rate-limit-checker
Check whether the domain has a rate limit enabled.
Last synced: 21 Nov 2024
https://github.com/random-robbie/open-redirect
Open Redirect Finder.
bugbounty casperjs open-redirect openredirect python
Last synced: 30 Apr 2025
https://github.com/rix4uni/wordlist
Custom wordlist, updated regularly
bug-bounty bugbounty bugbountytips fuzzing hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence wordlist
Last synced: 15 Apr 2025
https://github.com/nu11pointer/fuzzlists
A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc
bruteforce bugbounty cybersecurity dictionaries infosec pentesting wordlists
Last synced: 05 Apr 2025
https://github.com/gwen001/bxss
Alternative to XSS Hunter for blind XSS.
bugbounty pentesting php security-tools xss xsshunter
Last synced: 09 May 2025
https://github.com/MindPatch/hacking-lab
Small Vulnerable Web App
bugbounty cmdinjection flask hackable hacking-lab openredirect python sqlinjection ssrf ssti uploadfile xss
Last synced: 21 Nov 2024
https://github.com/Aju100/VulWebaju
VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
bugbounty hacking hacktoberfest owasp-top-10 penetration-testing pentesting
Last synced: 21 Nov 2024
https://github.com/gwen001/google-search
Returns results from Google search.
bugbounty endpoints go golang google goop pentesting python recon search security-tools urls
Last synced: 09 May 2025
https://github.com/DreyAnd/DeadDNS
DNS hijacking via dead records automation tool
bugbounty bugbounty-tool bugbountytips bughunting
Last synced: 21 Nov 2024
https://github.com/kljunowsky/CVE-2022-42889-text4shell
Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.
apache bug-bounty bug-bounty-hunting bugbounty bugbounty-tool commons-text cve-2022-42889 exploit oneliner security security-tools
Last synced: 21 Nov 2024
https://github.com/bassammaged/awsEnum
Enumerate AWS cloud resources based on provided credential
aws bug bugbounty enumeration penetration-testing security-audit security-tools
Last synced: 10 Mar 2025
https://github.com/mindpatch/hacking-lab
Small Vulnerable Web App
bugbounty cmdinjection flask hackable hacking-lab openredirect python sqlinjection ssrf ssti uploadfile xss
Last synced: 12 May 2025
https://github.com/kaiiyer/rajappan
An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE
articles blog bugbounty cheatsheet conference cybersecurity differential-privacy hacktoberfest hacktoberfest2022 internet-freedom podcasts privacy rajappan security security-tools threat-hunting threat-intelligence toolkit tools
Last synced: 10 Apr 2025
https://github.com/mzfr/takeover
A tool for testing subdomain takeover possibilities at a mass scale.
bugbounty subdomain-takeover takeover
Last synced: 15 Mar 2025
https://github.com/xchopath/pathprober
Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once
bugbounty pentest pentest-scripts pentest-tools python python3 redteam redteam-tools webscanner
Last synced: 21 Nov 2024
https://github.com/mrlew1s/BrokenSMTP
Small python script to look for common vulnerabilities on SMTP server.
bugbounty pentest pentest-scripts pentest-tool pentesting python python3 security security-tools smtp spoofing userenumeration vulnerabilities vulnerability
Last synced: 21 Nov 2024
