Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with bugbountytips

A curated list of projects in awesome lists tagged with bugbountytips .

https://github.com/kathanp19/howtohunt

Collection of methodology and test case for various web vulnerabilities.

bugbounty bugbountytips bughunting-methodology tutorials vulnerability

Last synced: 27 Jan 2026

https://github.com/KathanP19/HowToHunt

Collection of methodology and test case for various web vulnerabilities.

bugbounty bugbountytips bughunting-methodology tutorials vulnerability

Last synced: 17 Mar 2025

https://github.com/smodnix/31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

api-pentest api-security bug-bounty bugbounty bugbountytips infosec pentest security

Last synced: 02 May 2025

https://github.com/inonshk/31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

api-pentest api-security bug-bounty bugbounty bugbountytips infosec pentest security

Last synced: 14 Mar 2025

https://github.com/insightglacier/Dictionary-Of-Pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi

Last synced: 11 Jul 2025

https://github.com/insightglacier/dictionary-of-pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi

Last synced: 05 Apr 2025

https://github.com/lutfumertceylan/top25-parameter

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

bugbounty bugbountytips infosec pentest-tool pentesting security vulnerability-detection vulnerability-research xss-detection

Last synced: 17 Feb 2026

https://github.com/HolyBugx/HolyTips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

api api-security bugbounty bugbounty-writeups bugbountytips checklist pentest pentesting security web webapp websecurity writeups

Last synced: 11 Jul 2025

https://github.com/harsh-bothra/learn365

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

application-security bugbounty bugbountytips community infosec learning pentesting pentesting-tools vulnerabilities

Last synced: 02 Feb 2026

https://github.com/xalgord/massive-web-application-penetration-testing-bug-bounty-notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

bug-bounty bugbounty bugbountytips collection ethical-hacking hacking owasp owasp-top-10 resources xalgord

Last synced: 31 Jan 2026

https://github.com/Cyber-Guy1/API-SecurityEmpire

API Security Project aims to present unique attack & defense methods in API Security field

api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips

Last synced: 21 Jul 2025

https://github.com/cyber-guy1/api-securityempire

API Security Project aims to present unique attack & defense methods in API Security field

api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips

Last synced: 16 May 2025

https://github.com/viralmaniar/bigbountyrecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

blue-team bugbounty bugbounty-tool bugbountytips cybersecurity offensive-security osint pentest-tool pentesting purple-team purple-teams recon reconnaissance red-team red-teaming

Last synced: 16 May 2025

https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

bug-bounty bugbounty bugbountytips collection ethical-hacking hacking owasp owasp-top-10 resources xalgord

Last synced: 11 Jul 2025

https://github.com/hahwul/xspear

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

bugbounty bugbountytips gem hacking library pentest ruby scanner scanning-xss selenium tool webhacking xss

Last synced: 14 May 2025

https://github.com/hahwul/XSpear

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

bugbounty bugbountytips gem hacking library pentest ruby scanner scanning-xss selenium tool webhacking xss

Last synced: 02 Apr 2025

https://github.com/Viralmaniar/BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

blue-team bugbounty bugbounty-tool bugbountytips cybersecurity offensive-security osint pentest-tool pentesting purple-team purple-teams recon reconnaissance red-team red-teaming

Last synced: 11 Jul 2025

https://github.com/indianajson/can-i-take-over-dns

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

bugbounty bugbountytips dangling-dns dns dns-hijacking domain-takeover hacking hacking-tool infosec nameservers subdomain-takeover takeover-subdomain

Last synced: 03 Apr 2025

https://github.com/r0x4r/garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 12 Apr 2025

https://github.com/R0X4R/Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 07 Apr 2025

https://github.com/dwisiswant0/findom-xss

A fast DOM based XSS vulnerability scanner with simplicity.

bugbounty bugbountytips findom-xss pentest pentesting xss xss-scanner

Last synced: 24 Mar 2025

https://github.com/dwisiswant0/ppfuzz

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

bugbounty bugbounty-tool bugbountytips chromium prototype-pollution rust rust-tools security security-tools vulnerability-scanners

Last synced: 16 May 2025

https://github.com/yogsec/hacking-tools

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

blue-team bug-bounty-tools bugbounty bugbountytips cybersecurity ethical-hacking-tools exploit forensics hackers hacking hacking-tools kali-linux linux-tools penetration-testing penetration-testing-tools red-team reverse-engineering vulnerability web-security

Last synced: 05 Mar 2026

https://github.com/taielab/Taie-Bugbounty-killer

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧,看了并去做了捡钱如喝水。

bugbounty bugbounty-tool bugbountytips

Last synced: 11 Jul 2025

https://github.com/puliczek/cve-2022-0337-poc-google-chrome-microsoft-edge-opera

🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

bugbounty bugbounty-writeups bugbountytips cve cve-2022-0337 cybersecurity exploit hacking payload pentest pentesting red-team security security-writeups writeups

Last synced: 27 Jan 2026

https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera

🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

bugbounty bugbounty-writeups bugbountytips cve cve-2022-0337 cybersecurity exploit hacking payload pentest pentesting red-team security security-writeups writeups

Last synced: 02 Apr 2025

https://github.com/hash3lizer/subrake

🚀 A DNS automated scanner and tool 🖱️ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).

bugbountytips dns-takeover reconnaissance subdomain-bruteforcing subdomain-enumeration subdomain-scanner subdomain-takeover zone-takeover zone-transfers

Last synced: 05 Apr 2025

https://github.com/hash3liZer/Subrake

🚀 A DNS automated scanner and tool 🖱️ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).

bugbountytips dns-takeover reconnaissance subdomain-bruteforcing subdomain-enumeration subdomain-scanner subdomain-takeover zone-takeover zone-transfers

Last synced: 02 Apr 2025

https://github.com/edoardottt/missing-cve-nuclei-templates

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

automation bug-bounty bug-hunting bugbounty bugbounty-tool bugbountytips cve cve-scanning hacking nuclei nuclei-engine nuclei-templates penetration-testing pentesting projectdiscovery security security-tools vulnerability-detection vulnerability-scanners

Last synced: 09 Apr 2025

https://github.com/cc1a2b/JShunter

JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for developers and security researchers.

bugbounty bugbounty-tool bugbountytips hacker javascript javascript-tools pentest pentest-tool pentesting

Last synced: 31 Oct 2025

https://github.com/puliczek/cve-2021-21123-poc-google-chrome

🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...

bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups

Last synced: 15 Oct 2025

https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...

bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups

Last synced: 02 Apr 2025

https://github.com/aydinnyunus/PassDetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

bash bugbounty bugbounty-tool bugbountytips golang hacking kali kali-linux kali-linux-hacking linux red-team security security-tools shell shell-script zsh

Last synced: 06 Apr 2025

https://github.com/aydinnyunus/passdetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

bash bugbounty bugbounty-tool bugbountytips golang hacking kali kali-linux kali-linux-hacking linux red-team security security-tools shell shell-script zsh

Last synced: 04 Aug 2025

https://github.com/hahwul/hack-pet

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

bugbounty bugbountytips command-line-manager go golang hacking pet snippets tool

Last synced: 27 Jan 2026

https://github.com/dwisiswant0/wadl-dumper

Dump all available paths and/or endpoints on WADL file.

bugbounty bugbounty-tool bugbountytips go golang wadl xml xml-parser

Last synced: 05 Oct 2025

https://github.com/r0x4r/agnee

Find sensitive information using dorks from different search-engines.

bugbounty bugbountytips bugbountytool dorking search-engine

Last synced: 05 Apr 2025

https://github.com/rix4uni/scope

An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)

bug-bounty bugbounty bugbountytips bugcrowd hackenproof hackerone hacking infosec intigriti osint osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools vrp yeswehack

Last synced: 06 Mar 2026

https://github.com/gwen001/bugbountytips

Webapp to search tips on Twitter through #bugbountytips

bugbounty bugbountytips hashtag pentesting php security twitter

Last synced: 09 May 2025

https://github.com/nullt3r/rapiddns

Rapidly enumerate subdomains and domains using rapiddns.io.

bugbounty bugbountytips domain-discovery enumeration scanner subdomains-enumeration

Last synced: 12 Jul 2025

https://github.com/rix4uni/medium-writeups

This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance reconnaissance-bugbounty-writeups security security-tools threat-intelligence

Last synced: 15 Apr 2025

https://github.com/kabilan1290/grapX

grapX will iterate through the URLs and grep the endpoints with all possible extensions.

automation bugbounty bugbounty-tool bugbountytips cybersecurity opensource python python-script security-automation security-vulnerability

Last synced: 12 Jul 2025

https://github.com/dwisiswant0/bounty-targets-alert

It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.

bugbounty bugbountytips bugcrowd federacy hackenproof hackerone intigriti vdp vrp yeswehack

Last synced: 24 Mar 2025

https://github.com/yogsec/onelinerbounty

OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to streamline your workflow and uncover more vulnerabilities. #BugBounty #Cybersecurity #HackTips #SecurityResearch #OneLinerBugBounty #OneLinerBounty

bug bugbounty bugbountytips burp-extensions burpsuite cyber-security cybersecurity cybersecurity-tools cybersecuritytips ethicalhacking hacker hackerone hackers hacking hacking-tools nmap onelinerbugbounty osint owasp

Last synced: 07 Mar 2026

https://github.com/DreyAnd/DeadDNS

DNS hijacking via dead records automation tool

bugbounty bugbounty-tool bugbountytips bughunting

Last synced: 12 Jul 2025

https://github.com/yogsec/OneLinerBounty

OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to streamline your workflow and uncover more vulnerabilities. #BugBounty #Cybersecurity #HackTips #SecurityResearch #OneLinerBugBounty #OneLinerBounty

bug bugbounty bugbountytips burp-extensions burpsuite cyber-security cybersecurity cybersecurity-tools cybersecuritytips ethicalhacking hacker hackerone hackers hacking hacking-tools nmap onelinerbugbounty osint owasp

Last synced: 01 Apr 2025

https://github.com/R0X4R/ssrf-tool

An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.

bugbounty bugbounty-tool bugbountytips go ssrf ssrf-tool tools

Last synced: 11 Jul 2025

https://github.com/rix4uni/xssrecon

XSSRecon automates the process of testing URL parameters for reflection of a test payload rix4uni and further checks how special characters are handled (allowed, blocked, or converted).

bug-bounty bugbounty bugbountytips hacking infosec masshuntxss osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools vulnerability xss xss-automation xssrecon

Last synced: 04 Mar 2026

https://github.com/e1abrador/Burp-Encode-IP

Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.

bugbounty bugbounty-tool bugbountytips bypass open-redirect red-team red-team-tools ssrf

Last synced: 13 May 2025

https://github.com/acuciureanu/ppfang

A tool which helps identifying client-side prototype polluting libraries

bugbounty bugbounty-tool bugbountytips chromium cspp prototype-pollution security security-tools vulnerability-scanners

Last synced: 09 Apr 2025

https://github.com/topscoder/fourohme

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.

401 401-bypass 403 403-bypass bugbounty bugbountytips bugbountytricks cli http http-headers osint recon

Last synced: 05 May 2025

https://github.com/rix4uni/tldscan

A high-performance domain scanner that discovers active domains by testing multiple Top-Level Domains (TLDs) for given domain names.

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence tldfinder tldscanner

Last synced: 20 Apr 2026

https://github.com/freyxfi/bugrecon

An automated bug hunting tool for comprehensive reconnaissance, including subdomain enumeration, port scanning, vulnerability detection, and report generation.

bugbounty bugbounty-tool bugbountytips bughunting hacktoberfest hacktoberfest-accepted hacktoberfest2024 recon reconnaissance

Last synced: 11 Sep 2025

https://github.com/tkmru/xss_dict

xss dictionary for Google 日本語入力

bugbounty bugbountytips xss-detection

Last synced: 04 Feb 2026

https://github.com/rix4uni/unew

A tool combined of 2 commands features in 1 sort and tee for adding new lines to files, skipping duplicates

bug-bounty bugbounty bugbountytips duplicates hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence

Last synced: 15 Apr 2025

https://github.com/rix4uni/msarjun

Mass-scale hidden parameter discovery using Arjun. A high-performance wrapper that parallelizes Arjun for efficient parameter discovery across multiple targets.

api-fuzzer api-fuzzing api-testing arjun bug-bounty bugbounty bugbountytips content-discovery hacking infosec osint osint-tool parameter-discovery penetration-testing pentest-tool pentesting recon reconnaissance security security-tools

Last synced: 07 Apr 2026

https://github.com/0xpugal/hacktheweb

Things to do while Hacking/Hunting in Web Applications

bugbounty bugbountytips hack recon subdomain-enumeration vulnerability web webappsec websecurity

Last synced: 19 Mar 2026

https://github.com/rix4uni/portmap

portmap is a fast portscan tool, uses shodan public data for port scan used internetdb.shodan.io and api.shodan.io/shodan/host

bug-bounty bugbounty bugbountytips hacking infosec internetdb osint osint-resources penetration-testing pentest-tool pentesting port-enumeration portscanner recon reconnaissance scan-ports security security-tools shodan threat-intelligence

Last synced: 28 Aug 2025

https://github.com/rix4uni/techfinder

A high-performance technology detection tool built with Go, leveraging the projectdiscovery wappalyzergo library to identify web technologies and frameworks.

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools technology threat-intelligence

Last synced: 20 Apr 2026

https://github.com/rix4uni/linkinspector

linkinspector is a fast command-line tool for inspecting URLs and retrieving HTTP status codes, content lengths, and content types. It supports filtering and matching responses, and can process URLs from stdin or files.

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence

Last synced: 17 Feb 2026

https://github.com/acuciureanu/js-maid

A rule-driven engine designed for seamless extraction of data from JavaScript files.

bugbounty-tool bugbountytips data-extraction javascript security-audit static-code-analyzer

Last synced: 09 Apr 2025