Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss

Last synced: 31 Oct 2024

https://github.com/nahamsec/resources-for-beginner-bug-bounty-hunters

A list of resources for those interested in getting started in bug bounties

bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss

Last synced: 15 Oct 2024

https://github.com/subfinder/subfinder

Fast passive subdomain enumeration tool.

bugbounty hacking osint reconnaissance subdomain-enumeration subdomains

Last synced: 25 Oct 2024

https://github.com/projectdiscovery/nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

bugbounty exploit-development exploits fingerprint hacktoberfest nuclei nuclei-checks nuclei-templates security vulnerability-detection

Last synced: 14 Oct 2024

https://github.com/yogeshojha/rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

bug-bounty bugbounty hacking information-gathering infosec osint penetration-testing pentesting recon recon-engine reconnaissance rengine scanner scanner-web scanning security-tools

Last synced: 31 Oct 2024

https://github.com/OWASP/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security

Last synced: 01 Nov 2024

https://github.com/projectdiscovery/httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

bugbounty cli cybersecurity hacktoberfest http lib osint pentest-tool pipeline ssl-certificate

Last synced: 06 Nov 2024

https://github.com/owasp/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security

Last synced: 15 Oct 2024

https://github.com/KathanP19/HowToHunt

Collection of methodology and test case for various web vulnerabilities.

bugbounty bugbountytips bughunting-methodology tutorials vulnerability

Last synced: 27 Oct 2024

https://github.com/kathanp19/howtohunt

Collection of methodology and test case for various web vulnerabilities.

bugbounty bugbountytips bughunting-methodology tutorials vulnerability

Last synced: 14 Oct 2024

https://github.com/dstotijn/hetty

An HTTP toolkit for security research.

bugbounty http infosec mitm pentesting proxy

Last synced: 14 Oct 2024

https://github.com/EdOverflow/bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

bugbounty infosec payloads security

Last synced: 05 Nov 2024

https://github.com/edoverflow/bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

bugbounty infosec payloads security

Last synced: 14 Oct 2024

https://github.com/six2dez/reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty dns fuzzing hacking nuclei osint penetration-testing pentest pentest-tool pentesting recon reconnaissance scanner security security-tools subdomain vulnerabilities

Last synced: 31 Oct 2024

https://github.com/ihebski/DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

blueteam bugbounty cheatsheet credentials-gathering cybersecurity default-password exploit infosec offensive-security pentest pentesting

Last synced: 03 Nov 2024

https://github.com/GhostTroops/scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

0day attack auto brute-force bugbounty bugbounty-tools golang hacker hacktools nmap nuclei pentest-tool recon security-scanner security-tools ssh tools vulnerabilities-scan vulnerability-detection vulnerability-scanners

Last synced: 31 Oct 2024

https://github.com/hktalent/scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

0day attack auto brute-force bugbounty bugbounty-tools golang hacker hacktools nmap nuclei pentest-tool recon security-scanner security-tools ssh tools vulnerabilities-scan vulnerability-detection vulnerability-scanners

Last synced: 04 Aug 2024

https://github.com/ghosttroops/scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

0day attack auto brute-force bugbounty bugbounty-tools golang hacker hacktools nmap nuclei pentest-tool recon security-scanner security-tools ssh tools vulnerabilities-scan vulnerability-detection vulnerability-scanners

Last synced: 15 Oct 2024

https://github.com/ihebski/defaultcreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

blueteam bugbounty cheatsheet credentials-gathering cybersecurity default-password exploit infosec offensive-security pentest pentesting

Last synced: 29 Oct 2024

https://github.com/EdOverflow/can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

bugbounty infosec list security subdomain subdomain-takeovers

Last synced: 24 Oct 2024

https://github.com/edoverflow/can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

bugbounty infosec list security subdomain subdomain-takeovers

Last synced: 03 Aug 2024

https://github.com/hakluke/hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

bugbounty crawling hacking osint pentesting recon reconnaissance

Last synced: 15 Oct 2024

https://github.com/hahwul/dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

bugbounty bugbounty-tool cicd-pipeline devsecops golang hacktoberfest security vulnerability xss xss-bruteforce xss-detection xss-exploit xss-scanner

Last synced: 29 Oct 2024

https://github.com/1N3/IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

attack bugbounty burpsuite burpsuite-engagement burpsuite-intruder fuzz fuzz-lists fuzzing injection intruder payloads sql-injection

Last synced: 24 Oct 2024

https://github.com/1n3/intruderpayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

attack bugbounty burpsuite burpsuite-engagement burpsuite-intruder fuzz fuzz-lists fuzzing injection intruder payloads sql-injection

Last synced: 14 Oct 2024

https://github.com/Findomain/Findomain

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

bugbounty dns osint subdomains

Last synced: 30 Oct 2024

https://github.com/findomain/findomain

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

bugbounty dns osint subdomains

Last synced: 15 Oct 2024

https://github.com/projectdiscovery/interactsh

An OOB interaction gathering server and client library

appsec bugbounty dns golang http ldap oast oob security smtp

Last synced: 29 Oct 2024

https://github.com/edu4rdshl/findomain

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

bugbounty dns osint subdomains

Last synced: 11 Aug 2024

https://github.com/Edu4rdSHL/findomain

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

bugbounty dns osint subdomains

Last synced: 02 Aug 2024

https://github.com/antonio-morales/Fuzzing101

An step by step fuzzing tutorial. A GitHub Security Lab initiative

afl afl-fuzz bug-hunting bugbounty education fuzz-testing fuzzer fuzzilli fuzzing hacking security testing vulnerabilities

Last synced: 02 Nov 2024

https://github.com/jonaslejon/malicious-pdf

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

bugbounty bugbounty-tool pdf pdf-generation penetration-test penetration-testing penetrationtesting pentesting pentesting-tools python redteam redteaming scanner

Last synced: 15 Oct 2024

https://github.com/opsdisk/pagodo

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

bugbounty dork ghdb google google-dork google-dorks google-hacking-database osint osint-python python yagooglesearch

Last synced: 09 Oct 2024

https://github.com/sa7mon/S3Scanner

Scan for misconfigured S3 buckets across S3-compatible APIs!

aws bugbounty gcp infosec s3 s3scanner

Last synced: 28 Oct 2024

https://github.com/sa7mon/s3scanner

Scan for misconfigured S3 buckets across S3-compatible APIs!

aws bugbounty gcp infosec s3 s3scanner

Last synced: 15 Oct 2024

https://github.com/devanshbatham/ParamSpider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

bugbounty content-discovery fuzzing osint parameter parameter-finder urls-parameters

Last synced: 03 Nov 2024

https://github.com/devanshbatham/paramspider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

bugbounty content-discovery fuzzing osint parameter parameter-finder urls-parameters

Last synced: 15 Oct 2024

https://github.com/antonio-morales/fuzzing101

An step by step fuzzing tutorial. A GitHub Security Lab initiative

afl afl-fuzz bug-hunting bugbounty education fuzz-testing fuzzer fuzzilli fuzzing hacking security testing vulnerabilities

Last synced: 15 Oct 2024

https://github.com/Voorivex/pentest-guide

Penetration tests guide based on OWASP including test cases, resources and examples.

bugbounty bypass owasp-tests payload penetration-testing pentest vulnerability writeup

Last synced: 24 Oct 2024

https://github.com/voorivex/pentest-guide

Penetration tests guide based on OWASP including test cases, resources and examples.

bugbounty bypass owasp-tests payload penetration-testing pentest vulnerability writeup

Last synced: 14 Oct 2024

https://github.com/jaeles-project/gospider

Gospider - Fast web spider written in Go

bugbounty crawler go gospider spider

Last synced: 15 Oct 2024

https://github.com/az0x7/vulnerability-checklist

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

bugbounty security sqlinjection vulnerability vulnerability-checklist web-vulnerability

Last synced: 14 Oct 2024

https://github.com/projectdiscovery/uncover

Quickly discover exposed hosts on the internet using multiple search engines.

asm attack-surface bugbounty cli osint recon reconnaissance

Last synced: 29 Oct 2024

https://github.com/gh0stkey/web-fuzzing-box

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

bugbounty fuzz fuzzing hacking penetration-testing pentesting

Last synced: 15 Oct 2024

https://github.com/inonshk/31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

api-pentest api-security bug-bounty bugbounty bugbountytips infosec pentest security

Last synced: 26 Oct 2024

https://github.com/jaeles-project/jaeles

The Swiss Army knife for automated Web Application Testing

bugbounty golang hacking infosec jaeles scanner security-tools vulnerabilities web-scanner

Last synced: 15 Oct 2024

https://github.com/gh0stkey/Web-Fuzzing-Box

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

bugbounty fuzz fuzzing hacking penetration-testing pentesting

Last synced: 04 Aug 2024

https://github.com/hisxo/gitGraber

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

bugbounty leaks monitor osint realtime redteam security-automation security-tools

Last synced: 01 Nov 2024

https://github.com/hisxo/gitgraber

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

bugbounty leaks monitor osint realtime redteam security-automation security-tools

Last synced: 15 Oct 2024

https://github.com/screetsec/Sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

bash bugbounty bugcrowd collected-subdomains enumeration framework hackerone httprobe kali kali-linux pentesting recon-subdomain reconnaissance scanner subdomain-enumeration subdomain-finder subdomain-scanner subfinder sublist3r

Last synced: 08 Nov 2024

https://github.com/screetsec/sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

bash bugbounty bugcrowd collected-subdomains enumeration framework hackerone httprobe kali kali-linux pentesting recon-subdomain reconnaissance scanner subdomain-enumeration subdomain-finder subdomain-scanner subfinder sublist3r

Last synced: 15 Oct 2024

https://github.com/Screetsec/Sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

bash bugbounty bugcrowd collected-subdomains enumeration framework hackerone httprobe kali kali-linux pentesting recon-subdomain reconnaissance scanner subdomain-enumeration subdomain-finder subdomain-scanner subfinder sublist3r

Last synced: 24 Oct 2024

https://github.com/1N3/BruteX

Automatically brute force all services running on a target.

brute brute-force bruteforce bruteforce-attacks bruteforcing bugbounty hacking

Last synced: 30 Oct 2024

https://github.com/1n3/brutex

Automatically brute force all services running on a target.

brute brute-force bruteforce bruteforce-attacks bruteforcing bugbounty hacking

Last synced: 14 Oct 2024

https://github.com/terjanq/Tiny-XSS-Payloads

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

bugbounty ctf html javascript payloads xss

Last synced: 05 Nov 2024

https://github.com/terjanq/tiny-xss-payloads

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

bugbounty ctf html javascript payloads xss

Last synced: 14 Oct 2024

https://github.com/insightglacier/dictionary-of-pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi

Last synced: 14 Oct 2024

https://github.com/ssl/ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

alert blind blind-xss bug bugbounty easy easy-to-use payload penetration-testing php redteam redteaming test xss xss-attacks xss-detection xss-exploitation xss-injection xss-scanner xss-vulnerability

Last synced: 03 Nov 2024

https://github.com/ssl/ezxss

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

alert blind blind-xss bug bugbounty easy easy-to-use payload penetration-testing php redteam redteaming test xss xss-attacks xss-detection xss-exploitation xss-injection xss-scanner xss-vulnerability

Last synced: 15 Oct 2024

https://github.com/insightglacier/Dictionary-Of-Pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi

Last synced: 04 Aug 2024

https://github.com/Impact-I/reFlutter

Flutter Reverse Engineering Framework

bugbounty mobile-security reverse-engineering ssl-pinning

Last synced: 30 Oct 2024

https://github.com/HolyBugx/HolyTips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

api api-security bugbounty bugbounty-writeups bugbountytips checklist pentest pentesting security web webapp websecurity writeups

Last synced: 04 Aug 2024

https://github.com/lutfumertceylan/top25-parameter

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

bugbounty bugbountytips infosec pentest-tool pentesting security vulnerability-detection vulnerability-research xss-detection

Last synced: 14 Oct 2024

https://github.com/d3mondev/puredns

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

bugbounty dns dns-bruteforcer dns-lookup dns-resolution dns-resolver hacking massdns recon subdomain subdomain-bruteforcing

Last synced: 14 Oct 2024

https://github.com/wagiro/burpbounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

bug-bounty bugbounty burp-extensions burpsuite vulnerability-detection vulnerability-scanner

Last synced: 03 Nov 2024

https://github.com/wagiro/BurpBounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

bug-bounty bugbounty burp-extensions burpsuite vulnerability-detection vulnerability-scanner

Last synced: 01 Nov 2024

https://github.com/Sh1Yo/x8

Hidden parameters discovery suite

bugbounty content-discovery recon rust security web

Last synced: 31 Oct 2024

https://github.com/1N3/Findsploit

Find exploits in local and online databases instantly

bugbounty exploitdb exploits find hackers metasploit nmap pentest search

Last synced: 30 Oct 2024

https://github.com/0xRadi/OWASP-Web-Checklist

OWASP Web Application Security Testing Checklist

bugbounty checklist owasp security security-tools security-vulnerability testing

Last synced: 26 Oct 2024

https://github.com/0xradi/owasp-web-checklist

OWASP Web Application Security Testing Checklist

bugbounty checklist owasp security security-tools security-vulnerability testing

Last synced: 03 Nov 2024

https://github.com/1n3/findsploit

Find exploits in local and online databases instantly

bugbounty exploitdb exploits find hackers metasploit nmap pentest search

Last synced: 29 Oct 2024

https://github.com/harsh-bothra/learn365

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

application-security bugbounty bugbountytips community infosec learning pentesting pentesting-tools vulnerabilities

Last synced: 14 Oct 2024

https://github.com/1N3/BlackWidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss

Last synced: 01 Nov 2024

https://github.com/1n3/blackwidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss

Last synced: 15 Oct 2024

Bug Bounty Awesome Lists
awesome-hacker-search-engines 483 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 408 awesome-bugbounty-tools 339 awesome-mobile-security 246 awesome-hacking-lists 10,901 awesome-vulnerable-apps 88 MobileHackersWeapons 71 netlas-cookbook 234 awesome-bbht 80 awesome-cicd-attacks 82 Awesome-OSINT-For-Everything 1,165 awesome-cybersec 301 Awesome-HTTPRequestSmuggling 44 awesome-security 57
Bug Bounty Categories
Python 3,014 Cross Site Scripting (XSS) 1,807 Others 1,574 Go 1,173 Java 854 Shell 690 JavaScript 634 Uncategorized 542 C 517 Weapons 453 Remote Code Execution (RCE) 449 C# # 436 C++ 391 Subdomain Takeover 316 HTML 260 Android 233 PowerShell 232 PHP 229 Cross Site Request Forgery (CSRF) 187 TypeScript 163