Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/blackhatethicalhacking/sql-injection-pwn

A 1 Liner SQL Injection Attack using SQLMAP and various parameters that helps quickly check for a vulnerabilities during Bug Bounty

bugbounty hacking penetration-testing pentesting redteam sqlinjection

Last synced: 05 Nov 2024

https://github.com/robotshell/dorkScraper

DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.

bugbounty googledorks pentesting python tool

Last synced: 04 Aug 2024

https://github.com/Sajibekanti/Bug_Bounty_List

Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.

bugbounty halloffame

Last synced: 04 Aug 2024

https://github.com/sidxparab/Subdomain-Enumeration-Guide

This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.

bugbounty pentesting recon reconnaissance subdomain-enumeration

Last synced: 04 Aug 2024

https://github.com/r0x4r/snetra

A Python based scanner uses shodan-internetdb to scan the IP.

bugbounty penetration-testing penetration-testing-tools python3 shodan

Last synced: 08 Nov 2024

https://github.com/R0X4R/snetra

A Python based scanner uses shodan-internetdb to scan the IP.

bugbounty penetration-testing penetration-testing-tools python3 shodan

Last synced: 04 Aug 2024

https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn

An AIO Tool to check for Vulnerable Amazon S3 Buckets as part of Bug Bounty, the uniqueness of this tool is that it can take a file full of buckets, and check all of them with various attack scenarios if they are vulnerable

bugbounty hacking penetration-testing pentest-tool pentesting redteam s3-bucket

Last synced: 05 Nov 2024

https://github.com/grafana/bugbounty

Grafana Labs bug bounty

bounty bug bugbounty grafana rewards security

Last synced: 07 Oct 2024

https://github.com/Damian89/simple-oob-scanner

Simple tool to test for SSRF/OOB HTTP Read within the Path of a request

bugbounty penetration-testing pentesting python3

Last synced: 04 Aug 2024

https://github.com/gwen001/bbstats

Bug Bounty statistics tool.

bugbounty graph php stats

Last synced: 09 Nov 2024

https://github.com/melbadry9/WhoEnum

Mass querying whois records

bugbounty enumeration recon whois

Last synced: 04 Aug 2024

https://github.com/aldo-moreno-leon/ORtester

Open Redirect scanner - (out of date)

bugbounty pentest-tool

Last synced: 04 Aug 2024

https://github.com/BitTheByte/BitTraversal

Burpsuite Plugin to detect Directory Traversal vulnerabilities

bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender java path-traversal traversal web

Last synced: 04 Aug 2024

https://github.com/ihebski/db

Bugbounty utility to store list of enumerated subdomains into an sqlite3 db [one liner style / Pipe and save]

bugbounty database mini-utility sqlite3 subdomain-enumeration

Last synced: 29 Oct 2024

https://github.com/BitTheByte/Orkestra

Web-based Android debugger with inspection capabilities using Frida and Jadx as a backbone

android bugbounty bugcrowd debugger decompiler frida hackerone jadx java java-decompiler orkestra

Last synced: 04 Aug 2024

https://github.com/dwisiswant0/nodep

A tool for check available dependency packages across npmjs, PyPI or RubyGems registry.

bugbounty bugbounty-tool gem go golang npm npmjs pip pypi rubygems

Last synced: 12 Oct 2024

https://github.com/swanandx/rustywitness

A CLI tool for getting screenshots of URLs using headless chrome

bugbounty cli headless-chrome recon rust web

Last synced: 27 Oct 2024

https://github.com/BLACK-SCORP10/url-status-checker

Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded output, and easy CLI usage, it's a handy solution for monitoring web service performance.

automation bug-bounty bugbounty bugbounty-tools bugbountyautomation bulk easy-to-use httpx infosys python status-codes statuscode

Last synced: 07 Aug 2024

https://github.com/gwen001/favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

bugbounty favicon pentesting python security-tools shodan

Last synced: 09 Nov 2024

https://github.com/0xAkashsky/sub-scout

Simple bash Script to automate initial recon using (httpx, puredns, regulator, wayback, katana, aquatone)

bugbounty cybersecurity infosec infosectools security tools

Last synced: 23 Oct 2024

https://github.com/VincentDS/HackerOne-Notifier

Send notifications if a new program is published on HackerOne using Pushbullet

bugbounty hackerone notifications pushbullet

Last synced: 04 Aug 2024

https://github.com/vah13/BurpCRLFPlugin

Another plugin for CRLF vulnerability detection

bugbounty burp crlf plugin scanner vulnerability-detection

Last synced: 25 Oct 2024

https://github.com/melbadry9/cname

CNAME records lookup

bugbounty dns recon

Last synced: 23 Oct 2024

https://github.com/tuxotron/docker-image-generator

Customized docker images generation toolkit

bugbounty docker infosec pentesting

Last synced: 04 Aug 2024

https://github.com/gwen001/csp-analyzer

Analyze Content-Security-Policy header of a given URL.

bugbounty content-security-policy csp pentesting python security-tools

Last synced: 09 Nov 2024

https://github.com/proditis/bugbounty-cicd

A set of Gitlab pipelines and Github workflows to automate and ease on BugBounty and Penetration Testing engagements

bugbounty bugbounty-pipeline cybersecurity devsecops devsecops-pipeline gitlab gitlab-ci

Last synced: 08 Nov 2024

https://github.com/thelikes/fuzzmost

all manner of wordlists

bugbounty infosec recon wordlist

Last synced: 04 Aug 2024

https://github.com/ItsIgnacioPortal/hacker-scoper

Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.

bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity

Last synced: 04 Aug 2024

https://github.com/theporgs/exegol-resources

Hacking resources for the Exegol project

active-directory bugbounty hacking pentesting

Last synced: 09 Nov 2024

https://github.com/JavierOlmedo/ipdiscover

πŸ” A simple tool to obtain long lists of ips from domains using goroutines

bugbounty bughunter domain hacking-tool ip recon

Last synced: 04 Aug 2024

https://github.com/incogbyte/laravel-phpunit-rce-masscaner

Masscanner for Laravel phpunit RCE CVE-2017-9841

bugbounty cve-2017-9841

Last synced: 04 Aug 2024

https://github.com/Naategh/dom-red

Small script to check a list of domains against open redirect vulnerability

bugbounty open-redirect python

Last synced: 03 Nov 2024

https://github.com/p0dalirius/robotsvalidator

A python script to check if URLs are allowed or disallowed by a robots.txt file.

allow bugbounty bypass check disallow robots-txt web

Last synced: 29 Oct 2024

https://github.com/AmoloHT/TTWAF

γ€ŒπŸ§±γ€Test a list of payloads and see if you can bypass it

application bugbounty bugbounty-tool bypass firewall lfi payload rce rust sqli test waf xss

Last synced: 23 Oct 2024

https://github.com/topscoder/fourohme

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.

401 401-bypass 403 403-bypass bugbounty bugbountytips bugbountytricks cli http http-headers osint recon

Last synced: 13 Nov 2024

https://github.com/anof-cyber/web-recon

Web application recon for bug bounty

bugbounty httprobe linkfinder nmap sublist3r waybackurl

Last synced: 06 Nov 2024

https://github.com/adnanekhan/actionscacheblasting

Proof-of-concept code for research into GitHub Actions Cache poisoning.

actions bugbounty cicd

Last synced: 08 Nov 2024

https://github.com/humblelad/Needle

Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip

bugbounty bugcrowd chrome-extension hackerone intigriti yeswehack

Last synced: 04 Aug 2024

https://github.com/adnanekhan/actionstoctou

Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)

actions bugbounty cicd

Last synced: 08 Nov 2024

https://github.com/ImAyrix/er

😁 Easy Regex

bug-bounty bugbounty cli golang regex

Last synced: 23 Oct 2024

https://github.com/nscuro/fdnssearch

Swiftly search FDNS datasets from Rapid7 Open Data

bugbounty dns fdns golang opendata rapid7 subdomains

Last synced: 04 Aug 2024

https://github.com/Bhagavan-Bollina/BugBounty-Dorks

Highly recommended dorks for bug bounty

bug-bounty-dorks bugbounty dorks recon

Last synced: 04 Aug 2024

https://github.com/gwen001/detectify-cves

Find CVEs that don't have a Detectify modules.

bugbounty cve detectify pentesting scanner security-tools

Last synced: 09 Nov 2024

https://github.com/sec-it/BFAC-Burp-Extension

Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

backup-files bugbounty burp-extensions burpsuite pentest recon

Last synced: 04 Aug 2024

https://github.com/si9int/gDork

A Mozilla Firefox extension which allows quick access to your google-dorking result

bugbounty dorking reconnaissance

Last synced: 04 Aug 2024

https://github.com/choirurrizal/paraminer

finds hidden parameters

bugbounty php recon

Last synced: 04 Aug 2024

https://github.com/javanxd/raceocat

Make exploiting race conditions in web applications highly efficient and ease-of-use.

bugbounty race-conditions race-detection racer research-and-development

Last synced: 10 Nov 2024

https://github.com/p0dalirius/crawlersuseragents

Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.

bugbounty crawler crawlers pentest request tool user-agent web

Last synced: 29 Oct 2024

https://github.com/blackhatethicalhacking/bheh-sub-pwner

This bash script tool, will perform advanced subdomain enumeration, save the results, it will then probe the subdomains into urls, save the results in a separate file, it will then resolve all the subdomains into ip addresses and save the results separately.

bugbounty hacking penetration-testing pentesting subdomain-enumeration subdomain-scanner

Last synced: 05 Nov 2024

https://github.com/machine1337/reverse-shells

This tool will help in generating reverse shells easily for all types of OS.

bugbounty fastest-shells hacking machine1337 onelinershells pentesting phpshell phpshells quickshells reverse-shell windows-shells

Last synced: 10 Nov 2024

https://github.com/pdelteil/HackerOneAPIClient

This project is a bash client to use HackerOne's API.

bugbounty bugbountyhunting hackerone

Last synced: 12 Nov 2024

https://github.com/ElSicarius/findalllinks

A tool to extract all the urls and paths found in the content of a page (js sources included)

bugbounty extension javascript linkfinder

Last synced: 04 Aug 2024

https://github.com/knassar702/pmg

Extract parameters/paths from urls

bugbounty bugbounty-tool bughunting python regex security

Last synced: 04 Aug 2024

https://github.com/0ss/byp4ss3r

tool to bypass 403/401 pages ( helpful for bug hunting)

bugbounty

Last synced: 04 Aug 2024

https://github.com/machine1337/fast-scan

An Advanced tool to scan hundreds of IP's in Seconds for CVE's, Open Ports And Web Technologies.

bugbounty cve-scanning hacking ipscanner kali-linux machine1337 portscanner serverinfo webscanner

Last synced: 10 Nov 2024

https://github.com/gwen001/extract-endpoints

Extract endpoints from source files.

bugbounty endpoints pentesting php security-tools urls

Last synced: 09 Nov 2024

https://github.com/gwen001/gitgrep

Webapp to perform regexp search over GitHub search.

bugbounty git github pentesting php private regexp secrets security-tools

Last synced: 09 Nov 2024

https://github.com/lekssays/kibanarec

A Tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations for Bug Bounty.

bugbounty kibana recon reconnaissance

Last synced: 10 Nov 2024

https://github.com/mathis2001/cert4recon

Simple passive Python Recon tool for subdomains enumeration with crt.sh

bugbounty crt-sh information-gathering osint recon subdomain-enumeration

Last synced: 11 Nov 2024

https://github.com/d3ext/go-recon

External recon toolkit

bugbounty go-recon golang hacking recon toolkit

Last synced: 14 Nov 2024

https://github.com/ucybers/bug-bounty-beginner-roadmap

This is a resource for anyone looking to learn bug hunting and provides guidance during the study and learning phase.

bug bug-bounty bugbounty bugbounty-tool bugs cmd cmdline cyber-security cybersecurity cybersecurity-tool guide hacker linux linux-shell powershell roadmap tutorial tutorials windows

Last synced: 13 Oct 2024

https://github.com/r3k4t/onionnux

Onionnux is a onionsite(DEEPNET/DARKNET) tool.It can help to idenitfy onionsite is active or onionsite server name.

bugbounty forensics-investigations onion-routing python-pyfiglet python-requests security-analysis security-audit security-research socks5-proxy software-engineering website-vulnerability

Last synced: 23 Oct 2024

https://github.com/h33tlit/Parameter-Reflect-Finder

Parameter-Reflect-Finder is a python based tool that helps you find reflected parameters which can have potential XSS or Open redirection vulnerabilities.

bug-bounty bugbounty open-redirect open-redirect-detection parameter-search reflector scanner scraper xss xss-detection xss-scanner

Last synced: 04 Aug 2024

https://github.com/zpettry/boxer

Boxer: A fast directory bruteforce tool written in Python with concurrency.

bruteforce bugbounty directory hacking hacking-tool penetration-testing pentesting python

Last synced: 10 Nov 2024

https://github.com/random-robbie/s3-listable

S3 Buckets that will let you list all files inside them

aws aws-s3 bugbounty s3-bucket s3-storage

Last synced: 09 Nov 2024

https://github.com/hueristiq/hqurlscann3r

A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes

bugbounty bypass-403 go golang

Last synced: 06 Nov 2024

https://github.com/ehsaanqazi/Bug-Bounty

Resources and Guides for Web Application Vulnerabilities

bugbounty cybersecurity information-security webapplicationsecurity

Last synced: 04 Aug 2024

https://github.com/mathis2001/paramchanger

ParamChanger is a tool allowing you to replace the parameters of a list of urls by a payload entered as an argument

bugbounty parameters pentest

Last synced: 11 Nov 2024

https://github.com/AdnaneKhan/ActionsTOCTOU

Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)

actions bugbounty cicd

Last synced: 26 Sep 2024

https://github.com/mathis2001/ParamChanger

ParamChanger is a tool allowing you to replace the parameters of a list of urls by a payload entered as an argument

bugbounty parameters pentest

Last synced: 23 Oct 2024

https://github.com/mrvcoder/getasn

🌐 Get Some Useful Info From Domain/IP/ASN πŸ”₯

asn-lookup bgpview bugbounty cdn cdn-check cidr cli domain information-gathering osint recon reconnaissance

Last synced: 06 Nov 2024

https://github.com/random-robbie/yahoo-bug-bounty

List of hosts from yahoo.com

bugbounty recon yahoo yahoo-bug-bounty

Last synced: 09 Nov 2024

https://github.com/j3ssie/str-replace

Simple tools to handle string and generate subdomain permutations

bugbounty hacking infosec pentesting permutations recon subdomain

Last synced: 14 Oct 2024

https://github.com/machine1337/sqlscan

A small and an efficient tool to find SQL injection vulnerability in a websites.

automation-framework bugbounty bugbounty-tool hacking machine1337 sql sqli sqlinjection

Last synced: 10 Nov 2024

https://github.com/d3mondev/crossjoin

Generate a cross join, also known as a Cartesian product, from the lines of the specified files. This process is useful for creating fuzzing payloads.

bug-bounty bugbounty bugbounty-tool bugbounty-tools cartesian-product cross-join crossjoin fuzzer fuzzing hacking hacking-tool penetration-testing penetration-testing-tools permutation

Last synced: 12 Nov 2024

https://github.com/momenbasel/pyrobots

a tool that gets all paths at robots.txt and opens it in the browser.

bugbounty penetration-testing pentesting python python3 robots-txt

Last synced: 11 Oct 2024

https://github.com/machine1337/open-redirector

A small and efficient tool to find open redirect vulnerabilities.

bugbounty hacking machine1337 openredirect-scanner vulnerabilities

Last synced: 10 Nov 2024

https://github.com/3nock/ote-templates

Community curated list of templates for the OSINT template engine.

attack-surfaces bugbounty fingerprinting osint recon security templates

Last synced: 09 Nov 2024