Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/gwen001/bugbountytips

Webapp to search tips on Twitter through #bugbountytips

bugbounty bugbountytips hashtag pentesting php security twitter

Last synced: 09 Nov 2024

https://github.com/yeswehack/YesWeBurp

YesWeHack Api Extension for Burp

bugbounty burp-extensions hacking pentest tools

Last synced: 09 Nov 2024

https://github.com/typeerror/bookmarks

Reclaim control of your Burp Suite Repeater tabs with this powerful extension

appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro

Last synced: 08 Nov 2024

https://github.com/TypeError/Bookmarks

Reclaim control of your Burp Suite Repeater tabs with this powerful extension

appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro

Last synced: 24 Oct 2024

https://github.com/InfoSecWarrior/Offensive-Pentesting-Scripts

Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work more efficient and effective.

automation bash-script bugbounty gotools nmap-scripts pentesting subdomain-enumeration subdomain-wordlist

Last synced: 07 Nov 2024

https://github.com/elfarsaouiomar/monitor-new-subdomain

MNS is a security and reconnaissance tool for monitoring new subdomains

bugbounty monitoring python3 recon subdomains

Last synced: 04 Aug 2024

https://github.com/codingo/dooked

DNS and Target HTTP History Local Storage and Search

bounties bug bugbounty bugbounty-tool infosec reconnaissance security security-tools

Last synced: 20 Oct 2024

https://github.com/jimen0/differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

bugbounty cloudrun go golang serverless url

Last synced: 28 Oct 2024

https://github.com/InitRoot/BurpSQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

bugbounty burpsuite-extender sql-truncation

Last synced: 03 Nov 2024

https://github.com/gwen001/github-regexp

Basically a regexp over a GitHub search.

bugbounty github go golang pentesting private regexp secrets security-tools

Last synced: 09 Nov 2024

https://github.com/p0dalirius/lfidump

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

bugbounty dump file inclusion local pentesting

Last synced: 29 Oct 2024

https://github.com/blackhatethicalhacking/fetchmeurls

A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)

bugbounty bugbountytool recon reconnaissance

Last synced: 05 Nov 2024

https://github.com/dsopas/rfd-checker

RFD Checker - security CLI tool to test Reflected File Download issues

bugbounty golang infosec pentest rfd security

Last synced: 04 Aug 2024

https://github.com/edoverflow/legal-bug-bounty

#legalbugbounty project โ€” creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

bugbounty infosec legal security

Last synced: 10 Nov 2024

https://github.com/ghsec/BBProfiles

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.

bugbounty burpsuite scanner

Last synced: 25 Oct 2024

https://github.com/Zarcolio/grepaddr

Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.

bugbounty command-line ctf ctf-tools e-mail extract grep-like hacking ip-addresses ipv4 ipv6 mac-address pentesting python python3 recon reconnaissance urls

Last synced: 06 Nov 2024

https://github.com/p0dalirius/ldapconsole

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

active-directory bugbounty ldap pentesting search

Last synced: 29 Oct 2024

https://github.com/hahwul/gitls

๐Ÿ–‡ Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

bugbounty butbountytips cli-tool fetcher git github security security-tools tool whitebox-testing

Last synced: 02 Nov 2024

https://github.com/kabilan1290/grapX

grapX will iterate through the URLs and grep the endpoints with all possible extensions.

automation bugbounty bugbounty-tool bugbountytips cybersecurity opensource python python-script security-automation security-vulnerability

Last synced: 04 Aug 2024

https://github.com/ysf/anewer

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

bugbounty cli rust stdin stdout tool uniq

Last synced: 04 Aug 2024

https://github.com/Adversis/PandorasBox

Security tool to quickly audit Public Box files and folders.

bugbounty cloud-security penetration-testing security-tools

Last synced: 14 Nov 2024

https://github.com/ethicalhackingplayground/dnsresolver

A Lightning-Fast DNS Resolver written in Rust ๐Ÿฆ€

bugbounty dns http-prober resolver

Last synced: 08 Nov 2024

https://github.com/blackhatethicalhacking/scopehunter

ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.

bugbounty hacking infosec kali-linux penetration-testing pentesting

Last synced: 05 Nov 2024

https://github.com/blackhatethicalhacking/ScopeHunter

ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.

bugbounty hacking infosec kali-linux penetration-testing pentesting

Last synced: 23 Oct 2024

https://github.com/z3dc0ps/0x0p1n3r

0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover

bugbounty enumeration enumerations subdomain subdomain-enumeration subdomain-scanner vulnerability

Last synced: 04 Aug 2024

https://github.com/dwisiswant0/bounty-targets-alert

It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.

bugbounty bugbountytips bugcrowd federacy hackenproof hackerone intigriti vdp vrp yeswehack

Last synced: 28 Oct 2024

https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213

https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8

bugbounty infosec zeroday

Last synced: 04 Aug 2024

https://github.com/nullt3r/rapiddns

Rapidly enumerate subdomains and domains using rapiddns.io.

bugbounty bugbountytips domain-discovery enumeration scanner subdomains-enumeration

Last synced: 04 Aug 2024

https://github.com/nikhil1232/Bucket-Flaws

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

application-security aws-s3 bucket bug-bounty bugbounty s3 s3-bucket s3-buckets security-misconfiguration wapt

Last synced: 04 Aug 2024

https://github.com/Josue87/roboxtractor

Extract endpoints marked as disallow in robots files to generate wordlists.

bug-bounty bugbounty enumeration fuzzing hacking wordlist

Last synced: 04 Aug 2024

https://github.com/themarkib/google-acquisitions

Most of the Google Acquisitions for Bug Bounty Hunter.

bugbounty ethical-hacking googlevrp penetration-testing

Last synced: 25 Oct 2024

https://github.com/cosad3s/hfinder

Help recon of hostnames from specific ASN or CIDR, thanks to Robtex and BGP.HE

asn bugbounty cidr network osint recon

Last synced: 29 Oct 2024

https://github.com/terjanq/same-origin-xss

Same Origin XSS challenge

bugbounty ctf javascript

Last synced: 13 Nov 2024

https://github.com/htrgouvea/nozaki

HTTP fuzzer engine security oriented

api bugbounty fuzzer fuzzing graphql http nozaki perl research rest restfull security

Last synced: 14 Nov 2024

https://github.com/Aju100/VulWebaju

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

bugbounty hacking hacktoberfest owasp-top-10 penetration-testing pentesting

Last synced: 04 Aug 2024

https://github.com/nu11pointer/fuzzlists

A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc

bruteforce bugbounty cybersecurity dictionaries infosec pentesting wordlists

Last synced: 05 Nov 2024

https://github.com/C-Sto/GoGitDumper

Dump exposed HTTP .git fast

bugbounty git pentesting

Last synced: 04 Aug 2024

https://github.com/Sh1Yo/rate-limit-checker

Check whether the domain has a rate limit enabled.

bugbounty go golang

Last synced: 04 Aug 2024

https://github.com/DreyAnd/DeadDNS

DNS hijacking via dead records automation tool

bugbounty bugbounty-tool bugbountytips bughunting

Last synced: 04 Aug 2024

https://github.com/bassammaged/awsEnum

Enumerate AWS cloud resources based on provided credential

aws bug bugbounty enumeration penetration-testing security-audit security-tools

Last synced: 23 Oct 2024

https://github.com/rudSarkar/crlf-injector

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

bugbounty crlf-injection python toolshacking

Last synced: 09 Nov 2024

https://github.com/xchopath/pathprober

Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once

bugbounty pentest pentest-scripts pentest-tools python python3 redteam redteam-tools webscanner

Last synced: 04 Aug 2024

https://github.com/joker-reincarnated/toxic-md

Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot configurations, this bot has you covered.

bugbounty bugs whatsapp-bot

Last synced: 02 Nov 2024

https://github.com/wfinn/redirex

tool that generates bypasses for open redirects

bugbounty bypass pentesting

Last synced: 04 Aug 2024

https://github.com/mzfr/takeover

A tool for testing subdomain takeover possibilities at a mass scale.

bugbounty subdomain-takeover takeover

Last synced: 03 Nov 2024

https://github.com/R0X4R/scvault

Custom scripts for directory fuzzing, subdomain enumeration, and more.

automation bash-script bug-bounty bug-bounty-hunters bugbounty directory-busting ffuf fuzzing infosec interlace

Last synced: 04 Aug 2024

https://github.com/r0x4r/scvault

Custom scripts for directory fuzzing, subdomain enumeration, and more.

automation bash-script bug-bounty bug-bounty-hunters bugbounty directory-busting ffuf fuzzing infosec interlace

Last synced: 08 Nov 2024

https://github.com/hahwul/ras-fuzzer

RAS(RAndom Subdomain) Fuzzer

bugbounty fuzzer fuzzing hacking security subdomain tools

Last synced: 02 Nov 2024

https://github.com/R0X4R/ssrf-tool

An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.

bugbounty bugbounty-tool bugbountytips go ssrf ssrf-tool tools

Last synced: 04 Aug 2024

https://github.com/random-robbie/kube-scan

Kubernetes Scanner

bugbounty kubernetes

Last synced: 09 Nov 2024

https://github.com/gwen001/bxss

Alternative to XSS Hunter for blind XSS.

bugbounty pentesting php security-tools xss xsshunter

Last synced: 09 Nov 2024

https://github.com/ko2sec/apkizer

apkizer is a mass downloader for android applications for all available versions.

android-application apk apkpure bugbounty recon reconnaissance

Last synced: 04 Aug 2024

https://github.com/e1abrador/Burp-Encode-IP

Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.

bugbounty bugbounty-tool bugbountytips bypass open-redirect red-team red-team-tools ssrf

Last synced: 04 Aug 2024

https://github.com/melbadry9/SSLEnum

Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)

bugbounty reconnaissance rust rust-lang ssl-certificate

Last synced: 04 Aug 2024

https://github.com/HexNio/ssl_pinning_remover

An Android SSL Pinning Remover tool for Security research and Bug Bounty

android bug-bounty bugbounty bugbounty-tool help-wanted python3 security-automation security-tools ssl-pinning

Last synced: 04 Aug 2024

https://github.com/robotshell/dorkscraper

DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.

bugbounty googledorks pentesting python tool

Last synced: 01 Nov 2024

https://github.com/BountyStrike/Emissary

Send notifications on different channels such as Slack, Telegram, Discord etc.

bugbounty golang notification

Last synced: 03 Aug 2024

https://github.com/dreamer1eh/ultimate_bughunter_tools

Ultimate Package Of 50 Bug Bounty Hunting Tools

bug-bounty bugbounty infosec security security-tools

Last synced: 04 Aug 2024

https://github.com/jonaslejon/lolcrawler

Headless web crawler for bugbounty and penetration-testing/redteaming

bugbounty crawler docker penetration-testing penetration-testing-tools redteam redteam-tools redteaming

Last synced: 04 Aug 2024

https://github.com/p0dalirius/robotstester

This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.

bugbounty crawler pentesting python robots tool

Last synced: 29 Oct 2024

https://github.com/cqsd/daily-commonspeak2

commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists

bugbounty content-discovery security

Last synced: 04 Aug 2024

https://github.com/Dc4ts/ChangeTower

ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go

bugbounty bugbounty-tool golang red-team webscanner

Last synced: 04 Aug 2024

https://github.com/melbadry9/ScanApi

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

bugbounty recon s3-bucket-scanner subdomains-enumeration

Last synced: 04 Aug 2024

https://github.com/pikpikcu/js-finding

JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various extraction methods and provides additional options for file download and wordlists creation.

bugbounty recon

Last synced: 04 Aug 2024

https://github.com/0xpugal/knoxsser

A concise and effective bash script for mass XSS scanning utilizing the KNOXSS API by Brute Logic

bugbounty knoxss xss

Last synced: 08 Nov 2024

https://github.com/m8sec/subwalker

Simultaneously execute various subdomain enumeration tools and aggregate results.

bugbounty recon subdomain-enumeration

Last synced: 30 Oct 2024

https://github.com/mathis2001/webhackurls

Simple python OSINT tool for urls recon thanks to the waybackmachine.

bugbounty osint pentesting recon wayback-machine webarchive

Last synced: 11 Nov 2024

https://github.com/acuciureanu/ppfang

A tool which helps identifying client-side prototype polluting libraries

bugbounty bugbounty-tool bugbountytips chromium cspp prototype-pollution security security-tools vulnerability-scanners

Last synced: 12 Oct 2024

https://github.com/blackhatethicalhacking/openrediwrecked

A powerful and sophisticated tool for detecting and exploiting open redirect vulnerabilities using the sed utility and a selected list of carefully crafted payloads with encoding techniques.

bugbounty hacking infosec openredirect-scanner penetration-testing pentesting

Last synced: 05 Nov 2024

https://github.com/abuvanth/kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool

automation aws aws-s3 bucket-misconfiguration-testing bugbounty s3 s3-bucket-finder security-tools storage

Last synced: 03 Nov 2024

https://github.com/brosck/bugbountytricks

ใ€Œ๐Ÿžใ€Bug Bounty Tricks

bounty bug bugbounty security tips tricks

Last synced: 13 Nov 2024

https://github.com/typeerror/crystalball

An enchanting ๐Ÿ”ฎ web screenshot tool for capturing and sharing web content effortlessly

bugbounty enumeration infosec security web-screenshot

Last synced: 08 Nov 2024

https://github.com/edoardottt/malicious-rmqr-codes

Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

bug-bounty bugbounty malicious-payloads offensive-security payload-generator payloads qr-code qrcode qrcodes red-team red-team-tools redteam redteam-tools redteaming rmqr rmqrcode security security-tools web-security

Last synced: 28 Oct 2024

https://github.com/andripwn/PayloadsAll

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

allpayload bugbounty bugcrowd bughunter hackerone payloads pentest python rce researchers securityresearchers sql vulnerability vulnerabilityanalysis xsss

Last synced: 23 Oct 2024

https://github.com/robotshell/dorkSraper

DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.

bugbounty googledorks pentesting python tool

Last synced: 04 Sep 2024

https://github.com/bountymachine/about

A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!

automation bountymachine bugbounty infosec presentation slides

Last synced: 03 Aug 2024

https://github.com/robotshell/dorkScraper

DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.

bugbounty googledorks pentesting python tool

Last synced: 04 Aug 2024

https://github.com/blackhatethicalhacking/sql-injection-pwn

A 1 Liner SQL Injection Attack using SQLMAP and various parameters that helps quickly check for a vulnerabilities during Bug Bounty

bugbounty hacking penetration-testing pentesting redteam sqlinjection

Last synced: 05 Nov 2024

Bug Bounty Awesome Lists
awesome-hacker-search-engines 483 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 408 awesome-bugbounty-tools 339 awesome-mobile-security 246 awesome-hacking-lists 10,901 awesome-vulnerable-apps 88 MobileHackersWeapons 71 netlas-cookbook 234 awesome-bbht 80 awesome-cicd-attacks 82 Awesome-OSINT-For-Everything 1,165 awesome-cybersec 301 Awesome-HTTPRequestSmuggling 44 awesome-security 57
Bug Bounty Categories
Python 3,013 Cross Site Scripting (XSS) 1,823 Others 1,574 Go 1,172 Java 854 Shell 690 JavaScript 634 Uncategorized 542 C 517 Weapons 453 Remote Code Execution (RCE) 449 C# # 436 C++ 391 Subdomain Takeover 316 HTML 260 Android 234 PowerShell 232 PHP 229 Cross Site Request Forgery (CSRF) 187 TypeScript 163