Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/machine1337/open-redirector

A small and efficient tool to find open redirect vulnerabilities.

bugbounty hacking machine1337 openredirect-scanner vulnerabilities

Last synced: 10 Nov 2024

https://github.com/d3mondev/resolvermt

A Golang module to resolve multiple DNS requests concurrently while respecting a rate limit on the resolvers.

bugbounty dns go golang infosec resolver

Last synced: 12 Nov 2024

https://github.com/cosad3s/salsa

SALSA 💃⚡ - SALesforce Scanner for Aura (and beyond). Enumeration of vulnerabilities and misconfigurations against Salesforce endpoint.

bugbounty hacking salesforce security

Last synced: 29 Oct 2024

https://github.com/enenumxela/ps.sh

A wrapper around tools used for port scanning(nmap, naabu & masscan), the goal being reducing scan time, increasing scan efficiency and automating the workflow.

bashscript bashscripting bug-bounty bugbounty bugbounty-tool enumeration masscan naabu netwok-mapping nmap open-port-check open-port-check-script penetration-testing penetration-testing-tools pentesting port-scaning recon reconnaissance service-discovery

Last synced: 06 Nov 2024

https://github.com/robotshell/robotscraper

RobotScraper is a simple tool written in Python to check each of the paths found in the robots.txt file and what HTTP response code they return.

bounty-hunting-tools bugbounty hacking infosec python robots scraper tool

Last synced: 08 Nov 2024

https://github.com/gwen001/gitpillage

Extract data from a .git directory.

bugbounty endpoints git github pentesting python secrets security-tools urls

Last synced: 09 Nov 2024

https://github.com/Markdown-Bug-Bounty-Recon/Markdown-Bug-Bounty-Recon

A recon Framework for Bug Bounty Hunters that would convert the output of a script into Markdown syntax document, which would help them to make better notes, have everything in one document, or concentrating on one domain.md document.

bug-bounty bugbounty security security-tools

Last synced: 04 Aug 2024

https://github.com/DEMON1A/Blinder

A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers

automation blinder bugbounty bugbounty-tool python3 ssti tool xss xsshunter

Last synced: 04 Aug 2024

https://github.com/topscoder/nuclei-zero-day

This repository contains random Nuclei templates I've created. Most of them based on recent security issues and exploits.

bugbounty infosec nuclei nuclei-templates security

Last synced: 13 Nov 2024

https://github.com/9oelm/atm

A set of AuToMation scripts for hacking.

automation bugbounty hacking infosec script web-hacking

Last synced: 23 Oct 2024

https://github.com/indiancybertroops/Web-See

Web-See is Tool For Checkout Status Of Urls in Mass Its For Bug Bounty Hunters And Black Hat Hackers It Will Save Your Valuable Time Script is Designed By Indian Cyber Troops

200 202 301 302 400 404 500 bugbounty bugbountyrecon defacing domain-checker ict icttools indiancybertroops indianhacker status-checker web-see webstatus

Last synced: 23 Oct 2024

https://github.com/machine1337/lfiscan

A small and fast bash script to automate LFI vulnerability.

bugbounty hacking lfi lfi-exploitation machine1337 shell

Last synced: 10 Nov 2024

https://github.com/terjanq/xss-challenge-solutions

This repository is an interactive collection of my solutions to various XSS challenges.

bugbounty ctf-challenges ctf-writeups javascript xss-challenges

Last synced: 13 Nov 2024

https://github.com/stackoverflowexcept1on/how-to-hack-github-actions

How to hack Github Actions if you're smart enough; I'm not gay but 500$ is 500$!

bugbounty cpp20 hackerone-reports hacking

Last synced: 12 Nov 2024

https://github.com/krishpranav/sniff

A Simple Golang Tool That Automates OSINT For Threat Intelligence And Mapping Your Attack Surface.

attack attack-defense attack-surface attack-surfaces bugbounty go golang recon reconnaissance scanner security web-security

Last synced: 15 Oct 2024

https://github.com/0xdln1/getlevels

Tool for sorting different Level of subdomains form 1...N

bugbounty getlevels infosec python subdomain-enumeration subdomainlist subdomains

Last synced: 04 Aug 2024

https://github.com/robotshell/robotScraper

RobotScraper is a simple tool written in Python to check each of the paths found in the robots.txt file and what HTTP response code they return.

bounty-hunting-tools bugbounty hacking infosec python robots scraper tool

Last synced: 04 Aug 2024

https://github.com/umair9747/seize

A Command-line Utility written in Go for generating images of your CLI output using stdin

automation bugbounty cli command-line command-line-tool cybersecurity golang hacking linux programming

Last synced: 09 Nov 2024

https://github.com/c-f/lel

Visualization layer and helper for relevant IT related documentation and operation

bugbounty documentation-tool golang graph lel logger react redteam-infrastructure

Last synced: 04 Aug 2024

https://github.com/mathis2001/files-upload

Some useful files for upload features pentesting

bugbounty file-upload pentest pentesting php svg webshell

Last synced: 11 Nov 2024

https://github.com/gwen001/shottheworld

PHP tool that takes screenshots of a given ips/ports combo list and then try to guess the service.

bugbounty ips pentesting php ports security-tools socket

Last synced: 09 Nov 2024

https://github.com/tkmru/xss_dict

xss dictionary for Google 日本語入力

bugbounty bugbountytips xss-detection

Last synced: 15 Oct 2024

https://github.com/momenbasel/liffier

tired of manually add dot-dot-slash to your possible path traversal? this short snippet will increment ../ on the URL.

bugbounty python python3 vulnerability-scanners

Last synced: 11 Oct 2024

https://github.com/nsonaniya2010/sanfinder

It finds Subject Alternative Names for a given list of domains

bug-bounty bug-hunting bugbounty infosec madeinindia security security-tools

Last synced: 08 Nov 2024

https://github.com/hueristiq/xurlbits

A CLI utility to pull out bits of URLs.

bugbounty go golang infosec parser reconnaissance url url-parsing

Last synced: 06 Nov 2024

https://github.com/edoverflow/bounty-pls

A Chrome extension that spices up those #togetherwehitharder tweets.

bugbounty hackerone

Last synced: 10 Nov 2024

https://github.com/melbadry9/domain_reg

Check domain availability for registration

bugbounty domain-registration recon

Last synced: 04 Aug 2024

https://github.com/machine1337/clickjack

An efficient tool To Find click jacking vulnerabilities in easiest way with poc

bugbounty clickjacking clickjacking-vulnerability cybersecurity hacking machine1337

Last synced: 10 Nov 2024

https://github.com/0xpugal/pd-recon

A bash script which uses Project Discovery tools for bug bounty reconnaissance.

bugbounty projectdiscovery recon

Last synced: 08 Nov 2024

https://github.com/machine1337/jsscanner

An Efficent tool to find juicy secrets in javascript source code. Automate Your Javascript hunting using this tool.

bugbounty bugbounty-tool hackerone hacking javascript-recon jsscanner machine1337 reconn

Last synced: 10 Nov 2024

https://github.com/Zarcolio/1pfuscat0r

A tool to automatically generate alternative IP representations, a rewritten version of IPFuscator

bugbounty ctf hacking ip-address obfuscation obfuscator

Last synced: 04 Aug 2024

https://github.com/random-robbie/selenium-abuser

Abuse Open Selenium Gird or Node to get access to metadata endpoint.

bugbounty hacker iam-credentials iam-role selenium selenium-grid selenium-python

Last synced: 09 Nov 2024

https://github.com/cryonayes/GoFilter

A tool to filter URLs by parameter count or size

bugbounty bugbounty-tool golang

Last synced: 04 Aug 2024

https://github.com/DevanshRaghav75/bugbounty-dorks

Google dorks for bug bounty hunting

bugbounty google-dorks security

Last synced: 23 Oct 2024

https://github.com/QSoloX/whoisyou

Take a list of domains and output the hostname and ip.

bugbounty golang hacking hacking-tools infosec

Last synced: 04 Aug 2024

https://github.com/Iamstanlee/bee

Bee Recon Framework

bugbounty infosec pentesting-tools

Last synced: 04 Aug 2024

https://github.com/shazsyed/FavHunt

Favicon based recon for faster fingerprinting of web services

bugbounty fingerprinting hacking recon reconaissance webservices

Last synced: 04 Aug 2024

https://github.com/zha0gongz1/html-absorber

一款可批量提取url或本地html文件中注释、属性及标签内容的工具

bash-script bugbounty golang hack hacktool html infosec redteam

Last synced: 09 Oct 2024

https://github.com/jaydhulia/go-url-fuzz

URL Fuzzer in Go - Find hidden directories!

bugbounty fuzzing go

Last synced: 04 Nov 2024

https://github.com/Revenant40/2tearsinabucket

Enumerate s3 buckets for a specific target.

bugbounty enumeration go golang s3-bucket

Last synced: 03 Nov 2024

https://github.com/p0dalirius/findazuredomaintenant

A Python script to find tenant id an region from a list of domain names.

azure bugbounty domain pentest tenant

Last synced: 29 Oct 2024

https://github.com/cosad3s/sonarleaks

Digging into private data through Sonarcloud public projects

bugbounty hacking osint sonarqube

Last synced: 29 Oct 2024

https://github.com/machine1337/admin-finder

A small tool to find admin panel of the website

admin admin-dashboard adminpanel adminpanelfinder bugbounty hacking machine1337

Last synced: 10 Nov 2024

https://github.com/Imran407704/multi-urls

This is a simple bash script for getting passive urls from a gau, gauplus, waybackurls from a multiple urls list.

automation bugbounty bugbounty-tool infosectools

Last synced: 23 Oct 2024

https://github.com/tarunkoyalwar/nestle

Match and Extract Nested groups (ex: graphql) using regex with Nestle

automation bugbounty bugbounty-tool go graphql javascript-recon javascript-regex recon regex

Last synced: 13 Oct 2024

https://github.com/sa7mon/h1rss

An RSS feed generator for HackerOne Hacktivity

bugbounty golang hackerone rss

Last synced: 12 Nov 2024

https://github.com/bountyhacking/Payloads_Tool_box

At this repo you can find any tools, tricks or templates for general penetration testing assesment

bounty bounty-hunting-tools bug bugbounty burpsuite curl fuzzing payload payloads pentesting sqli sqlmap tty xss

Last synced: 23 Oct 2024

https://github.com/z3n70/CVE-2021-43798

Simple program for exploit grafana

bugbounty cybersecurity exploit grafana pentesting

Last synced: 23 Oct 2024

https://github.com/mathis2001/sp00fy

Simple python script to check for email spoofing on a given domain.

bugbounty dmarc email phishing spoofing

Last synced: 11 Nov 2024

https://github.com/machine1337/host-injector

A small to find Host Header Injection vulnerabilities in a websites

bugbounty hacking hostheader injection kali-linux machine1337 pentesting webhacking

Last synced: 10 Nov 2024

https://github.com/machine1337/cors_scanner

Fast CORS Misconfiguration Scanner

bugbounty cors hacking misconfiguration pentesting

Last synced: 10 Nov 2024

https://github.com/0xpugal/hacktheweb

Things to do while Hacking/Hunting in Web Applications

bugbounty bugbountytips hack recon subdomain-enumeration vulnerability web webappsec websecurity

Last synced: 08 Nov 2024

https://github.com/hackshiv/textfilterfuzzer

TextFilterFuzzer For Directory Fuzzing - filter for (e.g, Not Found, 404, Not Accepted)

bugbounty bugbounty-tool bughunter contentdiscovery cybersecurity directory-bruteforce fuzzer fuzzing github hacker hacking hacking-tools python python3

Last synced: 12 Nov 2024

https://github.com/proditis/orunmila

a simple tool to refine and produce lists for your bugbounty and pen-test engagements

bugbounty dirbuster ffuf pen-test-tools pen-testing penetration-testing pentest-tool pentesting

Last synced: 15 Oct 2024

https://github.com/mathis2001/Sp00fy

Simple python script to check for email spoofing on a given domain.

bugbounty dmarc email phishing spoofing

Last synced: 23 Oct 2024

https://github.com/proditis/mini-tools

A collection of mini tools and snippets for various purposes

bugbounty csp cybersecurity dns hacking sni snippets

Last synced: 15 Oct 2024

https://github.com/z3n70/CVE-2021-41277

simple program for exploit metabase

bugbounty cybersecurity exploit metabase ruby

Last synced: 23 Oct 2024

https://github.com/CasperGN/GoHead

Get interesting http headers, internal IPs, possible endpoints from target(s) and search JS files for juicy info

bugbounty headers http http-requests probe

Last synced: 04 Aug 2024

https://github.com/hahwul/buildpack-zap-daemon

zap(zed attack proxy) daemon mode buildpack of heroku

bugbounty hacking heroku-buildpack security zap

Last synced: 24 Oct 2024

https://github.com/ElSicarius/Hacks

toolset for various purposes.

bugbounty bugbounty-tool hacking hacking-tools

Last synced: 23 Oct 2024

https://github.com/ropwareJB/jwtfuzz

Library for fuzzing & attacking JSON Web Tokens (JWTs). Bindings for other languages included.

bug-bounty bug-bounty-tools bugbounty fuzz fuzzing hacking hacking-tool jwt jwt-token pentesting pentesting-tools security

Last synced: 23 Oct 2024

https://github.com/robotshell/orhound

ORHound is a tool written in Python whose main function is to find possible Open Redirects on a target using Google Dorks

bugbounty dork google hacking infosec pentesting python

Last synced: 15 Oct 2024

https://github.com/adeadfed/pwnfox-for-chromium

A BurpSuite extension that allows you to use Chromium with PwnFox

bugbounty burpsuite chromium hacking webhacking

Last synced: 12 Oct 2024

https://github.com/dubs3c/assetnote

Push notifications for passive DNS data

bugbounty domains osint

Last synced: 23 Oct 2024

https://github.com/topscoder/subgomain

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

bugbounty bugbounty-tool domain-takeover infosec infosectools security security-tools subdomain-takeover

Last synced: 13 Nov 2024

https://github.com/hackerajofficial/server-side-template-injection

A server-side template injection occurs when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.

bug bug-bounty bugbounty bugs hackeraj hackeraj-official hackerajofficial injection

Last synced: 10 Nov 2024

https://github.com/Aviksaikat/httpRex

'httpRex' is a command-line tool for checking the status code of one or multiple URLs. It can also save the output to a file.

bugbounty go golang httpx

Last synced: 08 Nov 2024

https://github.com/wfinn/ucors

tool that scans for CORS bypasses

bugbounty bypass cors pentesting vulnerability-scanners

Last synced: 04 Aug 2024

https://github.com/theunknownsoul/htb-certified-bug-bounty-hunter-exam-cheetsheet

All cheetsheets with main information from HTB CBBH role path in one place.

bugbounty cheetsheet htb security

Last synced: 08 Nov 2024

https://github.com/mathis2001/lightraversal

LighTraversal is a tool designed to find basic directory traversal vulnerabilities

bugbounty lfi path-traversal pentest

Last synced: 11 Nov 2024

https://github.com/hackshiv/ffuf-outputter

A cleaner way to save my ffuf output - consider combining it with ffuf easily.

automation bugbounty bugbounty-tool bughunter cybersecurity directoryfuzzer ffuf fuzzer hacking output python3 tools tools-and-automation

Last synced: 12 Nov 2024

https://github.com/topscoder/lurk-sonar

Download source code of all projects in a SonarQube instance. #bugbounty #opsec #infosec #sonarqube

bug-bounty bugbounty bugbounty-tool bugbountyautomation infosec sonarqube

Last synced: 13 Nov 2024

Bug Bounty Awesome Lists
awesome-hacker-search-engines 483 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 408 awesome-bugbounty-tools 339 awesome-mobile-security 246 awesome-hacking-lists 10,901 awesome-vulnerable-apps 88 MobileHackersWeapons 71 netlas-cookbook 234 awesome-bbht 80 awesome-cicd-attacks 82 Awesome-OSINT-For-Everything 1,165 awesome-cybersec 301 Awesome-HTTPRequestSmuggling 44 awesome-security 57
Bug Bounty Categories
Python 3,013 Cross Site Scripting (XSS) 1,823 Others 1,574 Go 1,172 Java 854 Shell 690 JavaScript 634 Uncategorized 542 C 517 Weapons 453 Remote Code Execution (RCE) 449 C# # 436 C++ 391 Subdomain Takeover 316 HTML 260 Android 234 PowerShell 232 PHP 229 Cross Site Request Forgery (CSRF) 187 TypeScript 163