Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2024-11-16 00:03:27 UTC
- JSON Representation
https://github.com/Aviksaikat/httpRex
'httpRex' is a command-line tool for checking the status code of one or multiple URLs. It can also save the output to a file.
Last synced: 08 Nov 2024
https://github.com/hackshiv/ffuf-outputter
A cleaner way to save my ffuf output - consider combining it with ffuf easily.
automation bugbounty bugbounty-tool bughunter cybersecurity directoryfuzzer ffuf fuzzer hacking output python3 tools tools-and-automation
Last synced: 12 Nov 2024
https://github.com/theunknownsoul/htb-certified-bug-bounty-hunter-exam-cheetsheet
All cheetsheets with main information from HTB CBBH role path in one place.
bugbounty cheetsheet htb security
Last synced: 08 Nov 2024
https://github.com/mathis2001/lightraversal
LighTraversal is a tool designed to find basic directory traversal vulnerabilities
bugbounty lfi path-traversal pentest
Last synced: 11 Nov 2024
https://github.com/shreyaschavhan/bugbountywriteups
This Repository will contain Bug Bounty Write-Up that I read on daily basis!
bounty bounty-hunters bug-bounty bugbounty bugcrowd hackerone hackers payloads synack tools writeups
Last synced: 23 Oct 2024
https://github.com/rundtstykker/subdomain-crawler-application-security-
A simple & lightweight domain crawler that uses a pre-defined wordlist to discover subdomains on specified domain
Last synced: 10 Nov 2024
https://github.com/lord3ver/gctsubdomains
Discover subdomains in Certificate Transparency logs using Google's Transparency Report
bugbounty go osint penetration-testing pentest recon subdomain subdomain-enumeration
Last synced: 04 Aug 2024
https://github.com/n0kovo/random-agent
Simply output a random user-agent. Use it with tools that don't have a --random-agent flag. Like `random-agent` or $(random-agent)
appsec bug-bounty bug-bounty-tools bugbounty bugbounty-tool bugbountytools fuzzer fuzzing infosec infosectools pentesting pentesting-tools redteam-tools web-app-security webfuzzer
Last synced: 08 Nov 2024
https://github.com/hellblack55/dobby
This script finds subdomains and URLs, filters them into .js, .json, and sensitive categories, and helps streamline your security assessments and bug hunting.
bash bash-script bug bug-bounty bugbounty bugbounty-tool
Last synced: 09 Oct 2024
https://github.com/bruston/sonar
Subdomain enumeration via the JSON API provided by https://sonar.omnisint.io/ which uses the Rapid7 dataset.
Last synced: 23 Oct 2024
https://github.com/crypticq/WP-killer
vulnerability scanner for wordpress
bugbounty cybersecurity exploit exploitation hacking penetration-testing vulnerability-scanners wordpress
Last synced: 23 Oct 2024
https://github.com/itpey/taz
A simple yet powerful load testing framework for Go.
api attack bugbounty ddos go high-performance load-testing penetration-testing pentesting pentesting-tools testing unit-test unittesting
Last synced: 15 Nov 2024
https://github.com/x00tex/duckscripts
Collection of script i wrote during bug bounty hunting.
android-application apkpure-scraper bugbounty subdomain-enumeration
Last synced: 01 Nov 2024
https://github.com/it-jhack/bughunter-debian-setup
Bash script to install essential tools for bughunting
bounty bug bug-bounty bugbounty bugbounty-tool cyber-security debian debian-linux linux python python3 subdomain subdomain-scanner subdomain-takeover
Last synced: 04 Nov 2024
https://github.com/alwalxed/juicyurls
A CLI tool to scan suspicious URLs by keywords, extensions, paths and hidden files.
automation bugbounty cli cybersecurity detection exploit golang malware open-source osint penetration-testing projectdiscovery recon reconnaissance scanner scanning security urlscan vulnerabilities
Last synced: 15 Nov 2024
https://github.com/markgacoka/r3c0n
A tool for performing reconnaissance on web targets in Python
bugbounty cybersecurity library python recon reconnaissance reconnaissance-framework
Last synced: 04 Aug 2024
https://github.com/pocdork/gitdomain
Discover endpoints using companies GitHub Repositories name
bugbounty bugbounty-tool hacking infosec
Last synced: 04 Aug 2024
https://github.com/mathis2001/wappassivescan
Passive Vulnerability Scanner working with Wappalyzer API and MITRE CVE search functionnality.
bugbounty bugbounty-tool cve mitre passive-vulnerability-scanner pentest pentest-tool pentesting pentesting-tools wappalyzer
Last synced: 11 Nov 2024
https://github.com/haccer/xmail
Go tool that detects which email addresses have domains which are able to be registered
account-takeover bug-bounty bugbounty cyber email go golang infosec osint pentesting redteam redteam-tools security
Last synced: 11 Nov 2024
https://github.com/arshadkazmi42/is-broken-link-github
Github Links Broken Status Checker
blc broken-links bugbounty github links python script
Last synced: 28 Oct 2024
https://github.com/proditis/bugbounty-journal
The journal of a unix geek taking its first steps into the BugBounty world...
Last synced: 15 Oct 2024
https://github.com/lucabarile/zdi-can-16857
Exploit and report for CVE-2023-32163
0-day 0day bugbounty cve-2023-32163 disclosure elevation-of-privilege exploit local-privilege-escalation logical-vulnerability lpe poc privilege-escalation proof-of-concept vulnerability wacom wacom-driver wacom-vulnerability write-up writeups zdi-can-16857
Last synced: 08 Nov 2024
https://github.com/pwnb0y/BugBounty-Scripts
Quick scripts to make life easier of a Hacker 😎
bash-script bugbounty vps-setup
Last synced: 23 Oct 2024
https://github.com/d3mondev/cidrex
A command-line utility for expanding CIDR ranges with support for IPv6.
bugbounty cidr cidr-range ipv4 ipv6
Last synced: 12 Nov 2024
https://github.com/Retr0-45809/autorecon
An automation tool to perform multiple reconnaissance attacks on a domain instantly
bugbounty bugbountyautomation reconnaissance
Last synced: 23 Oct 2024
https://github.com/topscoder/aisubs
Leverage the power of AI to find hard to find subdomains.
ai bugbounty bugbounty-tools chatgpt infosec security subdomain subdomain-finder
Last synced: 13 Nov 2024
https://github.com/subnwa/erc-cli
It is a CLI source that works ergonomically and systematically within the system. These errors are added to the database with customization. In addition, it ensures that the bugs that occur in the system do not create system vulnerabilities.
bit bits bugbounty cargo cli creates db error-handling lang line rust terms
Last synced: 16 Nov 2024
https://github.com/acuciureanu/png-payload-injector
CLI tool for embedding XSS payloads in PNG files.
bugbounty bugbounty-tool bugbountyhunting security-automation
Last synced: 12 Oct 2024
https://github.com/it-jhack/subsort
Subsort removes grep redundancies for subdomains in a list.
bugbounty dns fdns osint project-sonar python reconnaissance subdomain subdomain-sorter subdomain-takeover subdomains subdomains-discovery subdomains-enumeration
Last synced: 13 Nov 2024
https://github.com/0xrobiul/FInstall
It's An Automation Script Which Will Automatically Install Tools For Bug Hunting/Web-Application Penetration Testing!
bugbounty cyber-security hacking penetration-testing pentesting
Last synced: 23 Oct 2024
https://github.com/TargetPackage/api-key-impact
A list of different types of API keys and how to prove impact for bug bounty programs.
api api-key api-keys bug-bounty bugbounty impact
Last synced: 10 Sep 2024
https://github.com/sa7mon/vulnchest
A collection of vulnerable applications for research purposes
Last synced: 12 Nov 2024
https://github.com/acuciureanu/wp-plugins-analyzer
A WordPress plugins analyzer which is still work in progress anyway
bugbounty bugbounty-tool wordpress-security-scanner
Last synced: 12 Oct 2024
https://github.com/andreystepanov/pentesterland-writeups
Pentester Land's curated collection of bug bounty writeups in formatted JSON
bugbounty bugbounty-writeups pentesterland pentesting writeups
Last synced: 11 Nov 2024
https://github.com/abhinandan-khurana/l337_5ub0v3r
A python tool to check subdomain takeover vulnerability
bugbounty cybersecurity docker pentesting python3
Last synced: 11 Nov 2024
https://github.com/ahmadchen/wpscan
bugbounty linux python shell-script wordpress
Last synced: 15 Nov 2024
https://github.com/arshadkazmi42/wbm
Waybackmachine to pull all wayback urls of input domain
Last synced: 28 Oct 2024
https://github.com/mathis2001/gitdiscloser
Python recon tool for Github information disclosure research
bugbounty github pentesting recon
Last synced: 11 Nov 2024
https://github.com/padsalatushal/burp-suite-pro-installer
Install & Activate Burp Suite Pro v1.7.37 with Key-Loader
bugbounty bugbounty-tool burpsuite burpsuite-cracked burpsuite-old burpsuite-pro burpsuite-pro-windows powershell security-tools v1-7-37
Last synced: 14 Nov 2024
https://github.com/mathis2001/subpwnable
Are your (sub)domains pwnable ? SubPwnable is a simple Python tool designed to helps you answer this question.
bugbounty cname pentest subdomain-takeover
Last synced: 11 Nov 2024
https://github.com/mathis2001/Reflection
Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)
bugbounty parameters pentest reflected
Last synced: 23 Oct 2024
https://github.com/mathis2001/reflection
Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)
bugbounty parameters pentest reflected
Last synced: 11 Nov 2024
https://github.com/rajspeaks/bug-bounty-hall-of-fames
All the Infosec Hall of Fame regarding bug bounty Achievements
bug-bounty bugbounty bugreport cyber-security cybersecurity ethical-hacking hall-of-fame information-security infosec rajdeep-das rajspeaks sql-injection xss-detection
Last synced: 30 Oct 2024
https://github.com/gwen001/10degres_hugo
http://10degres.net
blog bugbounty bugbountytips bugbountytools hugo pentesting sectools security security-tools
Last synced: 09 Nov 2024
https://github.com/cosad3s/njsdump
Dump paths & pages from Next.js Manifest
bugbounty nextjs recon security
Last synced: 29 Oct 2024
https://github.com/eagleeggs/bugbounties
Authorized dislosures of bugbounties that have been resolved
bugbounty bugcrowd fitbit penetration-testing security
Last synced: 11 Nov 2024
https://github.com/mathis2001/EzComments
EzComments is a tool allowing you to get all html and js comments of each url given to him
bugbounty comments pentest recon
Last synced: 23 Oct 2024
https://github.com/mrvcoder/bug-hunting-methodologies
this repo contains some public methodologies which I found from internet (google,telegram,discord,writeups etc..)
bounty bug bugbounty bugbounty-methodology hack hunt information-gathering methodology osint recon reconnaissance
Last synced: 06 Nov 2024
https://github.com/it-jhack/subtaker
A tool to help find subdomain takeover vulnerabilities
bug-bounty bugbounty enumeration hacking infosec osint penetration-testing pentesting python recon reconnaissance subdomain subdomain-takeover
Last synced: 13 Nov 2024
https://github.com/sarperavci/infinitedorkscanner
A premium OSINT tool that allows you to scan dorks on Search Engines WITHOUT LIMITS
bing-dorks bug-bounty bugbounty bugbounty-tool dork dork-scanner dork-scanning dorking-tool google-dork hacking hacking-tool infosec osint python sql sql-injection sqli vulnerability-scanners
Last synced: 10 Nov 2024
https://github.com/sysevil/rusho
subdomain tool cli for shodan by Rust lang
bugbounty hacking hacking-tool recon reconnaissance rust rust-lang subdomain-enumeration
Last synced: 29 Oct 2024
https://github.com/n0kovo/dnsplz
A simple Bash script that resolves a list of domains from stdin to IP addresses and prints them to stdout
bug-bounty bugbounty dns dns-enum dns-enumeration dns-lookup dns-lookups dns-reconnaissance dns-requests dns-resolver
Last synced: 08 Nov 2024
https://github.com/h3xploit0x1/url-gatherer
Simple Bash Script To Gather URL From Target. Useful For BugBounty.
bugbounty ethical-hacking hacking pentesting tool
Last synced: 15 Nov 2024
https://github.com/mathis2001/ezcomments
EzComments is a tool allowing you to get all html and js comments of each url given to him
bugbounty comments pentest recon
Last synced: 11 Nov 2024
https://github.com/GabrielCS0/security-trails
This is a tool to automate the search for subdomains on the website securitytrails.com
bugbounty pentesting python recon subdomains
Last synced: 23 Oct 2024
https://github.com/johnsaigle/hacking-toolkit
A collection of hacking utilities. Useful for CTFs and bug bounties.
bugbounty ctf-tools hacking penetration-testing
Last synced: 16 Nov 2024
https://github.com/mathis2001/lightssticheck
LightSSTICheck is a tool designed to find basic SSTI vulnerabilities
Last synced: 11 Nov 2024
https://github.com/mathis2001/jsembed
Simple Python tool to embed JavaScript code in different types of files (pdf and svg for now)
bugbounty fileupload javascript pdf pentest svg xss
Last synced: 11 Nov 2024
https://github.com/RandomRobbieBF/grafana-bruteforce
Grafana Bruteforce tool
brute-force bugbounty grafana red-team
Last synced: 23 Oct 2024
https://github.com/sudosuraj/Dorks
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
bounty bug bugbounty dork dorks google googledorks sudosuraj
Last synced: 23 Oct 2024
https://github.com/codeb0ss/CVE-2023-3836
0day bugbounty codeb0ss codeboss cve cve-2023-3836 exploit exploiter hackerone uncodeboss webshell
Last synced: 23 Oct 2024
https://github.com/lucabarile/zdi-can-16318
Exploits and reports for CVE-2023-32162
0-day 0day bugbounty cve-2023-32162 disclosure elevation-of-privilege exploit local-privilege-escalation logical-vulnerability lpe poc privilege-escalation proof-of-concept vulnerability wacom wacom-driver wacom-vulnerability write-up writeups zdi-can-16318
Last synced: 08 Nov 2024
https://github.com/eagleEggs/bugBounties
Authorized dislosures of bugbounties that have been resolved
bugbounty bugcrowd fitbit penetration-testing security
Last synced: 23 Oct 2024
https://github.com/codeb0ss/cve-2023-3836
0day bugbounty codeb0ss codeboss cve cve-2023-3836 exploit exploiter hackerone uncodeboss webshell
Last synced: 13 Nov 2024
https://github.com/codeb0ss/cve-2023-20073-
Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]
0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router
Last synced: 13 Nov 2024
https://github.com/palanioffcl/CTFation
I made this for my personal use to automate things like enumeration and all other stuffs to reduce time in recon and helps to claim first blood. ⛳ 😀
automation bash-script bugbounty ctf hacking linux penetration-testing pentesting
Last synced: 23 Oct 2024
https://github.com/acuciureanu/log-name-generator
A tool which enhances fuzzing with date-formatted log file names.
bugbounty bugbounty-tool bugbountytips content-discovery fuzzing wordlist wordlist-generator
Last synced: 12 Oct 2024
https://github.com/ichbinbork/JS_lookup
Tool that helps javascript source code analysis processes
bugbounty codereview websecurity
Last synced: 23 Oct 2024
https://github.com/D0N-B0T/scripts
short Scripts i use for bugbounty and others.
Last synced: 23 Oct 2024
https://github.com/qyfashae/bug_bounty_scripts
My private bug bounty scripts i have written under the years for real time projects within bug bounty hunting and penetration testing(red team).
bug-bounty-tools bugbounty bugbounty-tools exploits exploits-scripts hacking penetration-testing pentesting python-exploits
Last synced: 13 Nov 2024
https://github.com/codeb0ss/CVE-2023-20073-
Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]
0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router
Last synced: 23 Oct 2024
https://github.com/cak/foot
Foot is a library that fetches a list of URLs and silly walks through each site to gather information.
Last synced: 14 Nov 2024
https://github.com/prvvv/submapper
A subdomain enumeration tool designed to find WAF's and 404 pages for takeover and enumeration
404 404-page amazon bug-bounty bugbounty cloudflare python3 subdomain-enumeration subdomain-scanner subdomain-takeover waf-detection
Last synced: 13 Nov 2024
https://github.com/arshadkazmi42/npmdc-poc
NPM Dependency Confusion - PoC
bugbounty confusion dependency infosec npm poc
Last synced: 28 Oct 2024
https://github.com/carloocchiena/subdomain_scanner
A simple script that ping up to 10K most common subdomains in a target website and returns a list of finding.
bugbounty networking scanner vulnerability-scanners
Last synced: 14 Oct 2024
