Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/j3ssie/goverview

goverview - Get an overview of the list of URLs

browser bugbounty chromedp favicon favicon-generator infosec recon screenshot security

Last synced: 26 Oct 2024

https://github.com/0xTeles/jsleak

a Go code to detect leaks in JS files via regex patterns

bugbounty golang scanner security

Last synced: 04 Aug 2024

https://github.com/anof-cyber/paraforge

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

bug-bounty bugbounty burp-extensions burpsuite cybersecurity pentesting pentesting-tools python

Last synced: 06 Nov 2024

https://github.com/Anof-cyber/ParaForge

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

bug-bounty bugbounty burp-extensions burpsuite cybersecurity pentesting pentesting-tools python

Last synced: 04 Aug 2024

https://github.com/rotemreiss/uddup

Urls de-duplication tool for better recon.

bugbounty recon reconnaissance url url-parsing

Last synced: 04 Aug 2024

https://github.com/kh4sh3i/smartrecon

smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter

bug-bounty-automation bugbounty dnsgen eyewitness feroxbuster hackerone hacking httprobe httpx massdns penetration-testing pentest pentest-scripts recon reconnaissance redteam shuffledns sqlmap subfinder tools

Last synced: 07 Nov 2024

https://github.com/IamLucif3r/Bug-Hunting

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

bug bug-bounty bug-bounty-hunters bug-bounty-reconnaissance bug-bounty-tips bug-hunting bug-reporting bugbounty bugreport methodologies

Last synced: 03 Aug 2024

https://github.com/0xdekster/deksterecon

Web Application recon automation

automation bugbounty recon security-tools whitehat-tools

Last synced: 04 Aug 2024

https://github.com/SKVNDR/FastDork

⚑Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...

bugbounty bugcrowd chrome cybersecurity dork extension fastdork google hackerone intigriti pentest-tool

Last synced: 04 Aug 2024

https://github.com/0xAwali/Blind-SSRF

Nuclei Templates to reproduce Cracking the lens's Research

blindssrf bugbounty nuclei nuclei-templates ssrf web-security

Last synced: 04 Aug 2024

https://github.com/Escape-Technologies/graphinder

πŸ•ΈοΈ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. πŸ•ΈοΈ

bugbounty finder graphql osint reconnaissance security spider subdomain-enumeration subdomain-scanner

Last synced: 02 Nov 2024

https://github.com/aydinnyunus/PassDetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

bash bugbounty bugbounty-tool bugbountytips golang hacking kali kali-linux kali-linux-hacking linux red-team security security-tools shell shell-script zsh

Last synced: 05 Nov 2024

https://github.com/jcr-security/solidity-security-teaching-resources

Course material about common vulnerabilities, security and audits of Solidity smart contracts that I use during my lectures

audit beginner bug bugbounty contract ethereum evm security smart smart-contracts smartcontract solidity vulnerabilities

Last synced: 22 Aug 2024

https://github.com/jcsec-security/solidity-security-course-resources

Course material about common vulnerabilities, security and audits of Solidity smart contracts that I use during my lectures

audit beginner bug bugbounty contract ethereum evm security smart smart-contracts smartcontract solidity vulnerabilities

Last synced: 09 Nov 2024

https://github.com/aydinnyunus/passdetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

bash bugbounty bugbounty-tool bugbountytips golang hacking kali kali-linux kali-linux-hacking linux red-team security security-tools shell shell-script zsh

Last synced: 12 Oct 2024

https://github.com/p0dalirius/ldap2json

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

active-directory analysis bugbounty export json ldap pentesting

Last synced: 29 Oct 2024

https://github.com/DonatoReis/Secbuild

An automation tool to install the most popular tools for bug bounty or pentesting.

automation blueteam bugbounty hacker installer pentest pentesting recon reconnaissance redteam

Last synced: 08 Aug 2024

https://github.com/victoni/Bug-Bounty-Scripts

The scripts I write to help me on my bug bounty hunting

bug-bounty bugbounty hacking

Last synced: 26 Sep 2024

https://github.com/ghsec/ghsec-jaeles-signatures

Signatures for jaeles scanner by @j3ssie

bugbounty security

Last synced: 04 Aug 2024

https://github.com/hahwul/regexpassive

πŸ”­ Collection of regexp pattern for security passive scanning

bugbounty collection hacking passive-scan passive-vulnerability-scanner patterns regex regexp security

Last synced: 24 Oct 2024

https://github.com/belane/CloudHunter

AWS, Azure, Alibaba and Google bucket scanner

alibaba aws azure bucket bugbounty fuzzer google-cloud security-tools

Last synced: 05 Nov 2024

https://github.com/noraj/bb-legal-fr

Quelques conseils autour des obligations lΓ©gales, fiscales et juridique pour la pratique du Bug Bounty en France

bug-bounty bugbounty fiscal juridical legal

Last synced: 07 Nov 2024

https://github.com/Anof-cyber/Pentest-Mapper

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

appsec bugbounty burp burp-extensions burp-plugin burpsuite burpsuite-extender burpsuite-tools infosec pentesting

Last synced: 04 Aug 2024

https://github.com/blackhatethicalhacking/ssrfpwned

Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

bugbounty hacking redteam ssrf ssrf-tool

Last synced: 05 Nov 2024

https://github.com/anof-cyber/pentest-mapper

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

appsec bugbounty burp burp-extensions burp-plugin burpsuite burpsuite-extender burpsuite-tools infosec pentesting

Last synced: 06 Nov 2024

https://github.com/BitTheByte/Eagle

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

bugbounty bugcrowd cve ftp hackerone hacking python ssrf takeover xss

Last synced: 03 Nov 2024

https://github.com/random-robbie/AWS-Scanner

Scans a list of websites for Cloudfront or S3 Buckets

aws-s3 aws-scanner bugbounty s3-bucket vunerable-devices

Last synced: 04 Aug 2024

https://github.com/random-robbie/aws-scanner

Scans a list of websites for Cloudfront or S3 Buckets

aws-s3 aws-scanner bugbounty s3-bucket vunerable-devices

Last synced: 09 Nov 2024

https://github.com/eslam3kl/crtfinder

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

bugbounty crt penetration-testing python

Last synced: 06 Nov 2024

https://github.com/joshkar/X-Recon

A utility for detecting webpage inputs and conducting XSS scans.

bugbounty bughunting hunt xss xss-scanner xssscan

Last synced: 09 Nov 2024

https://github.com/hahwul/mzap

⚑️ Multiple target ZAP Scanning

bugbounty dast hacking security zaproxy zaproxy-automation

Last synced: 01 Nov 2024

https://github.com/r0x4r/bhedak

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

bash-script bugbounty python-regex python3 regex sed

Last synced: 31 Oct 2024

https://github.com/hahwul/hack-pet

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

bugbounty bugbountytips command-line-manager go golang hacking pet snippets tool

Last synced: 01 Nov 2024

https://github.com/rishuranjanofficial/JWTweak

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

application-security appsec authentication authorization automation bugbounty jwt jwt-algorithm jwt-algorithm-confusion-attack jwt-tokens pentesting python security-enthusiasts vulnerability-assessment

Last synced: 04 Aug 2024

https://github.com/R0X4R/bhedak

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

bash-script bugbounty python-regex python3 regex sed

Last synced: 04 Aug 2024

https://github.com/Fadavvi/Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

bug-bounty bugbounty recon reconnaissance red-team red-teaming subdomain subdomain-brute subdomain-bruteforcing subdomain-enumeration subdomain-finder web-recon web-reconnaissance

Last synced: 04 Aug 2024

https://github.com/kostas-pa/LFITester

LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.

bugbounty crawler cybersecurity enumeration exploitation fuzzing hacking lfi lfi-detection lfi-exploitation lfi-vulnerability penetration-testing penetration-testing-tools pentest-tool pentesting python web-hacking webhacking

Last synced: 04 Aug 2024

https://github.com/htrgouvea/spellbook

Framework for rapid development of offensive security tools

bugbounty ctf exploit framework offensive-security pentest perl security security-tools

Last synced: 14 Nov 2024

https://github.com/Zarcolio/wwwordlist

Wwwordlist is a wordlist generator for pentesters and bug bounty hunters. It extracts words from HTML, URLs, JS/HTTP/input variables, quoted texts in the text and mail files in order to generate wordlists.

bruteforce bugbounty ctf hacking infosec penetration-testing pentest pentesting python3 wordlist wordlist-generator wordlists

Last synced: 04 Aug 2024

https://github.com/samogod/bugradar

Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.

automation bounty bug bug-bounty bugbounty bugbounty-tool bugcrowd hackerone osint recon recontool security security-automation security-tools

Last synced: 04 Aug 2024

https://github.com/si9int/Acamar

A Python3 based single-file subdomain enumerator

bugbounty pentesting subdomain

Last synced: 07 Aug 2024

https://github.com/BugBountyResources/targets

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

bugbounty cybersecurity information infosec recon reconnaissance security security-tools

Last synced: 04 Aug 2024

https://github.com/pwnedshell/Bugs-feed

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

bugbounty cve hacking python scrapping vulnerabilities

Last synced: 04 Aug 2024

https://github.com/lissy93/bug-bounties

βš”οΈ A compiled list of companies who have active programs for responsible disclosure

bugbounty security

Last synced: 12 Nov 2024

https://github.com/gwen001/keyhacks.sh

Automation of tokens/api keys testing.

bash bugbounty key pentesting secrets security-tools shell token

Last synced: 09 Nov 2024

https://github.com/gwen001/related-domains

Find related domains of a given domain.

bugbounty dns domains pentesting python security-tools

Last synced: 09 Nov 2024

https://github.com/thehlopster/hfuzz

Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.

bugbounty fuzz fuzzing hacking pentesting security web-fuzzing wordlist

Last synced: 09 Nov 2024

https://github.com/blackhatethicalhacking/xssrocket

XSS Rocket is written by Black Hat Ethical Hacking with the help of #ChatGPT as experimentation, with a lot of hours spent modifying the code generated by ChatGPT, and is designed for Offensive Security and XSS (Cross-Site Scripting) attacks.

bugbounty cybersecurity hacking infosec offensive penetration-testing pentesting xss xss-attacks xss-detection xss-exploitation xss-scanner xss-vulnerability

Last synced: 05 Nov 2024

https://github.com/kljunowsky/CVE-2022-41040-POC

CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server

bug-bounty bugbounty cve-2022-41040 exploit hacking microsoft microsoft-exchange poc proof-of-concept security ssrf

Last synced: 04 Aug 2024

https://github.com/edoverflow/bug-bounty-responses

A collection of response templates for invalid bug bounty reports.

bugbounty infosec security template

Last synced: 10 Nov 2024

https://github.com/dwisiswant0/wadl-dumper

Dump all available paths and/or endpoints on WADL file.

bugbounty bugbounty-tool bugbountytips go golang wadl xml xml-parser

Last synced: 28 Oct 2024

https://github.com/r0x4r/agnee

Find sensitive information using dorks from different search-engines.

bugbounty bugbountytips bugbountytool dorking search-engine

Last synced: 31 Oct 2024

https://github.com/tarunkoyalwar/talosplus

Talosplus is a fast and robust template based Intelligent automation framework primarily developed for Bug Bounty Automation

automation automation-framework bash bashscripting bugbounty go golang infosec linux recon shell template-engine

Last synced: 27 Oct 2024

https://github.com/i5nipe/nipejs

Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

bug-bounty bugbounty bugbounty-tool infosec penetration-testing-tools pentesting

Last synced: 04 Aug 2024

https://github.com/hahwul/s3reverse

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

aws bugbounty s3 security utility

Last synced: 02 Nov 2024

https://github.com/blackhatethicalhacking/XSSRocket

XSS Rocket is written by Black Hat Ethical Hacking with the help of #ChatGPT as experimentation, with a lot of hours spent modifying the code generated by ChatGPT, and is designed for Offensive Security and XSS (Cross-Site Scripting) attacks.

bugbounty cybersecurity hacking infosec offensive penetration-testing pentesting xss xss-attacks xss-detection xss-exploitation xss-scanner xss-vulnerability

Last synced: 07 Aug 2024

https://github.com/gwen001/vhost-brute

A PHP tool to brute force vhost configured on a server.

bugbounty pentesting php security-tools subdomain vhost

Last synced: 09 Nov 2024

https://github.com/AdnaneKhan/Gato-X

GitHub Attack Toolkit - Extreme Edition

bugbounty cicd github github-actions

Last synced: 03 Sep 2024

https://github.com/chopicalqui/KaliIntelligenceSuite

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

bugbounty data-mining intelligence-gathering kali-linux kali-linux-tools osint penetration-testing penetration-testing-framework

Last synced: 04 Aug 2024

https://github.com/m8sec/taser

Python resource library for creating security related tooling

bugbounty hacking pentesting python3 security

Last synced: 13 Nov 2024

https://github.com/dwisiswant0/hinject

Host Header Injection Checker

bugbounty go golang penetration-testing

Last synced: 28 Oct 2024

https://github.com/a3h1nt/subcert

Subcert is a subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

bugbounty certificate-transparency infosec osint-tool pentesting-tools python3 subdomain-enumeration

Last synced: 28 Oct 2024

https://github.com/un4gi/dirtywords

A targeted word list generation tool

bugbounty content-discovery enumeration golang pentesting web

Last synced: 04 Aug 2024

https://github.com/dotnetrussell/minerinthemiddle

This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads

bug-bounty bugbounty hacking hacking-tool info-sec information-security infosec infosectools injection miner monero penetration-testing penetration-testing-tools python red-team

Last synced: 10 Oct 2024

https://github.com/R0X4R/Pinaak

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

bash-script bugbounty fastscanner find-vulnerabilities nuclei sqlinjection vulnerabilities vulnerability-scanners xss-vulnerability

Last synced: 04 Aug 2024

https://github.com/az0mb13/frida_setup

One-click installer for Frida and Burp certs for SSL Pinning bypass

adb android bug-bounty bugbounty frida hacking-tools pentesting pentesting-tools reconnaissance

Last synced: 07 Nov 2024

https://github.com/BugHunterID/BugHunterID

Para pencari bug / celah kemanan bisa bergabung.

bounty bug bugbounty bughunterid hackerone indonesia security

Last synced: 23 Oct 2024

https://github.com/p0dalirius/cve-2021-43008-adminerread

Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

adminer bugbounty cve cve-2021-43008 exploit file hacking pentest read tool vulnerability

Last synced: 29 Oct 2024

https://github.com/anof-cyber/mobsecco

Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins

android apk bug-bounty bugbounty cordova cybersecurity mobile-security penetration-testing pentesting pentesting-tools python

Last synced: 14 Oct 2024

https://github.com/riza/wb

Quickly fetches files from Wayback Machine.

bugbounty waybackmachine

Last synced: 05 Nov 2024

https://github.com/gwen001/bugbountytips

Webapp to search tips on Twitter through #bugbountytips

bugbounty bugbountytips hashtag pentesting php security twitter

Last synced: 09 Nov 2024

https://github.com/gnebbia/halive

A fast http and https prober, to check which URLs are alive

alive-hosts asynchronous asyncio bugbounty http https probe probe-requests prober reconnaissance requests

Last synced: 13 Nov 2024

https://github.com/tintinweb/bugbounty-companion

A BugBounty companion that checks out high-reward yielding bug bounty code-bases from Immunefi/code4rena πŸ™Œ (use at own risk)

bugbounty code4rena immunefi smart-contracts

Last synced: 02 Nov 2024

Bug Bounty Awesome Lists
awesome-hacker-search-engines 483 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 408 awesome-bugbounty-tools 339 awesome-mobile-security 246 awesome-hacking-lists 10,901 awesome-vulnerable-apps 88 MobileHackersWeapons 71 netlas-cookbook 234 awesome-bbht 80 awesome-cicd-attacks 82 Awesome-OSINT-For-Everything 1,165 awesome-cybersec 301 Awesome-HTTPRequestSmuggling 44 awesome-security 57
Bug Bounty Categories
Python 3,013 Cross Site Scripting (XSS) 1,815 Others 1,574 Go 1,172 Java 854 Shell 690 JavaScript 634 Uncategorized 542 C 517 Weapons 453 Remote Code Execution (RCE) 449 C# # 436 C++ 391 Subdomain Takeover 316 HTML 260 Android 234 PowerShell 232 PHP 229 Cross Site Request Forgery (CSRF) 187 TypeScript 163