Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2024-11-15 00:03:57 UTC
- JSON Representation
https://github.com/hahwul/backbomb
💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
appsec bugbounty docker docker-image environment golang hacking pentest security tools
Last synced: 27 Sep 2024
https://github.com/mathis2001/paramfirstcheck
ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, RCE and Open redirect
bugbounty parameters pentest top25
Last synced: 11 Nov 2024
https://github.com/robotshell/dorkScraper
DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.
bugbounty googledorks pentesting python tool
Last synced: 04 Aug 2024
https://github.com/0xpugal/bounty.sh
simple bash script to earn bounties
bash bugbounty recon reconnaissance shell
Last synced: 08 Nov 2024
https://github.com/blackhatethicalhacking/sql-injection-pwn
A 1 Liner SQL Injection Attack using SQLMAP and various parameters that helps quickly check for a vulnerabilities during Bug Bounty
bugbounty hacking penetration-testing pentesting redteam sqlinjection
Last synced: 05 Nov 2024
https://github.com/r0x4r/snetra
A Python based scanner uses shodan-internetdb to scan the IP.
bugbounty penetration-testing penetration-testing-tools python3 shodan
Last synced: 08 Nov 2024
https://github.com/Sajibekanti/Bug_Bounty_List
Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.
Last synced: 04 Aug 2024
https://github.com/sidxparab/Subdomain-Enumeration-Guide
This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.
bugbounty pentesting recon reconnaissance subdomain-enumeration
Last synced: 04 Aug 2024
https://github.com/R0X4R/snetra
A Python based scanner uses shodan-internetdb to scan the IP.
bugbounty penetration-testing penetration-testing-tools python3 shodan
Last synced: 04 Aug 2024
https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn
An AIO Tool to check for Vulnerable Amazon S3 Buckets as part of Bug Bounty, the uniqueness of this tool is that it can take a file full of buckets, and check all of them with various attack scenarios if they are vulnerable
bugbounty hacking penetration-testing pentest-tool pentesting redteam s3-bucket
Last synced: 05 Nov 2024
https://github.com/Damian89/simple-oob-scanner
Simple tool to test for SSRF/OOB HTTP Read within the Path of a request
bugbounty penetration-testing pentesting python3
Last synced: 04 Aug 2024
https://github.com/shelld3v/flydns
Related subdomains finder
bug-bounty bugbounty hacking infosec network-security osint pentest pentesting recon reconnaissance security subdomains subdomains-discovery
Last synced: 28 Oct 2024
https://github.com/BitTheByte/Orkestra
Web-based Android debugger with inspection capabilities using Frida and Jadx as a backbone
android bugbounty bugcrowd debugger decompiler frida hackerone jadx java java-decompiler orkestra
Last synced: 04 Aug 2024
https://github.com/ihebski/db
Bugbounty utility to store list of enumerated subdomains into an sqlite3 db [one liner style / Pipe and save]
bugbounty database mini-utility sqlite3 subdomain-enumeration
Last synced: 29 Oct 2024
https://github.com/BitTheByte/BitTraversal
Burpsuite Plugin to detect Directory Traversal vulnerabilities
bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender java path-traversal traversal web
Last synced: 04 Aug 2024
https://github.com/aldo-moreno-leon/ORtester
Open Redirect scanner - (out of date)
Last synced: 04 Aug 2024
https://github.com/melbadry9/WhoEnum
Mass querying whois records
bugbounty enumeration recon whois
Last synced: 04 Aug 2024
https://github.com/blackhatethicalhacking/bf_active_sub
Subdomain Bruteforce - Bounty Quick Code
bruteforce bugbounty hacking kali-linux penetration-testing pentesting reconnaissance subdomain-enumeration
Last synced: 05 Nov 2024
https://github.com/swanandx/rustywitness
A CLI tool for getting screenshots of URLs using headless chrome
bugbounty cli headless-chrome recon rust web
Last synced: 27 Oct 2024
https://github.com/BLACK-SCORP10/url-status-checker
Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded output, and easy CLI usage, it's a handy solution for monitoring web service performance.
automation bug-bounty bugbounty bugbounty-tools bugbountyautomation bulk easy-to-use httpx infosys python status-codes statuscode
Last synced: 07 Aug 2024
https://github.com/vah13/BurpCRLFPlugin
Another plugin for CRLF vulnerability detection
bugbounty burp crlf plugin scanner vulnerability-detection
Last synced: 25 Oct 2024
https://github.com/VincentDS/HackerOne-Notifier
Send notifications if a new program is published on HackerOne using Pushbullet
bugbounty hackerone notifications pushbullet
Last synced: 04 Aug 2024
https://github.com/0xAkashsky/sub-scout
Simple bash Script to automate initial recon using (httpx, puredns, regulator, wayback, katana, aquatone)
bugbounty cybersecurity infosec infosectools security tools
Last synced: 23 Oct 2024
https://github.com/gwen001/favicon-hashtrick
Python script implementing the favicon hash trick to find subdomains.
bugbounty favicon pentesting python security-tools shodan
Last synced: 09 Nov 2024
https://github.com/rascal999/maxos
Pentest focused NixOS config
bugbounty docker-images firefox-bookmarks hacking hacking-tool jupyter jupyter-notebook linux nix nixos nixos-config operating-system osint pentest pentesting redteam resources security
Last synced: 26 Sep 2024
https://github.com/tuxotron/docker-image-generator
Customized docker images generation toolkit
bugbounty docker infosec pentesting
Last synced: 04 Aug 2024
https://github.com/ritiksahni/ASN-Eagle
A tool to discover ASN of any host and fetch IP ranges.
api asn asn-eagle automation autonomous bugbounty hacking hackingtools reconaissance reconnaissance scanner vulnerability
Last synced: 04 Aug 2024
https://github.com/ivre/obsidian-ivre-plugin
Grabs data from IVRE and brings it into Obsidian notes
bugbounty cti hacktoberfest ioc ivre obsidian obsidian-md obsidian-plugin obsidian-plugins pentest pentesting threat-intelligence threatintel
Last synced: 13 Nov 2024
https://github.com/proditis/bugbounty-cicd
A set of Gitlab pipelines and Github workflows to automate and ease on BugBounty and Penetration Testing engagements
bugbounty bugbounty-pipeline cybersecurity devsecops devsecops-pipeline gitlab gitlab-ci
Last synced: 08 Nov 2024
https://github.com/anof-cyber/pentest-recon
Web application pentesting recon
bugbounty information-extraction pentesting reconnaissance webapplication webpentest
Last synced: 06 Nov 2024
https://github.com/gwen001/csp-analyzer
Analyze Content-Security-Policy header of a given URL.
bugbounty content-security-policy csp pentesting python security-tools
Last synced: 09 Nov 2024
https://github.com/xNaughty/BugBountyTips
BugBountyTips en Español
bugbounty bypass ciberseguridad hacking infosec payloads penetration-testing pentesting redteam
Last synced: 04 Aug 2024
https://github.com/thelikes/fuzzmost
all manner of wordlists
bugbounty infosec recon wordlist
Last synced: 04 Aug 2024
https://github.com/Anof-cyber/pentest-recon
Web application pentesting recon
bugbounty information-extraction pentesting reconnaissance webapplication webpentest
Last synced: 04 Aug 2024
https://github.com/theporgs/exegol-resources
Hacking resources for the Exegol project
active-directory bugbounty hacking pentesting
Last synced: 09 Nov 2024
https://github.com/ravro-ir/log4shell-looker
log4jshell vulnerability scanner for bug bounty
bugbounty bugs java java-8 log4j log4j2 log4shell logger logging secuurity vulnerabilities vulnerability vulnerability-detection vulnerability-scanners
Last synced: 04 Aug 2024
https://github.com/ItsIgnacioPortal/hacker-scoper
Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity
Last synced: 04 Aug 2024
https://github.com/anof-cyber/alphascan
A BurpSuite extension for vulnerability Scanning
application-security appsec bug-bounty bugbounty burp-extensions burpsuite pentesting security security-scanner vulnerability vulnerability-scanners
Last synced: 06 Nov 2024
https://github.com/samirettali/bounty-notes
My bug bounty notes
bounty-notes bug-bounty bug-bounty-recon bug-bounty-tips bugbounty bugbountytips hacking
Last synced: 04 Aug 2024
https://github.com/AmoloHT/TTWAF
「🧱」Test a list of payloads and see if you can bypass it
application bugbounty bugbounty-tool bypass firewall lfi payload rce rust sqli test waf xss
Last synced: 23 Oct 2024
https://github.com/JavierOlmedo/ipdiscover
🔍 A simple tool to obtain long lists of ips from domains using goroutines
bugbounty bughunter domain hacking-tool ip recon
Last synced: 04 Aug 2024
https://github.com/incogbyte/laravel-phpunit-rce-masscaner
Masscanner for Laravel phpunit RCE CVE-2017-9841
Last synced: 04 Aug 2024
https://github.com/topscoder/fourohme
FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.
401 401-bypass 403 403-bypass bugbounty bugbountytips bugbountytricks cli http http-headers osint recon
Last synced: 13 Nov 2024
https://github.com/angelsecurityteam/framedomain
FrameDomain Framework - subdomains enumeration tool for penetration testers
bug-bounty-program bugbounty framedomain-framework framework information-gathering penetration-testing penetration-testing-framework python3 subdomain-bruteforcing subdomain-enumeration subdomain-finder subdomain-scanner
Last synced: 13 Nov 2024
https://github.com/p0dalirius/robotsvalidator
A python script to check if URLs are allowed or disallowed by a robots.txt file.
allow bugbounty bypass check disallow robots-txt web
Last synced: 29 Oct 2024
https://github.com/Naategh/dom-red
Small script to check a list of domains against open redirect vulnerability
bugbounty open-redirect python
Last synced: 03 Nov 2024
https://github.com/anof-cyber/web-recon
Web application recon for bug bounty
bugbounty httprobe linkfinder nmap sublist3r waybackurl
Last synced: 06 Nov 2024
https://github.com/ImAyrix/er
😁 Easy Regex
bug-bounty bugbounty cli golang regex
Last synced: 23 Oct 2024
https://github.com/humblelad/Needle
Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
bugbounty bugcrowd chrome-extension hackerone intigriti yeswehack
Last synced: 04 Aug 2024
https://github.com/adnanekhan/actionscacheblasting
Proof-of-concept code for research into GitHub Actions Cache poisoning.
Last synced: 08 Nov 2024
https://github.com/adnanekhan/actionstoctou
Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
Last synced: 08 Nov 2024
https://github.com/aufzayed/digit
Extract endpoints from specific Git repository for fuzzing
bugbounty bugbounty-tool bugbountytips cybersecurity hacking hacking-tool hacking-tools infosec pentest pentest-scripts pentest-tool pentesting pentesting-tools recon
Last synced: 04 Aug 2024
https://github.com/nscuro/fdnssearch
Swiftly search FDNS datasets from Rapid7 Open Data
bugbounty dns fdns golang opendata rapid7 subdomains
Last synced: 04 Aug 2024
https://github.com/gwen001/detectify-cves
Find CVEs that don't have a Detectify modules.
bugbounty cve detectify pentesting scanner security-tools
Last synced: 09 Nov 2024
https://github.com/Bhagavan-Bollina/BugBounty-Dorks
Highly recommended dorks for bug bounty
bug-bounty-dorks bugbounty dorks recon
Last synced: 04 Aug 2024
https://github.com/si9int/gDork
A Mozilla Firefox extension which allows quick access to your google-dorking result
bugbounty dorking reconnaissance
Last synced: 04 Aug 2024
https://github.com/sec-it/BFAC-Burp-Extension
Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)
backup-files bugbounty burp-extensions burpsuite pentest recon
Last synced: 04 Aug 2024
https://github.com/p0dalirius/crawlersuseragents
Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
bugbounty crawler crawlers pentest request tool user-agent web
Last synced: 29 Oct 2024
https://github.com/javanxd/raceocat
Make exploiting race conditions in web applications highly efficient and ease-of-use.
bugbounty race-conditions race-detection racer research-and-development
Last synced: 10 Nov 2024
https://github.com/blackhatethicalhacking/bheh-sub-pwner
This bash script tool, will perform advanced subdomain enumeration, save the results, it will then probe the subdomains into urls, save the results in a separate file, it will then resolve all the subdomains into ip addresses and save the results separately.
bugbounty hacking penetration-testing pentesting subdomain-enumeration subdomain-scanner
Last synced: 05 Nov 2024
https://github.com/thelikes/fuzznav
parse ffuf & map endpoints to wordlists
bugbounty directory-fuzzing discovered-endpoints ffuf hacking multiple-wordlists offensive-security pentesting
Last synced: 04 Aug 2024
https://github.com/machine1337/reverse-shells
This tool will help in generating reverse shells easily for all types of OS.
bugbounty fastest-shells hacking machine1337 onelinershells pentesting phpshell phpshells quickshells reverse-shell windows-shells
Last synced: 10 Nov 2024
https://github.com/pdelteil/HackerOneAPIClient
This project is a bash client to use HackerOne's API.
bugbounty bugbountyhunting hackerone
Last synced: 12 Nov 2024
https://github.com/ElSicarius/findalllinks
A tool to extract all the urls and paths found in the content of a page (js sources included)
bugbounty extension javascript linkfinder
Last synced: 04 Aug 2024
https://github.com/knassar702/pmg
Extract parameters/paths from urls
bugbounty bugbounty-tool bughunting python regex security
Last synced: 04 Aug 2024
https://github.com/machine1337/fast-scan
An Advanced tool to scan hundreds of IP's in Seconds for CVE's, Open Ports And Web Technologies.
bugbounty cve-scanning hacking ipscanner kali-linux machine1337 portscanner serverinfo webscanner
Last synced: 10 Nov 2024
https://github.com/gwen001/extract-endpoints
Extract endpoints from source files.
bugbounty endpoints pentesting php security-tools urls
Last synced: 09 Nov 2024
https://github.com/mathis2001/cert4recon
Simple passive Python Recon tool for subdomains enumeration with crt.sh
bugbounty crt-sh information-gathering osint recon subdomain-enumeration
Last synced: 11 Nov 2024
https://github.com/0xkayala/custom-nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
bugbounty custom-nuclei-templates exploit-development exploits fingerprint nuclei nuclei-checks nuclei-templates nucleifuzzer security vulnerability-detection
Last synced: 11 Nov 2024
https://github.com/ctoic/lisbook
Collection of your faviorite books.
beginner-friendly bootstrap bugbounty css good-first-issue goodfirstissue hacktoberfest hacktoberfest-accepted hactoberfest help-wanted html javascript tailwindcss webapp
Last synced: 14 Nov 2024
https://github.com/0ss/byp4ss3r
tool to bypass 403/401 pages ( helpful for bug hunting)
Last synced: 04 Aug 2024
https://github.com/umair9747/4ofour
A tech enumeration toolkit focused on 404 Not found pages.
bounty bug-bounty bugbounty cybersecurity cybersecurity-tools ethical-hacking infosec linux osint penetration-testing pentesting recon reconnaissance webappsecurity websec websecurity
Last synced: 08 Nov 2024
https://github.com/lekssays/kibanarec
A Tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations for Bug Bounty.
bugbounty kibana recon reconnaissance
Last synced: 10 Nov 2024
https://github.com/gwen001/gitgrep
Webapp to perform regexp search over GitHub search.
bugbounty git github pentesting php private regexp secrets security-tools
Last synced: 09 Nov 2024
https://github.com/mrvcoder/cloud_data
Get some useful data from Clouds for your targets
apex-domains bug-bounty bugbounty cloud cname domain ipv4 osint osint-tool recon reconnaissance subdomain subdomain-enumeration subdomain-finder subdomain-scanner
Last synced: 06 Nov 2024
https://github.com/r3k4t/onionnux
Onionnux is a onionsite(DEEPNET/DARKNET) tool.It can help to idenitfy onionsite is active or onionsite server name.
bugbounty forensics-investigations onion-routing python-pyfiglet python-requests security-analysis security-audit security-research socks5-proxy software-engineering website-vulnerability
Last synced: 23 Oct 2024
https://github.com/ucybers/bug-bounty-beginner-roadmap
This is a resource for anyone looking to learn bug hunting and provides guidance during the study and learning phase.
bug bug-bounty bugbounty bugbounty-tool bugs cmd cmdline cyber-security cybersecurity cybersecurity-tool guide hacker linux linux-shell powershell roadmap tutorial tutorials windows
Last synced: 13 Oct 2024
https://github.com/random-robbie/s3-listable
S3 Buckets that will let you list all files inside them
aws aws-s3 bugbounty s3-bucket s3-storage
Last synced: 09 Nov 2024
https://github.com/hueristiq/hqurlscann3r
A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes
bugbounty bypass-403 go golang
Last synced: 06 Nov 2024
https://github.com/blackhatethicalhacking/blackhatethicalhacking
Who We Are
bugbounty courses hacking hacking-tools offensive-security pentesting redteam socialengineering
Last synced: 05 Nov 2024
https://github.com/zpettry/boxer
Boxer: A fast directory bruteforce tool written in Python with concurrency.
bruteforce bugbounty directory hacking hacking-tool penetration-testing pentesting python
Last synced: 10 Nov 2024
https://github.com/h33tlit/Parameter-Reflect-Finder
Parameter-Reflect-Finder is a python based tool that helps you find reflected parameters which can have potential XSS or Open redirection vulnerabilities.
bug-bounty bugbounty open-redirect open-redirect-detection parameter-search reflector scanner scraper xss xss-detection xss-scanner
Last synced: 04 Aug 2024
https://github.com/shivamrai2003/sql-injection-google-dork-list
Updated 6000 Sql Injection Google Dork 2021
bugbounty dorks google-dork google-dorks pentesting security
Last synced: 08 Nov 2024
https://github.com/AdnaneKhan/ActionsTOCTOU
Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
Last synced: 26 Sep 2024
https://github.com/mathis2001/paramchanger
ParamChanger is a tool allowing you to replace the parameters of a list of urls by a payload entered as an argument
Last synced: 11 Nov 2024
https://github.com/ehsaanqazi/Bug-Bounty
Resources and Guides for Web Application Vulnerabilities
bugbounty cybersecurity information-security webapplicationsecurity
Last synced: 04 Aug 2024
https://github.com/mrvcoder/getasn
🌐 Get Some Useful Info From Domain/IP/ASN 🔥
asn-lookup bgpview bugbounty cdn cdn-check cidr cli domain information-gathering osint recon reconnaissance
Last synced: 06 Nov 2024
https://github.com/mathis2001/ParamChanger
ParamChanger is a tool allowing you to replace the parameters of a list of urls by a payload entered as an argument
Last synced: 23 Oct 2024
https://github.com/momenbasel/pyrobots
a tool that gets all paths at robots.txt and opens it in the browser.
bugbounty penetration-testing pentesting python python3 robots-txt
Last synced: 11 Oct 2024
https://github.com/d3mondev/crossjoin
Generate a cross join, also known as a Cartesian product, from the lines of the specified files. This process is useful for creating fuzzing payloads.
bug-bounty bugbounty bugbounty-tool bugbounty-tools cartesian-product cross-join crossjoin fuzzer fuzzing hacking hacking-tool penetration-testing penetration-testing-tools permutation
Last synced: 12 Nov 2024
https://github.com/random-robbie/yahoo-bug-bounty
List of hosts from yahoo.com
bugbounty recon yahoo yahoo-bug-bounty
Last synced: 09 Nov 2024
https://github.com/gwen001/apk-analyzer
Analyze an APK archive.
android apk bugbounty code-analysis mobile mobile-app pentesting python security-tools
Last synced: 09 Nov 2024
https://github.com/j3ssie/str-replace
Simple tools to handle string and generate subdomain permutations
bugbounty hacking infosec pentesting permutations recon subdomain
Last synced: 14 Oct 2024
