Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2024-11-16 00:03:27 UTC
- JSON Representation
https://github.com/doyensec/inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
api-documentation-tool bugbounty bugbounty-tool burp-extensions burpsuite graphql graphql-security penetration-testing security-audit security-scanner security-tools
Last synced: 15 Oct 2024
https://github.com/utkusen/urlhunter
a recon tool that allows searching on URLs that are exposed via shortener services
bugbounty intelligence osint recon security
Last synced: 09 Oct 2024
https://github.com/b3nac/android-reports-and-resources
A big list of Android Hackerone disclosed reports and other resources.
android android-repo android-resource android-security bugbounty bypass hackerone infosec insecure-data-storage intercept-broadcasts steal-files webview xss
Last synced: 15 Oct 2024
https://github.com/B3nac/Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
android android-repo android-resource android-security bugbounty bypass hackerone infosec insecure-data-storage intercept-broadcasts steal-files webview xss
Last synced: 25 Oct 2024
https://github.com/0xmaximus/Galaxy-Bugbounty-Checklist
Tips and Tutorials for Bug Bounty and also Penetration Tests.
bug bugbounty bugbounty-checklist bugbounty-reports bugbounty-tool bugbountytips bugbountytricks bugcrowd bugs ethical-hacker ethical-hacking hackerone red-team red-teaming vulnerabilities vulnerability
Last synced: 05 Nov 2024
https://github.com/0xmaximus/galaxy-bugbounty-checklist
Tips and Tutorials for Bug Bounty and also Penetration Tests.
bug bugbounty bugbounty-checklist bugbounty-reports bugbounty-tool bugbountytips bugbountytricks bugcrowd bugs ethical-hacker ethical-hacking hackerone red-team red-teaming vulnerabilities vulnerability
Last synced: 15 Oct 2024
https://github.com/wallarm/gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
api-security bugbounty graphql-security grpc-security owasp rest-security security security-testing security-tools waf web-application-firewall web-application-security
Last synced: 14 Oct 2024
https://github.com/jordanpotti/AWSBucketDump
Security Tool to Look For Interesting Files in S3 Buckets
bugbounty enumeration penetration-testing s3-bucket
Last synced: 03 Nov 2024
https://github.com/jordanpotti/awsbucketdump
Security Tool to Look For Interesting Files in S3 Buckets
bugbounty enumeration penetration-testing s3-bucket
Last synced: 15 Oct 2024
https://github.com/cyber-guy1/api-securityempire
API Security Project aims to present unique attack & defense methods in API Security field
api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips
Last synced: 15 Oct 2024
https://github.com/m3n0sd0n4ld/GooFuzz
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
bash-script bugbounty discovery fuzzing google-dorks hacking information-disclosure infosec osint penetration-testing pentesting recon reconnaissance red-team subdomain
Last synced: 08 Nov 2024
https://github.com/Ge0rg3/requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
apigateway aws bugbounty bypass hacktoberfest ip networking security security-tools web-security
Last synced: 07 Nov 2024
https://github.com/m3n0sd0n4ld/goofuzz
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
bash-script bugbounty discovery fuzzing google-dorks hacking information-disclosure infosec osint penetration-testing pentesting recon reconnaissance red-team subdomain
Last synced: 15 Oct 2024
https://github.com/gwen001/github-search
A collection of tools to perform searches on GitHub.
bash bugbounty companies employees github keys pentesting php private python secrets security-tools shell
Last synced: 29 Oct 2024
https://github.com/ge0rg3/requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
apigateway aws bugbounty bypass hacktoberfest ip networking security security-tools web-security
Last synced: 15 Oct 2024
https://github.com/Cyber-Guy1/API-SecurityEmpire
API Security Project aims to present unique attack & defense methods in API Security field
api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips
Last synced: 08 Aug 2024
https://github.com/xalgord/massive-web-application-penetration-testing-bug-bounty-notes
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
bug-bounty bugbounty bugbountytips collection ethical-hacking hacking owasp owasp-top-10 resources xalgord
Last synced: 14 Oct 2024
https://github.com/trickest/wordlists
Real-world infosec wordlists, updated regularly
bugbounty content-discovery directory-bruteforce hacking infosec penetration-testing pentesting reconnaissance security wordlist wordlist-generator wordlists wordlists-dictionary-collection
Last synced: 15 Oct 2024
https://github.com/j3ssie/metabigor
OSINT tools and more but without API key
asn bug-bounty bugbounty bugbounty-tools bugbountytips infosec ip-osint ip-range osint pentesting recon reconnaissance security security-tools subdomain subdomains
Last synced: 14 Oct 2024
https://github.com/viralmaniar/bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
blue-team bugbounty bugbounty-tool bugbountytips cybersecurity offensive-security osint pentest-tool pentesting purple-team purple-teams recon reconnaissance red-team red-teaming
Last synced: 12 Nov 2024
https://github.com/0xPugal/One-Liners
A collection of one-liners for bug bounty hunting.
bug-bounty bugbounty enumeration onliner-scripts subdomain-enumeration
Last synced: 05 Nov 2024
https://github.com/0xpugal/one-liners
A collection of one-liners for bug bounty hunting.
bug-bounty bugbounty enumeration onliner-scripts subdomain-enumeration
Last synced: 15 Oct 2024
https://github.com/khast3x/Redcloud
Automated Red Team Infrastructure deployement using Docker
bugbounty docker hacking kali metasploit offensive pentest traefik
Last synced: 06 Nov 2024
https://github.com/codingo/Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
bugbounty cidr-notation enumeration hacking hacking-tool linux multithreading oscp oscp-tools penetration-testing security security-tools service-enumeration thread
Last synced: 06 Nov 2024
https://github.com/khast3x/redcloud
Automated Red Team Infrastructure deployement using Docker
bugbounty docker hacking kali metasploit offensive pentest traefik
Last synced: 29 Oct 2024
https://github.com/ptswarm/reFlutter
Flutter Reverse Engineering Framework
bugbounty mobile-security reverse-engineering ssl-pinning
Last synced: 04 Aug 2024
https://github.com/codingo/interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
bugbounty cidr-notation enumeration hacking hacking-tool linux multithreading oscp oscp-tools penetration-testing security security-tools service-enumeration thread
Last synced: 14 Oct 2024
https://github.com/codingo/VHostScan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security
Last synced: 01 Nov 2024
https://github.com/codingo/vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security
Last synced: 29 Oct 2024
https://github.com/vincentcox/bypass-firewalls-by-DNS-history
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
bugbounty bypassing dns-record network-security security security-tools
Last synced: 06 Nov 2024
https://github.com/vincentcox/bypass-firewalls-by-dns-history
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
bugbounty bypassing dns-record network-security security security-tools
Last synced: 29 Oct 2024
https://github.com/hahwul/XSpear
🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
bugbounty bugbountytips gem hacking library pentest ruby scanner scanning-xss selenium tool webhacking xss
Last synced: 03 Nov 2024
https://github.com/tillson/git-hound
Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
bugbounty git githound github osint secrets security security-tools
Last synced: 09 Oct 2024
https://github.com/hahwul/xspear
🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
bugbounty bugbountytips gem hacking library pentest ruby scanner scanning-xss selenium tool webhacking xss
Last synced: 11 Oct 2024
https://github.com/roottusk/vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
api apitop10 appsec appsec-tutorials bugbounty cors docker exercises hacktoberfest hacktoberfest-accepted owasp owasp-top-10 owasp-top-ten php postman vulnerable-application
Last synced: 29 Oct 2024
https://github.com/trickest/inventory
Asset inventory of over 800 public bug bounty programs.
bug-bounty bugbounty bugbountytips fuzzing hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance red-team security security-tools software-security threat-intelligence
Last synced: 15 Oct 2024
https://github.com/Viralmaniar/BigBountyRecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
blue-team bugbounty bugbounty-tool bugbountytips cybersecurity offensive-security osint pentest-tool pentesting purple-team purple-teams recon reconnaissance red-team red-teaming
Last synced: 04 Aug 2024
https://github.com/devanshbatham/FavFreak
Making Favicon.ico based Recon Great again !
bugbounty bughunting hacking information-gathering osint recon reconnaissance web-security webappsec
Last synced: 06 Nov 2024
https://github.com/devanshbatham/favfreak
Making Favicon.ico based Recon Great again !
bugbounty bughunting hacking information-gathering osint recon reconnaissance web-security webappsec
Last synced: 29 Oct 2024
https://github.com/dwisiswant0/go-dork
The fastest dork scanner written in Go.
bing-dorks bugbounty bugbounty-tool crawler dork-scanner dorking golang google-dorking google-dorks infosec security shodan-dorks vulnerability-scanners
Last synced: 09 Oct 2024
https://github.com/caido/caido
🚀 Caido releases, wiki and roadmap
bugbounty pentesting proxy security tool
Last synced: 15 Oct 2024
https://github.com/SpiderLabs/HostHunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
bugbounty hacking hacking-tool hosthunter hostnames ip network-security open-source osint penetration-testing pentest pentest-tool pentesting recon reconnaissance scoping security-tools tool virtual-hosts
Last synced: 01 Nov 2024
https://github.com/payloadbox/xxe-injection-payload-list
🎯 XML External Entity (XXE) Injection Payload List
bug-bounty bugbounty cyber-security cybersecurity hacking information-security infosec payload payloads web-application-security websecurity websecurity-reference xml xml-entity xxe xxe-example xxe-injection xxe-payload xxe-payload-list xxe-payloads
Last synced: 15 Oct 2024
https://github.com/spiderlabs/hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
bugbounty hacking hacking-tool hosthunter hostnames ip network-security open-source osint penetration-testing pentest pentest-tool pentesting recon reconnaissance scoping security-tools tool virtual-hosts
Last synced: 09 Oct 2024
https://github.com/h4r5h1t/webcopilot
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
bug-bounty bugbounty enumeration recon reconnaissance
Last synced: 15 Oct 2024
https://github.com/karanxa/bug-bounty-wordlists
A repository that includes all the important wordlists used while bug hunting.
bugbounty hacktoberfest hacktoberfest2022
Last synced: 15 Oct 2024
https://github.com/Karanxa/Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
bugbounty hacktoberfest hacktoberfest2022
Last synced: 03 Aug 2024
https://github.com/random-robbie/bruteforce-lists
Some files for bruteforcing certain things.
bruteforce bugbounty bugbountytips dirbuster
Last synced: 09 Nov 2024
https://github.com/devploit/dontgo403
Tool to bypass 403/40X response codes.
403 403-bypass bugbounty bypass ctf pentesting waf-bypass websec
Last synced: 25 Aug 2024
https://github.com/devploit/nomore403
Tool to bypass 403/40X response codes.
403 403-bypass bugbounty bypass ctf pentesting waf-bypass websec
Last synced: 03 Aug 2024
https://github.com/projectdiscovery/public-bugbounty-programs
Community curated list of public bug bounty and responsible disclosure programs.
bugbounty bugbounty-program chaos hacktoberfest reconnaissance
Last synced: 13 Nov 2024
https://github.com/1n3/privesc
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
bugbounty exploits hacking linux mysql pentesting privesc sql windows
Last synced: 09 Nov 2024
https://github.com/indianajson/can-i-take-over-dns
"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
bugbounty bugbountytips dangling-dns dns dns-hijacking domain-takeover hacking hacking-tool infosec nameservers subdomain-takeover takeover-subdomain
Last synced: 03 Nov 2024
https://github.com/1N3/PrivEsc
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
bugbounty exploits hacking linux mysql pentesting privesc sql windows
Last synced: 05 Nov 2024
https://github.com/edoardottt/scilla
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
bugbounty directories-enumeration dns-enumeration enumeration hacking hacking-tool hacktoberfest information-gathering information-retrieval network penetration-testing pentesting port-enumeration portscanner recon reconnaissance security security-tools subdomain-scanner subdomains-enumeration
Last synced: 13 Nov 2024
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
bugbounttips bugbounty bugbounty-writeups cve cve-2021-44228 cve-2021-45046 cve-2021-45105 cybersecurity exploit hacking log4j payload pentest pentesting poc red-team security security-writeups writeups
Last synced: 04 Aug 2024
https://github.com/ice3man543/subover
A Powerful Subdomain Takeover Tool
bug-bounty bugbounty hostile hostile-subdomain-takeover pentesting subdomain subdomain-takeover subdomains takeover takeover-subdomain
Last synced: 13 Nov 2024
https://github.com/Ice3man543/SubOver
A Powerful Subdomain Takeover Tool
bug-bounty bugbounty hostile hostile-subdomain-takeover pentesting subdomain subdomain-takeover subdomains takeover takeover-subdomain
Last synced: 28 Oct 2024
https://github.com/topscoder/nuclei-wordfence-cve
The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.
bugbounty cve exploits nuclei nuclei-templates pentesting projectdiscovery scanner security vulnerability vulnerability-scanning wordfence wordpress
Last synced: 13 Nov 2024
https://github.com/ayoubfathi/leaky-paths
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
appsec axiom bugbounty dirbuster dirsearch ffuf fuzzing hacktoberfest meg nuclei penetration-testing pentest recon redteam redteaming security security-tools subfinder wayback-machine wordlist
Last synced: 04 Aug 2024
https://github.com/LukaSikic/subzy
Subdomain takeover vulnerability checker
bugbounty cybersecurity security-research security-vulnerability subdomain-takeover
Last synced: 04 Aug 2024
https://github.com/PentestPad/subzy
Subdomain takeover vulnerability checker
bugbounty cybersecurity security-research security-vulnerability subdomain-takeover
Last synced: 03 Aug 2024
https://github.com/chvancooten/BugBountyScanner
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
bug-bounty-reconnaissance bugbounty docker-image hacking hacktoberfest reconnaissance
Last synced: 05 Nov 2024
https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
bugbounty hacking hacking-tool penetration-testing penetration-testing-tools pentesting scanner security security-audit security-scanner security-tools vulnerability-scanners web-cache
Last synced: 05 Nov 2024
https://github.com/chvancooten/bugbountyscanner
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
bug-bounty-reconnaissance bugbounty docker-image hacking hacktoberfest reconnaissance
Last synced: 11 Oct 2024
https://github.com/KathanP19/JSFScan.sh
Automation for javascript recon in bug bounty.
bugbounty bugbounty-tool javascript-recon
Last synced: 03 Aug 2024
https://github.com/robotshell/magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
bash-script bug bugbounty bugbounty-tool bugbountytricks infosec nuclei scanner sql-injection subdomain subdomains-enumeration tool vulnerability-scanners xss-vulnerability
Last synced: 06 Nov 2024
https://github.com/sh377c0d3/Payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
bugbounty bugbounty-tool payload payloads payloads-database penetration-testing
Last synced: 04 Aug 2024
https://github.com/xm1k3/cent
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
bugbounty golang hacktoberfest nuclei nuclei-templates penetration-testing pentesting templates
Last synced: 05 Nov 2024
https://github.com/boy-hack/ksubdomain
Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
bugbounty hacker-tools subdomain
Last synced: 04 Aug 2024
https://github.com/hisxo/reconaizer
A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
bugbounty burp-extensions burpsuite gpt-4 openai openai-api openai-chatgpt
Last synced: 09 Nov 2024
https://github.com/vincentcox/StaCoAn
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
bugbounty mobile-security security security-tools static-code-analysis
Last synced: 27 Oct 2024
https://github.com/vincentcox/stacoan
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
bugbounty mobile-security security security-tools static-code-analysis
Last synced: 25 Oct 2024
https://github.com/m8sec/subscraper
Subdomain and target enumeration tool built for offensive security testing
bugbounty enumeration osint penetration-testing pentest pentest-tool python3 subdomain-brute subdomain-enumeration subdomain-scanner subdomain-takeover
Last synced: 13 Nov 2024
https://github.com/hisxo/ReconAIzer
A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
bugbounty burp-extensions burpsuite gpt-4 openai openai-api openai-chatgpt
Last synced: 05 Nov 2024
https://github.com/alexbieber/Bug_Bounty_writeups
BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔
alexbieber bug bug-bounty bug-bounty-hunters bug-bounty-hunting bug-bounty-poc bug-bounty-recon bug-poc bugbounty bugcrowd facebook google hackerone integriti
Last synced: 04 Aug 2024
https://github.com/Dheerajmadhukar/karma_v2
⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
automation bash-script bugbounty infrastructure intelligence osint reconnaissance shodan
Last synced: 06 Nov 2024
https://github.com/dheerajmadhukar/karma_v2
⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
automation bash-script bugbounty infrastructure intelligence osint reconnaissance shodan
Last synced: 15 Oct 2024
https://github.com/0xpugal/fuzz4bounty
1337 Wordlists for Bug Bounty Hunting
bruteforce bugbounty dirsearch ffuf fuzz fuzz4bounty wordlist
Last synced: 08 Nov 2024
https://github.com/0xsha/CloudBrute
Awesome cloud enumerator
amazon bugbounty cloud cloud-security cloud-storage digitalocean google hacking infosec linode pentest-tool pentesting redteam s3-bucket vultr
Last synced: 03 Nov 2024
https://github.com/Zarcolio/sitedorks
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.
baidu bing bugbounty bugcrowd duckduckgo google google-dorks googledork hackerone hacking infosec intigriti osint python3 recon reconnaissance search search-engines yahoo yandex
Last synced: 04 Aug 2024
https://github.com/R0X4R/Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner
Last synced: 06 Nov 2024
https://github.com/r0x4r/garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner
Last synced: 12 Nov 2024
https://github.com/hahwul/jwt-hack
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
bugbounty cracking hacking hacktoberfest jwt payload-generator security testing-tools tool
Last synced: 31 Oct 2024
https://github.com/bl4de/security-tools
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
bug-bounties bug-bounty bugbounty ctf ctf-tools hacking infosec itsecurity pentesting python scanner security-testing security-tools static-analysis webappsec
Last synced: 03 Nov 2024
https://github.com/dwisiswant0/findom-xss
A fast DOM based XSS vulnerability scanner with simplicity.
bugbounty bugbountytips findom-xss pentest pentesting xss xss-scanner
Last synced: 28 Oct 2024
https://github.com/christophetd/censys-subdomain-finder
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
bugbounty certificate-transparency-logs enumerate-subdomains osint pentest-tool pentesting recon subdomain-enumeration subdomain-scanner subdomains
Last synced: 15 Nov 2024
https://github.com/dsopas/assessment-mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
bugbounty infosec methodology mindmap
Last synced: 03 Nov 2024
https://github.com/aaaguirrep/offensive-docker
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
bug-bounty bugbounty ctf-tools hacking hacking-tools htb pentest pentesting pentesting-tools
Last synced: 26 Oct 2024
https://github.com/TypeError/domained
Multi Tool Subdomain Enumeration
bugbounty enumeration infosec security subdomains
Last synced: 03 Nov 2024
https://github.com/robotshell/magicrecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
bash-script bug bugbounty bugbounty-tool bugbountytricks infosec nuclei scanner sql-injection subdomain subdomains-enumeration tool vulnerability-scanners xss-vulnerability
Last synced: 13 Nov 2024
https://github.com/knassar702/scant3r
ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
bug-bounty bugbounty infosec module-pattern penetration-testing pentesting security-tools web-scanners xss
Last synced: 04 Aug 2024
https://github.com/gwen001/github-subdomains
Find subdomains on GitHub.
bugbounty github go golang pentesting security-tools subdomains
Last synced: 09 Nov 2024
https://github.com/h33tlit/secret-regex-list
List of regex for scraping secret API keys and juicy information.
bugbounty google google-api juicy oauth regex regex-pattern secret secret-keys
Last synced: 04 Aug 2024
https://github.com/fyoorer/ShadowClone
Unleash the power of cloud
aws bugbounty cloud distributed-computing lambda-functions recon serverless
Last synced: 04 Aug 2024
https://github.com/anof-cyber/application-security
Resources for Application Security including Web, API, Android, iOS and Thick Client
android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting security security-testing
Last synced: 13 Nov 2024
https://github.com/003random/getJS
A tool to fastly get all javascript sources/files
bugbounty extract files go golang goquery hacking hacktoberfest javascript parser pentesting recon reconnaissance urls
Last synced: 27 Oct 2024
https://github.com/iamthefrogy/frogy
My subdomain enumeration script. It's unique in the way it is built upon.
bug-bounty bugbounty infosec osint reconnaissance
Last synced: 07 Nov 2024
https://github.com/Anof-cyber/Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client
android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting security security-testing
Last synced: 29 Oct 2024