Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2025-02-20 00:03:54 UTC
- JSON Representation
https://github.com/sudosuraj/Dorks
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
bounty bug bugbounty dork dorks google googledorks sudosuraj
Last synced: 23 Oct 2024
https://github.com/rodnt/gogetcert
Use transparency logs to get subdomains from certificate
Last synced: 03 Jan 2025
https://github.com/GabrielCS0/security-trails
This is a tool to automate the search for subdomains on the website securitytrails.com
bugbounty pentesting python recon subdomains
Last synced: 23 Oct 2024
https://github.com/h3xploit0x1/url-gatherer
Simple Bash Script To Gather URL From Target. Useful For BugBounty.
bugbounty ethical-hacking hacking pentesting tool
Last synced: 15 Jan 2025
https://github.com/ahmadchen/wpscan
bugbounty linux python shell-script wordpress
Last synced: 15 Jan 2025
https://github.com/hunthubspace/bb-bugbountybash
This repository contains a collection of custom Bash functions designed to streamline and enhance the bug bounty hunting process.
automation bash-scripting bugbounty penetration-testing penetration-testing-tools
Last synced: 31 Jan 2025
https://github.com/macmod/forever
A simple tool that generates SSH command-line arguments to forward local addresses to multiple remote targets.
bugbounty pentest port-forwarding redteam ssh tools
Last synced: 01 Feb 2025
https://github.com/isanjaymenon/awesome-thm-rooms
Awesome TryHackMe Rooms - WIP ⌛
awesome awesome-lists bugbounty cybersecurity infosec tryhackme tryhackme-roadmap
Last synced: 09 Dec 2024
https://github.com/hackshiv/jsurlextractor
A simple bash script to extract more urls from js endpoints
bugbounty endpoints extractor javascript jsextractor
Last synced: 11 Jan 2025
https://github.com/vin-hacks/querywatch
Simple script to detect changes in a GraphQL api where introspection is enabled.
api bash bash-script bugbounty cybersecurity graphql tool
Last synced: 23 Jan 2025
https://github.com/mathis2001/lightssticheck
LightSSTICheck is a tool designed to find basic SSTI vulnerabilities
Last synced: 09 Jan 2025
https://github.com/l0wk3y-iaan/portswigger-academy-tracker
This script dynamically tracks your PortSwigger Academy progress and generates a markdown table for you.
academy bugbounty penetration-testing pentesting portswigger security security-tools tools web-penetration-testing web-security
Last synced: 19 Feb 2025
https://github.com/mathis2001/ezcomments
EzComments is a tool allowing you to get all html and js comments of each url given to him
bugbounty comments pentest recon
Last synced: 09 Jan 2025
https://github.com/rix4uni/backupx
BackupX - Finding backup files using ffuf
backup backup-files backupx bugbounty ffuf wordlist
Last synced: 07 Feb 2025
https://github.com/rix4uni/ipfinder
IP Finder tool, ipfinder collects ip address from different sources like Shodan, Zoomeye, Viewdns, dig command, etc.
bug-bounty bugbounty bugbountytips dig hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools shodan threat-intelligence viewdns zoomeye
Last synced: 14 Feb 2025
https://github.com/harsh-katiyar/google-dorks-bug-bounty
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
bugbounty ceh ghdb google google-dorking-payloads google-dorking-tool google-dorks google-dorks-for-hackers googledorks hacking osint search
Last synced: 19 Feb 2025
https://github.com/rix4uni/nucleihubquery
A bash script that extracts `shodan-query, google-query, censys-query, fofa-query, hunter-query, zoomeye-query` in nucleihub-templates.
bug-bounty bugbounty bugbountytips censys fofa google hacking hunter infosec nuclei nuclei-templates nucleihub-templates osint pentesting recon reconnaissance security security-tools shodan zoomeye
Last synced: 14 Feb 2025
https://github.com/it-jhack/subtaker
A tool to help find subdomain takeover vulnerabilities
bug-bounty bugbounty enumeration hacking infosec osint penetration-testing pentesting python recon reconnaissance subdomain subdomain-takeover
Last synced: 12 Jan 2025
https://github.com/codeb0ss/CVE-2023-20073-
Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]
0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router
Last synced: 23 Oct 2024
https://github.com/arshadkazmi42/npmdc-poc
NPM Dependency Confusion - PoC
bugbounty confusion dependency infosec npm poc
Last synced: 08 Feb 2025
https://github.com/mamad-1999/google-dorker
Simple Google Dork Generator for Cybersecurity
bug-bounty bugbounty cybersecurity dork dorker google-dorks googledork osint security
Last synced: 30 Jan 2025
https://github.com/rix4uni/gosqli
gosqli is a fast and simple tool for detecting blind SQL injection vulnerabilities. It supports scanning URLs with custom payloads, parallel requests, and response time-based verification.
bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools sql-injection sqli threat-intelligence
Last synced: 07 Feb 2025
https://github.com/rix4uni/jscrawler
Fetches javascript file from a list of URLS or subdomains.
bugbounty hacking javascript pentesting recon reconnaissance urls
Last synced: 07 Feb 2025
https://github.com/supreme-snaze/permutations
A local easy-to-use password manager written in python with multiple User Interfaces
audio-separation bugbounty combinations cupp deep-learning dns domains hacking pentest-tool permutation-algorithms permutation-invariant-training permutations phishing pytorch
Last synced: 22 Jan 2025
https://github.com/farinap5/headerparsing
Web Header Dump For Parsing
bugbounty header header-dump pentesting webpwn
Last synced: 21 Jan 2025
https://github.com/incogbyte/lazyorigin
Find Origin IP Behind WAFs
bugbounty bugbounty-tool golang infosec pentesting
Last synced: 23 Jan 2025
https://github.com/mathis2001/jsembed
Simple Python tool to embed JavaScript code in different types of files (pdf and svg for now)
bugbounty fileupload javascript pdf pentest svg xss
Last synced: 09 Jan 2025
https://github.com/rix4uni/bug-bounty-tampermonkey-scripts
bugbounty crunchbase-paywall google-dorking tampermonkey
Last synced: 21 Jan 2025
https://github.com/hoshigakikisame/hostprobe
Host Probe is a Python script that simplifies host discovery using ICMP ping. It enables users to determine the status of a list of IP addresses or domain names, helping identify hosts that are online (UP) or offline (DOWN).
bugbounty cybersecurity prober
Last synced: 07 Jan 2025
https://github.com/sysevil/rusho
subdomain tool cli for shodan by Rust lang
bugbounty hacking hacking-tool recon reconnaissance rust rust-lang subdomain-enumeration
Last synced: 09 Feb 2025
https://github.com/y-mo4n1ngst3r/y-mo4n1ngst3r
Config files for my GitHub profile.
assembly bugbounty bugbounty-tool bugbounty-tools config cpp20 ctf ctf-challenges cyber-threat-intelligence cybersecurity github-config golang offensive-security pentesting redteaming
Last synced: 26 Jan 2025
https://github.com/luddekn/subfuzzer
Subdomain fuzzer
brute-force bug-bounty bugbounty fuzzer fuzzing python python3 redteam subdomain subdomain-bruteforcing subdomain-enumeration subdomain-scanner tool web
Last synced: 13 Feb 2025
https://github.com/y-mo4n1ngst3r/evillan
A tool for create encoded payloads and test them on targets
bugbounty bugbounty-tools cybersecurity hacking-tool offensive-security pentesting
Last synced: 09 Feb 2025
https://github.com/emrekybs/web-auditchain
Automated script for advanced web security reconnaissance and enumeration, integrating popular tools to streamline the information gathering phase
bash bugbounty enumeration information-extraction information-gathering owasp reconnaissance websecurity
Last synced: 19 Jan 2025
https://github.com/bypasswin/js-monitor
Track JavaScript changes websites. Website bot can detected new API endpoints & more!
api api-change-log bugbounty hacking javascript js js-monitor monitor osint toolkit tools website
Last synced: 11 Feb 2025
https://github.com/lucabarile/zdi-can-16318
Exploits and reports for CVE-2023-32162
0-day 0day bugbounty cve-2023-32162 disclosure elevation-of-privilege exploit local-privilege-escalation logical-vulnerability lpe poc privilege-escalation proof-of-concept vulnerability wacom wacom-driver wacom-vulnerability write-up writeups zdi-can-16318
Last synced: 20 Feb 2025
https://github.com/luis8456/minesweeper
A classic Minesweeper implementation built with HTML, CSS, and JavaScript. Features multilingual support, modular code, and a clean UI. Perfect for learning game development and refactoring practices. Play, explore, and contribute! 🚀
blacklist blacklist-extension bugbounty burpsuite coinhive cryptojacking game hacking java minesweeper-game mvi roboelectric room-database windows
Last synced: 10 Feb 2025
https://github.com/dr4ks/natas_labs_solution
Hello, this is repository which has solutions for Natas Labs.
bugbounty cryptography ctf cyber-defense cybersecurity ethical-hacking exploit-development forensics natas-labs-solutions network network-sec penetration-testing security security-tools vulnerability-analysis web-exploitation
Last synced: 16 Feb 2025
https://github.com/prvvv/submapper
A subdomain enumeration tool designed to find WAF's and 404 pages for takeover and enumeration
404 404-page amazon bug-bounty bugbounty cloudflare python3 subdomain-enumeration subdomain-scanner subdomain-takeover waf-detection
Last synced: 12 Jan 2025
https://github.com/rtfmkiesel/geopipe
A pipeline tool to filter domains by server location
Last synced: 26 Jan 2025
https://github.com/4m3rr0r/gitversionhashsearch
GitVersionHashSearch is a bash script designed for bug bounty hunters, CTF participants, and red team operations. It allows you to search for specific patterns in the MD5 hashes of all versions of a file in a Git repository, making it a valuable tool for security assessments and exploit development.
bugbounty ctf gitversion gitversionhashsearch red-team
Last synced: 03 Feb 2025
https://github.com/session-x/gitvulnexplorer
GitVulnExplorer is a tool for ethical hackers and bug bounty hunters to scan GitHub repositories for vulnerabilities using Google and GitHub dorks. It helps identify sensitive files, exposed credentials, and misconfigurations, making it easier to find and report security issues.
automationbugbounty bugbounty bugbountytools dorks dorksgithub github gitvulnexplorer gitvulnexplorerhacking hacking
Last synced: 24 Jan 2025
https://github.com/codeb0ss/CVE-2023-3836
0day bugbounty codeb0ss codeboss cve cve-2023-3836 exploit exploiter hackerone uncodeboss webshell
Last synced: 23 Oct 2024
https://github.com/cak/foot
Foot is a library that fetches a list of URLs and silly walks through each site to gather information.
Last synced: 14 Jan 2025
https://github.com/bonifield/jitt
simple jitter tool
bugbounty jitter jitter-calculation penetration-testing python3
Last synced: 18 Jan 2025
https://github.com/gwen001/10degres_hugo
http://10degres.net
blog bugbounty bugbountytips bugbountytools hugo pentesting sectools security security-tools
Last synced: 04 Jan 2025
https://github.com/D0N-B0T/scripts
short Scripts i use for bugbounty and others.
Last synced: 23 Oct 2024
https://github.com/RandomRobbieBF/grafana-bruteforce
Grafana Bruteforce tool
brute-force bugbounty grafana red-team
Last synced: 23 Oct 2024
https://github.com/ichbinbork/JS_lookup
Tool that helps javascript source code analysis processes
bugbounty codereview websecurity
Last synced: 23 Oct 2024
https://github.com/jsmoreira02/lfi-hunter
Automated tool to bypass filtering systems and exploit Local File Inclusion, created for Bug Bounty tests and better optimization during the hack (and with special attention to CTFs)
bugbounty ctf-tools cybersecurity hacking-tool lfi-exploitation
Last synced: 19 Jan 2025
