Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2024-11-15 00:03:57 UTC
- JSON Representation
https://github.com/hahwul/websocket-connection-smuggler
websocket-connection-smuggler
bugbounty hacking security testing-tools websocket websocket-connection-smuggling
Last synced: 02 Nov 2024
https://github.com/typeerror/bookmarks
Reclaim control of your Burp Suite Repeater tabs with this powerful extension
appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro
Last synced: 08 Nov 2024
https://github.com/yeswehack/YesWeBurp
YesWeHack Api Extension for Burp
bugbounty burp-extensions hacking pentest tools
Last synced: 09 Nov 2024
https://github.com/TypeError/Bookmarks
Reclaim control of your Burp Suite Repeater tabs with this powerful extension
appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro
Last synced: 24 Oct 2024
https://github.com/InfoSecWarrior/Offensive-Pentesting-Scripts
Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work more efficient and effective.
automation bash-script bugbounty gotools nmap-scripts pentesting subdomain-enumeration subdomain-wordlist
Last synced: 07 Nov 2024
https://github.com/elfarsaouiomar/monitor-new-subdomain
MNS is a security and reconnaissance tool for monitoring new subdomains
bugbounty monitoring python3 recon subdomains
Last synced: 04 Aug 2024
https://github.com/jimen0/differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters
bugbounty cloudrun go golang serverless url
Last synced: 28 Oct 2024
https://github.com/codingo/dooked
DNS and Target HTTP History Local Storage and Search
bounties bug bugbounty bugbounty-tool infosec reconnaissance security security-tools
Last synced: 20 Oct 2024
https://github.com/radenvodka/pentol
PENTOL - Pentester Toolkit for Fiddler2
bugbounty exploit exploiting-vulnerabilities fiddler-extension fiddler2 kitploit pentest-tool pentesting security security-tools tools
Last synced: 03 Aug 2024
https://github.com/gwen001/github-regexp
Basically a regexp over a GitHub search.
bugbounty github go golang pentesting private regexp secrets security-tools
Last synced: 09 Nov 2024
https://github.com/InitRoot/BurpSQLTruncSanner
Messy BurpSuite plugin for SQL Truncation vulnerabilities.
bugbounty burpsuite-extender sql-truncation
Last synced: 03 Nov 2024
https://github.com/blackhatethicalhacking/fetchmeurls
A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)
bugbounty bugbountytool recon reconnaissance
Last synced: 05 Nov 2024
https://github.com/p0dalirius/lfidump
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
bugbounty dump file inclusion local pentesting
Last synced: 29 Oct 2024
https://github.com/gwen001/gitlab-subdomains
Find subdomains on GitLab.
bugbounty gitlab go pentesting security-tools subdomains
Last synced: 09 Nov 2024
https://github.com/edoverflow/legal-bug-bounty
#legalbugbounty project โ creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
bugbounty infosec legal security
Last synced: 10 Nov 2024
https://github.com/Zarcolio/grepaddr
Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.
bugbounty command-line ctf ctf-tools e-mail extract grep-like hacking ip-addresses ipv4 ipv6 mac-address pentesting python python3 recon reconnaissance urls
Last synced: 06 Nov 2024
https://github.com/ghsec/BBProfiles
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
Last synced: 25 Oct 2024
https://github.com/p0dalirius/ldapconsole
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
active-directory bugbounty ldap pentesting search
Last synced: 29 Oct 2024
https://github.com/hahwul/gitls
๐ Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
bugbounty butbountytips cli-tool fetcher git github security security-tools tool whitebox-testing
Last synced: 02 Nov 2024
https://github.com/kabilan1290/grapX
grapX will iterate through the URLs and grep the endpoints with all possible extensions.
automation bugbounty bugbounty-tool bugbountytips cybersecurity opensource python python-script security-automation security-vulnerability
Last synced: 04 Aug 2024
https://github.com/gerosecurity/gerobug
The First Open Source Bug Bounty Platform
bounty-hunting bug-bounty bug-bounty-platform bugbounty bugbounty-platform bugbounty-tool cybersecurity infosec vdp vulnerability-disclosure
Last synced: 10 Sep 2024
https://github.com/darklotuskdb/SSTI-XSS-Finder
XSS Finder Via SSTI
bug bugbounty bugbounty-tool bugbountytips dorks hacking ssti tool vulnerability xss
Last synced: 04 Aug 2024
https://github.com/blackhatethicalhacking/scopehunter
ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.
bugbounty hacking infosec kali-linux penetration-testing pentesting
Last synced: 05 Nov 2024
https://github.com/Adversis/PandorasBox
Security tool to quickly audit Public Box files and folders.
bugbounty cloud-security penetration-testing security-tools
Last synced: 14 Nov 2024
https://github.com/z3dc0ps/0x0p1n3r
0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover
bugbounty enumeration enumerations subdomain subdomain-enumeration subdomain-scanner vulnerability
Last synced: 04 Aug 2024
https://github.com/dwisiswant0/continuous-nuclei
Running nuclei Continuously
automation bugbounty bugbounty-tool nuclei projectdiscovery
Last synced: 04 Aug 2024
https://github.com/ethicalhackingplayground/dnsresolver
A Lightning-Fast DNS Resolver written in Rust ๐ฆ
bugbounty dns http-prober resolver
Last synced: 08 Nov 2024
https://github.com/dwisiswant0/bounty-targets-alert
It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.
bugbounty bugbountytips bugcrowd federacy hackenproof hackerone intigriti vdp vrp yeswehack
Last synced: 28 Oct 2024
https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213
https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8
Last synced: 04 Aug 2024
https://github.com/blackhatethicalhacking/ScopeHunter
ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.
bugbounty hacking infosec kali-linux penetration-testing pentesting
Last synced: 23 Oct 2024
https://github.com/nikhil1232/Bucket-Flaws
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
application-security aws-s3 bucket bug-bounty bugbounty s3 s3-bucket s3-buckets security-misconfiguration wapt
Last synced: 04 Aug 2024
https://github.com/nullt3r/rapiddns
Rapidly enumerate subdomains and domains using rapiddns.io.
bugbounty bugbountytips domain-discovery enumeration scanner subdomains-enumeration
Last synced: 04 Aug 2024
https://github.com/Josue87/roboxtractor
Extract endpoints marked as disallow in robots files to generate wordlists.
bug-bounty bugbounty enumeration fuzzing hacking wordlist
Last synced: 04 Aug 2024
https://github.com/themarkib/google-acquisitions
Most of the Google Acquisitions for Bug Bounty Hunter.
bugbounty ethical-hacking googlevrp penetration-testing
Last synced: 25 Oct 2024
https://github.com/birdbee44/Resources
bugbounty honey honey-pots osint phishing resources scanner sql-injection xss
Last synced: 04 Aug 2024
https://github.com/knassar702/hacking-lab
Small Vulnerable Web App
bugbounty cmdinjection flask hackable hacking-lab openredirect python sqlinjection ssrf ssti uploadfile xss
Last synced: 04 Aug 2024
https://github.com/nu11pointer/fuzzlists
A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc
bruteforce bugbounty cybersecurity dictionaries infosec pentesting wordlists
Last synced: 05 Nov 2024
https://github.com/Aju100/VulWebaju
VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
bugbounty hacking hacktoberfest owasp-top-10 penetration-testing pentesting
Last synced: 04 Aug 2024
https://github.com/Th0h0/autopoisoner
Web cache poisoning vulnerability scanner.
automation bugbounty python3 web-cache-deception web-cache-misconfiguration web-cache-poisoning
Last synced: 03 Aug 2024
https://github.com/random-robbie/open-redirect
Open Redirect Finder.
bugbounty casperjs open-redirect openredirect python
Last synced: 09 Nov 2024
https://github.com/DreyAnd/DeadDNS
DNS hijacking via dead records automation tool
bugbounty bugbounty-tool bugbountytips bughunting
Last synced: 04 Aug 2024
https://github.com/Sh1Yo/rate-limit-checker
Check whether the domain has a rate limit enabled.
Last synced: 04 Aug 2024
https://github.com/kljunowsky/CVE-2022-42889-text4shell
Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.
apache bug-bounty bug-bounty-hunting bugbounty bugbounty-tool commons-text cve-2022-42889 exploit oneliner security security-tools
Last synced: 04 Aug 2024
https://github.com/bassammaged/awsEnum
Enumerate AWS cloud resources based on provided credential
aws bug bugbounty enumeration penetration-testing security-audit security-tools
Last synced: 23 Oct 2024
https://github.com/kaiiyer/rajappan
An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE
articles blog bugbounty cheatsheet conference cybersecurity differential-privacy hacktoberfest hacktoberfest2022 internet-freedom podcasts privacy rajappan security security-tools threat-hunting threat-intelligence toolkit tools
Last synced: 07 Nov 2024
https://github.com/rudSarkar/crlf-injector
A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
bugbounty crlf-injection python toolshacking
Last synced: 09 Nov 2024
https://github.com/xchopath/pathprober
Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once
bugbounty pentest pentest-scripts pentest-tools python python3 redteam redteam-tools webscanner
Last synced: 04 Aug 2024
https://github.com/gwen001/google-search
Returns results from Google search.
bugbounty endpoints go golang google goop pentesting python recon search security-tools urls
Last synced: 09 Nov 2024
https://github.com/joker-reincarnated/toxic-md
Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot configurations, this bot has you covered.
Last synced: 02 Nov 2024
https://github.com/mrlew1s/BrokenSMTP
Small python script to look for common vulnerabilities on SMTP server.
bugbounty pentest pentest-scripts pentest-tool pentesting python python3 security security-tools smtp spoofing userenumeration vulnerabilities vulnerability
Last synced: 04 Aug 2024
https://github.com/wfinn/redirex
tool that generates bypasses for open redirects
Last synced: 04 Aug 2024
https://github.com/mzfr/takeover
A tool for testing subdomain takeover possibilities at a mass scale.
bugbounty subdomain-takeover takeover
Last synced: 03 Nov 2024
https://github.com/SomeKirill/wordlist_generator
Unique wordlist generator of unique wordlists.
bugbounty bugbounty-tool information-gathering pentesting reconnaissance security wordlist
Last synced: 04 Aug 2024
https://github.com/R0X4R/scvault
Custom scripts for directory fuzzing, subdomain enumeration, and more.
automation bash-script bug-bounty bug-bounty-hunters bugbounty directory-busting ffuf fuzzing infosec interlace
Last synced: 04 Aug 2024
https://github.com/r0x4r/scvault
Custom scripts for directory fuzzing, subdomain enumeration, and more.
automation bash-script bug-bounty bug-bounty-hunters bugbounty directory-busting ffuf fuzzing infosec interlace
Last synced: 08 Nov 2024
https://github.com/R0X4R/ssrf-tool
An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.
bugbounty bugbounty-tool bugbountytips go ssrf ssrf-tool tools
Last synced: 04 Aug 2024
https://github.com/ko2sec/apkizer
apkizer is a mass downloader for android applications for all available versions.
android-application apk apkpure bugbounty recon reconnaissance
Last synced: 04 Aug 2024
https://github.com/gwen001/bxss
Alternative to XSS Hunter for blind XSS.
bugbounty pentesting php security-tools xss xsshunter
Last synced: 09 Nov 2024
https://github.com/melbadry9/SSLEnum
Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)
bugbounty reconnaissance rust rust-lang ssl-certificate
Last synced: 04 Aug 2024
https://github.com/e1abrador/Burp-Encode-IP
Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.
bugbounty bugbounty-tool bugbountytips bypass open-redirect red-team red-team-tools ssrf
Last synced: 04 Aug 2024
https://github.com/HexNio/ssl_pinning_remover
An Android SSL Pinning Remover tool for Security research and Bug Bounty
android bug-bounty bugbounty bugbounty-tool help-wanted python3 security-automation security-tools ssl-pinning
Last synced: 04 Aug 2024
https://github.com/Dc4ts/ChangeTower
ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go
bugbounty bugbounty-tool golang red-team webscanner
Last synced: 04 Aug 2024
https://github.com/cqsd/daily-commonspeak2
commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists
bugbounty content-discovery security
Last synced: 04 Aug 2024
https://github.com/BountyStrike/Emissary
Send notifications on different channels such as Slack, Telegram, Discord etc.
Last synced: 03 Aug 2024
https://github.com/robotshell/dorkscraper
DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.
bugbounty googledorks pentesting python tool
Last synced: 01 Nov 2024
https://github.com/dreamer1eh/ultimate_bughunter_tools
Ultimate Package Of 50 Bug Bounty Hunting Tools
bug-bounty bugbounty infosec security security-tools
Last synced: 04 Aug 2024
https://github.com/jonaslejon/lolcrawler
Headless web crawler for bugbounty and penetration-testing/redteaming
bugbounty crawler docker penetration-testing penetration-testing-tools redteam redteam-tools redteaming
Last synced: 04 Aug 2024
https://github.com/p0dalirius/robotstester
This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
bugbounty crawler pentesting python robots tool
Last synced: 29 Oct 2024
https://github.com/karthi-the-hacker/crlfi
CRLF Bug scanner for WebPentesters and Bugbounty Hunters
bugbounty bugbounty-tool bugbounty-tools crlf-injection crlf-injection-scanner webpentesting websecurity
Last synced: 10 Sep 2024
https://github.com/khetaguridimitri/sql-injection
SQL Injection / SQL ะธะฝัะตะบัะธะฐ - Hacking and bypass
android audit blackhat bugbounty bughunting cyberattack cybersecurity dorks ethical-hacking ethical-hacking-tools hacking intelligence linux pentest redhat security sql sql-injection whitehat windows
Last synced: 08 Nov 2024
https://github.com/melbadry9/ScanApi
Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
bugbounty recon s3-bucket-scanner subdomains-enumeration
Last synced: 04 Aug 2024
https://github.com/pikpikcu/js-finding
JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various extraction methods and provides additional options for file download and wordlists creation.
Last synced: 04 Aug 2024
https://github.com/m8sec/subwalker
Simultaneously execute various subdomain enumeration tools and aggregate results.
bugbounty recon subdomain-enumeration
Last synced: 30 Oct 2024
https://github.com/karthi-the-hacker/Gh0stR3c0n
All in one web Recon app
bugbounty bugbounty-tool bugbounty-tools bugbountyautomation bugbountytips webrecon
Last synced: 04 Aug 2024
https://github.com/mathis2001/webhackurls
Simple python OSINT tool for urls recon thanks to the waybackmachine.
bugbounty osint pentesting recon wayback-machine webarchive
Last synced: 11 Nov 2024
https://github.com/0xpugal/knoxsser
A concise and effective bash script for mass XSS scanning utilizing the KNOXSS API by Brute Logic
Last synced: 08 Nov 2024
https://github.com/acuciureanu/ppfang
A tool which helps identifying client-side prototype polluting libraries
bugbounty bugbounty-tool bugbountytips chromium cspp prototype-pollution security security-tools vulnerability-scanners
Last synced: 12 Oct 2024
https://github.com/typeerror/crystalball
An enchanting ๐ฎ web screenshot tool for capturing and sharing web content effortlessly
bugbounty enumeration infosec security web-screenshot
Last synced: 08 Nov 2024
https://github.com/edoardottt/malicious-rmqr-codes
Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
bug-bounty bugbounty malicious-payloads offensive-security payload-generator payloads qr-code qrcode qrcodes red-team red-team-tools redteam redteam-tools redteaming rmqr rmqrcode security security-tools web-security
Last synced: 28 Oct 2024
https://github.com/pelaohxc/postMessageFinder
bugbounty domxss hacking javascript postmessage tool xss
Last synced: 04 Aug 2024
https://github.com/abuvanth/kicks3
S3 bucket finder from html,js and bucket misconfiguration testing tool
automation aws aws-s3 bucket-misconfiguration-testing bugbounty s3 s3-bucket-finder security-tools storage
Last synced: 03 Nov 2024
https://github.com/blackhatethicalhacking/openrediwrecked
A powerful and sophisticated tool for detecting and exploiting open redirect vulnerabilities using the sed utility and a selected list of carefully crafted payloads with encoding techniques.
bugbounty hacking infosec openredirect-scanner penetration-testing pentesting
Last synced: 05 Nov 2024
https://github.com/andripwn/PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
allpayload bugbounty bugcrowd bughunter hackerone payloads pentest python rce researchers securityresearchers sql vulnerability vulnerabilityanalysis xsss
Last synced: 23 Oct 2024
https://github.com/robotshell/dorkSraper
DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.
bugbounty googledorks pentesting python tool
Last synced: 04 Sep 2024
https://github.com/HJ23/Raptor
Passive subdomain enumeration tool with http-probe.
bug-bounties bug-bountry bug-hunter bugbounty cybersecurity enumeration hacking http-probe osint osint-python osint-tool probe probe-requests python python3 subdomain subdomain-enumeration subdomain-scanner subdomains subdomains-monitoring
Last synced: 04 Aug 2024
https://github.com/bountymachine/about
A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!
automation bountymachine bugbounty infosec presentation slides
Last synced: 03 Aug 2024
https://github.com/mathis2001/paramfirstcheck
ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, RCE and Open redirect
bugbounty parameters pentest top25
Last synced: 11 Nov 2024
https://github.com/0xpugal/bounty.sh
simple bash script to earn bounties
bash bugbounty recon reconnaissance shell
Last synced: 08 Nov 2024
https://github.com/hahwul/backbomb
๐ฃ Dockerized penetration-testing/bugbounty/app-sec testing environment
appsec bugbounty docker docker-image environment golang hacking pentest security tools
Last synced: 27 Sep 2024