Bug Bounty | Ecosyste.ms: Awesome

https://github.com/0xsha/GoLinkFinder

A fast and minimal JS endpoint extractor

bugbounty endpoint-discovery linkextractor pentest-tool pentesting pentesting-tools

Last synced: 03 Nov 2024

https://github.com/daffainfo/match-replace-burp

Useful "Match and Replace" burpsuite rules

bugbounty burpsuite hacktoberfest pentest

Last synced: 11 Nov 2024

https://github.com/firefart/hijagger

Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration

bugbounty golang hacking npm pypi security security-tools

Last synced: 01 Nov 2024

https://github.com/projectdiscovery/dnsprobe

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

bugbounty dns dns-utils dnsprobe retryabledns security subdomain

Last synced: 05 Nov 2024

https://github.com/edoardottt/missing-cve-nuclei-templates

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

automation bug-bounty bug-hunting bugbounty bugbounty-tool bugbountytips cve cve-scanning hacking nuclei nuclei-engine nuclei-templates penetration-testing pentesting projectdiscovery security security-tools vulnerability-detection vulnerability-scanners

Last synced: 26 Oct 2024

https://github.com/blackhatethicalhacking/ddoslayer

An Advanced Layer 7 DDoS tool

bugbounty ddos-attacks hacking kali-linux penetration-testing pentesting

Last synced: 05 Nov 2024

https://github.com/si9int/cc.py

Extracting URLs of a specific target based on the results of "commoncrawl.org"

bugbounty osint pentesting

Last synced: 02 Nov 2024

https://github.com/edoverflow/contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.

bugbounty infosec osint security

Last synced: 10 Nov 2024

https://github.com/EdOverflow/contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.

bugbounty infosec osint security

Last synced: 04 Aug 2024

https://github.com/ThreatUnknown/jsubfinder

jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).

bugbounty pentesting proxy security security-tools

Last synced: 09 Nov 2024

https://github.com/Micro0x00/Arsenal

Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty

bug-bounty bugbounty hacking infosec osint penetration-testing pentesting recon reconnaissance security-tools shell

Last synced: 09 Nov 2024

https://github.com/anmolksachan/TheTimeMachine

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

automate bugbounty fuzzer fuzzing jira lfi openredirect osint parameter scanner xss

Last synced: 10 Sep 2024

https://github.com/1in9e/icp-domains

输入一个域名，输出ICP备案所有关联域名

beian bugbounty domain icp information-gathering information-security osint osint-tool osint-tools pentest-tool python python3 security-tools

Last synced: 04 Aug 2024

https://github.com/ThreatUnkown/jsubfinder

jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).

bugbounty pentesting proxy security security-tools

Last synced: 25 Aug 2024

https://github.com/BountyStrike/Bountystrike-sh

Poor (rich?) man's bug bounty pipeline https://dubell.io

bugbounty bugbounty-platform

Last synced: 04 Aug 2024

https://github.com/BitTheByte/Monitorizer

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

bugbounty bugcrowd hackerone subdomain-enumeration subfinder

Last synced: 04 Aug 2024

https://github.com/blackhatethicalhacking/bug_bounty_tools_and_methodology

Bug Bounty Tools used on Twitch - Recon

bug-bounty bugbounty penetration-testing pentesting reconnaissance

Last synced: 05 Nov 2024

https://github.com/devploit/XORpass

Encoder to bypass WAF filters using XOR operations.

bugbounty pentesting php waf-bypass websec xor

Last synced: 12 Nov 2024

https://github.com/daffainfo/all-about-apikey

Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)

api apikey bugbounty hacktoberfest pentest

Last synced: 11 Nov 2024

https://github.com/trickest/mksub

Generate tens of thousands of subdomain combinations in a matter of seconds

bugbounty bugbountytips enumeration infosec infosectools penetration-testing penetration-testing-tools pentesting pentesting-tools recon reconnaissance security security-tools subdomain subdomain-enumeration subdomain-finder subdomain-scanner

Last synced: 04 Aug 2024

https://github.com/abhijithb200/investigator

An online handy-recon tool

bugbounty bugbounty-tool pentest-tool pentesting reconnaissance

Last synced: 04 Aug 2024

https://github.com/FleexSecurity/fleex

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

bug-bounty bugbounty digitalocean distributed-computing distributed-systems hacking hacking-tool hacktoberfest linode

Last synced: 04 Aug 2024

https://github.com/d3mondev/burp-vps-proxy

This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.

bugbounty burp-extensions burpsuite pentesting proxy socks5

Last synced: 12 Nov 2024

https://github.com/dwisiswant0/gf-secrets

Secret and/or credential patterns used for gf.

alienvault-otx bugbounty crawler gau gf gitleaks infosec open-threat-exchange secrets-detection trufflehog trufflehog3 wayback wayback-machine waybackurl

Last synced: 28 Oct 2024

https://github.com/gwen001/bb-datas

Tools and datas related to Bug Bounty.

bugbounty pentesting security

Last synced: 09 Nov 2024

https://github.com/zzzteph/probable_subdomains

Subdomains analysis and generation tool. Reveal the hidden!

bugbounty bugbounty-tool wordlist

Last synced: 04 Aug 2024

https://github.com/0xpugal/subdomz

An Automated Subdomain Enumeration Tool

bugbounty recon reconnaissance subdomain-enumeration subdomain-finder subdomains-discovery

Last synced: 08 Nov 2024

https://github.com/blackhatethicalhacking/nucleimonst3r

Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.

bugbounty bugbounty-tool hacking hacking-tool infosec infosectools redteam vulnerability-scanners

Last synced: 05 Nov 2024

https://github.com/Sh1Yo/request_smuggler

Http request smuggling vulnerability scanner

bugbounty request-smuggling rust scanner security web

Last synced: 07 Nov 2024

https://github.com/dwisiswant0/cf-check

CloudFlare Checker written in Go

bugbounty bugbounty-tool bugbountytips cloudflare go golang ip-scanner scanner

Last synced: 28 Oct 2024

https://github.com/Josue87/AnalyticsRelationships

Get related domains / subdomains by looking at Google Analytics IDs

bugbounty osint subdomains

Last synced: 04 Aug 2024

https://github.com/RAJANAGORI/Nightingale

It's a Docker Environment for Pentesting which having all the required tool for VAPT.

bugbounty cybersecurity docker-image hacking hacking-tools htb nightingale osint owasp penetration-testing pentest-tool pentesting platform-independent vulnerabilities

Last synced: 04 Aug 2024

https://github.com/serain/bbrecon

Python library and CLI for the Bug Bounty Recon API

bug-bounty-recon bugbounty bugbountytips bugcrowd cybersecurity federacy hackenproof hackerone hacking osint recon security web-security yeswehack

Last synced: 04 Aug 2024

https://github.com/Impact-I/x8-Burp

Hidden parameters discovery suite

api-testing bugbounty content-discovery parameter-discovery recon

Last synced: 04 Aug 2024

https://github.com/pdelteil/BugBountyReportTemplates

List of reporting templates I have used since I started doing BBH.

bugbounty bugcrowd hackerone intigriti reports templates

Last synced: 04 Aug 2024

https://github.com/ArturSS7/TukTuk

Tool for catching and logging different types of requests.

bugbounty go golang pentest security summer-of-hack

Last synced: 03 Aug 2024

https://github.com/iamthefrogy/nerdbug

Full Nuclei automation script with logic explanation.

application-security appsec automation bugbounty bugbounty-bot bugbountytips nuclei nuclei-templates security-tools

Last synced: 04 Aug 2024

https://github.com/mlcsec/headi

Customisable and automated HTTP header injection

bugbounty golang header-injection

Last synced: 03 Nov 2024

https://github.com/ameenmaali/wordlistgen

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths

bugbounty content-discovery hacking infosec wordlists

Last synced: 04 Aug 2024

https://github.com/Sachin-v3rma/Astra

Astra is a tool to find URLs and secrets inside a webpage/files

bugbounty hacking infosec pentesting security

Last synced: 04 Aug 2024

https://github.com/pdelteil/BugBountyHuntingScripts

I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.

bbrf bugbounty

Last synced: 04 Aug 2024

https://github.com/nerrorsec/Google-Dorker

Automate dorking while doing bug bounty or other stuffs.

bug-bounty bugbounty github-dorking google-dorking infosec osint pentesting security shodan-dorks

Last synced: 12 Nov 2024

https://github.com/codingo/bbr

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

bug-bounty bug-bounty-hunters bugbounty bugbounty-tool reporting reporting-tool security-tools

Last synced: 07 Nov 2024

https://github.com/codingo/crithit

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

bugbounty enumeration hacking hacking-tool infosec offensive-security penetration-testing pentest-tools pentesting security security-audit security-tools security-vulnerability web-application-security

Last synced: 20 Oct 2024

https://github.com/stevemcilwain/quiver

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

bugbounty hacking hacking-tools kali kali-linux penetration-testing pentesting zsh zsh-plugin

Last synced: 03 Nov 2024

https://github.com/putsi/privatecollaborator

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

bugbounty burp burpsuite burpsuitepro collaborator penetration-testing penetration-testing-tools

Last synced: 03 Aug 2024

https://github.com/riza/linx

Reveals invisible links within JavaScript files

bugbounty infosec recon

Last synced: 01 Nov 2024

https://github.com/harleo/asnip

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

asn bugbounty discovery ip mapping organization osint pentesting reconnaissance target

Last synced: 05 Nov 2024

https://github.com/hackingguy/Bug-Hunting-Colab

A Colab For Bug Hunting!

bug-hunting bugbounty colab google-colab vps

Last synced: 04 Aug 2024

https://github.com/Static-Flow/gofingerprint

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

bugbounty bugbounty-tool golang hacking hacking-tool

Last synced: 04 Nov 2024

https://github.com/codingo/minesweeper

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

bitcoin blacklist blacklist-extension bugbounty burp-extensions burp-plugin burpsuite burpsuitepro coinhive coinhive-miners cryptocurrency cryptojacking hacking hacking-tool penetration-testing security-audit security-scanner security-tools web-application-hacking web-security

Last synced: 31 Oct 2024

https://github.com/codingo/Minesweeper

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

bitcoin blacklist blacklist-extension bugbounty burp-extensions burp-plugin burpsuite burpsuitepro coinhive coinhive-miners cryptocurrency cryptojacking hacking hacking-tool penetration-testing security-audit security-scanner security-tools web-application-hacking web-security

Last synced: 09 Nov 2024

https://github.com/shivamrai2003/reconky-automated_bash_script

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

automated-testing bash-script bugbounty bugbounty-tool bugbounty-tools enumeration exploitation hacking hacking-code nmap osint penetration-testing pentesting-tools recon recon-tools reconnaissance

Last synced: 31 Oct 2024

https://github.com/InfosecHouse/InfosecHouse

Tools & Resources for Cyber Security Operations

bugbounty bugbounty-tool defensive-security hacking incident-response infosec infosec-reference infosectools offensive-security penetration-testing-tools pentest-tools resources

Last synced: 09 Nov 2024

https://github.com/iamsarvagyaa/AndroidSecNotes

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

adb android androidsecurity bugbounty hacking notes pentesting security

Last synced: 04 Aug 2024

https://github.com/t0thkr1s/allsafe

Intentionally vulnerable Android application.

android bugbounty bypass certificate dynamic-analysis forthebadge frida frida-scripts hackerone-reports hardcoded-credentials mobile-security reverse reverse-engineering vulnerabilities vulnerable vulnerable-android-apps

Last synced: 10 Nov 2024

https://github.com/anof-cyber/pycript

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty

application-security bug-bounty bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender cybersecurity encryption infosec penetration-testing pentesting python security

Last synced: 13 Nov 2024

https://github.com/blackhatethicalhacking/secretopt1c

SecretOpt1c is a Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!

bugbounty hacking infosec reconnaissance secrets-detection

Last synced: 05 Nov 2024

https://github.com/random-robbie/jira-scan

CVE-2017-9506 - SSRF

bugbounty jira ssrf

Last synced: 09 Nov 2024

https://github.com/trickest/dsieve

Filter and enrich a list of subdomains by level

bugbounty enumeration infosec infosectools penetration-testing penetration-testing-tools pentesting pentesting-tools security subdomain subdomain-enumeration subdomain-finder subdomain-scanner

Last synced: 03 Aug 2024

https://github.com/gwen001/github-endpoints

Find endpoints on GitHub.

bugbounty endpoints github go golang pentesting security-tools urls

Last synced: 09 Nov 2024

https://github.com/cosad3s/postleaks

Search for sensitive data in Postman public library.

bugbounty leaks osint postman

Last synced: 29 Oct 2024

https://github.com/thehackingsage/bughunter

Tools for BugHunting

bugbounty bughunting discovery exploitation information-gathering mapping penetration-testing poc reporting tools

Last synced: 09 Nov 2024

https://github.com/gwen001/offsectools_www

A vast collection of security tools and resources curated by the community.

bugbounty cybersecurity pentesting security-tools tools

Last synced: 09 Nov 2024

https://github.com/ryandamour/ssrfuzz

SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities

bugbounty security ssrf

Last synced: 04 Aug 2024

https://github.com/sickcodes/no-sandbox

No Sandbox - Applications That Run Chromium and Chrome Without The Sandbox. TL;DR exploits in these browser based applications are already sandboxed escaped: https://no-sandbox.io/

0day bug bugbounty chrome chromium exploit rce research

Last synced: 28 Oct 2024

https://github.com/softrams/bulwark

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

angular application-security appsec blue-team bugbounty express nodejs penetration-testing-tools pentesting red-team security-tool security-tools typeorm typescript vulnerability-assessment vulnerability-management vulnerability-report vulnerability-research webappsec

Last synced: 04 Aug 2024

https://github.com/Anof-cyber/PyCript

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty

application-security bug-bounty bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender cybersecurity encryption infosec penetration-testing pentesting python security

Last synced: 04 Aug 2024

https://github.com/harleo/knockknock

A simple reverse whois lookup tool which returns a list of domains owned by people or companies

bugbounty domains infosec organization osint owned pentesting reconnaissance reverse whois

Last synced: 05 Nov 2024

https://github.com/AvasDream/pentesting-dockerfiles

Pentesting/Bugbounty Dockerfiles.

bugbounty docker dockerfile hacking-tool pentest-tool pentesting redteam

Last synced: 04 Aug 2024

https://github.com/shubhampathak/autosetup

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

autoinstall autosetup bash bugbounty debian infosec kali-linux linux post-installation postinstall recon reconnaissance script security shell ubuntu ubuntu-installation

Last synced: 04 Aug 2024

https://github.com/escape-technologies/graphinder

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

bugbounty finder graphql osint reconnaissance security spider subdomain-enumeration subdomain-scanner

Last synced: 11 Nov 2024

https://github.com/InfoSecWarrior/Offensive-Payloads

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

bugbounty payloads pentest pentesting security vulnerability-assessment wordlists

Last synced: 26 Sep 2024

https://github.com/adnanekhan/gato-x

GitHub Attack Toolkit - Extreme Edition

bugbounty cicd github github-actions

Last synced: 15 Oct 2024

https://github.com/shiblisec/Rekon

The project contains multiple shell scripts for automating the tasks during recon.

automation bash bugbounty hacking hacking-tools reconnaissance rekon

Last synced: 23 Oct 2024

https://github.com/Shivangx01b/CorsMe

Cross Origin Resource Sharing MisConfiguration Scanner

application bugbounty bugbounty-tool golang offensive-security scanner web

Last synced: 03 Nov 2024

https://github.com/Hrishikesh7665/Android-Pentesting-Checklist

Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skills with essential tools and user-friendly guides. Elevate Android security seamlessly!

android android-app android-penetration-testing-checklist android-pentesting-checklist bug-bounty bugbounty checklist cybersecurity frida magisk objection penetration-testing pentesting red-teaming vulnerability-assessment vulnerability-checklist

Last synced: 06 Nov 2024

https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...

bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups

Last synced: 03 Nov 2024

https://github.com/edoverflow/proof-of-concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

bugbounty infosec poc proof-of-concept security

Last synced: 03 Aug 2024

https://github.com/EdOverflow/proof-of-concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

bugbounty infosec poc proof-of-concept security

Last synced: 13 Nov 2024

https://github.com/blackhatethicalhacking/terminatorz

TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.

bugbounty bugbounty-tool hacking offensive-security penetration-testing pentesting redteam

Last synced: 05 Nov 2024

https://github.com/r0x4r/d4rkxss

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

bugbounty bughunter bughunting ethical-hacking hacking javascript xss-exploitation xss-filter xss-vulnerability

Last synced: 01 Nov 2024

https://github.com/oliverwiegers/pentest_lab

Local penetration testing lab using docker-compose.

bug-bounty bugbounty docker docker-compose penetration-testing pentest

Last synced: 10 Nov 2024

https://github.com/dhn/udon

A simple tool that helps to find assets/domains based on the Google Analytics ID.

bugbounty domain osint recon reconnaissance subdomain

Last synced: 04 Aug 2024

https://github.com/hueristiq/web-hacking-toolkit

A web hacking toolkit (docker image).

bug-bounty bugbounty bugbounty-tool docker docker-image docker-images dockerhub hacker-tools hacking nmap osint penetration-testing pentesting recon reconnaissance web-hacking web-hacking-tool web-hacking-toolkit web-security

Last synced: 06 Nov 2024

https://github.com/EasyRecon/Hunt3r

Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework

bugbounty reconnaissance subdomains

Last synced: 03 Aug 2024

https://github.com/iknowjason/edge

Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.

bugbounty pentesting pentesting-tools redteam-tools

Last synced: 13 Nov 2024

https://github.com/daffainfo/oneliner-bugbounty

A collection oneliner scripts for bug bounty

bugbounty hacktoberfest pentest

Last synced: 11 Nov 2024

https://github.com/R0X4R/D4rkXSS

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

bugbounty bughunter bughunting ethical-hacking hacking javascript xss-exploitation xss-filter xss-vulnerability

Last synced: 04 Aug 2024

https://github.com/e1abrador/sub.Monitor

Self-hosted passive subdomain continous monitoring tool.

attack-surface-management bug-bounty bugbounty bugbounty-tools bugbountytips infosec monitoring-tool python python3 red-team-tools security subdomain-enumeration subdomain-scanner

Last synced: 13 Nov 2024

https://github.com/yevh/VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 07 Sep 2024

https://github.com/RossGeerlings/webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

attack-surface bugbounty bugbounty-tool cybersecurity footprinting information-gathering infosec pentest-scripts pentest-tools pentesting pentesting-tools recon reconnaissance security security-tools

Last synced: 04 Aug 2024

https://github.com/gwen001/dataextractor

A Burp Suite extension to extract datas from source code while browsing.

bugbounty burpsuite pentesting private python secrets security-tools

Last synced: 09 Nov 2024

https://github.com/daffainfo/Oneliner-Bugbounty

A collection oneliner scripts for bug bounty

bugbounty hacktoberfest pentest

Last synced: 08 Aug 2024

https://github.com/xer0times/SQLi-Query-Tampering

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

bug-bounty bugbounty bughunting burp-extensions burp-plugin burpsuite burpsuite-pro evasion payload-generator pentesting pentesting-tools sqli sqlinjection