Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/drdataye/drxploit

DrXploit is a powerful and open-source penetration testing and exploitation tool for web applications. This tool is designed to automate the process of discovering and exploiting vulnerabilities, saving time and effort for security researchers.

bugbounty exploit exploit-db hacking hacking-tool hackweb python3 scanning

Last synced: 08 Jul 2025

https://github.com/xthezealot/saar

Saar is a bug bounty script combining the best tools for a smooth recon workflow

bugbounty dns http hunting nuclei pentesting recon redteam scanner security subdomain vulnerability

Last synced: 05 Jul 2025

https://github.com/qyfashae/bug_bounty_scripts

My private bug bounty scripts i have written under the years for real time projects within bug bounty hunting and penetration testing(red team).

bug-bounty-tools bugbounty bugbounty-tools exploits exploits-scripts hacking penetration-testing pentesting python-exploits

Last synced: 14 May 2026

https://github.com/InTruder-Sec/Bug-Bounty-Tools

InTruder.sec || My Personal Favourite Bug Bounty Hunting Tools.

bugbounty

Last synced: 10 Mar 2025

https://github.com/escf1root/scando

⚡ Fast Bash-based subdomain enumeration using Subfinder, Assetfinder, crt.sh, and more.

bash bug bugbounty infosec recon subdomain subdomain-finder subdomain-scanner

Last synced: 03 Jul 2025

https://github.com/edivangalindo/travis-test

A little tool to fastly test if Travis tokens are valid

bugbounty infosec osint osint-tool token-leaked tool travis travis-ci

Last synced: 25 Jan 2026

https://github.com/wfinn/urlame

declutters URL lists for hacking (not just grep -v)

bugbounty pentesting reconnaissance url-filter urls

Last synced: 11 Jan 2026

https://github.com/netlas-io/homebrew-netlas

Homebrew tap for installing the Netlas CLI. Provides easy installation and updates for macOS and Linux users.

bugbounty cli homebrew package reconnaissance

Last synced: 13 Apr 2026

https://github.com/proditis/bugbounty-journal

The journal of a unix geek taking its first steps into the BugBounty world...

bugbounty funny journal

Last synced: 19 Mar 2026

https://github.com/arshadkazmi42/is-broken-link-github

Github Links Broken Status Checker

blc broken-links bugbounty github links python script

Last synced: 11 Sep 2025

https://github.com/acuciureanu/wp-plugins-analyzer

A WordPress plugins analyzer which is still work in progress anyway

bugbounty bugbounty-tool wordpress-security-scanner

Last synced: 29 Oct 2025

https://github.com/geeknik/burp-idor

A powerful Python tool for identifying Insecure Direct Object Reference (IDOR) vulnerabilities in Burp Suite traffic exports.

ai bug-bounty bugbounty burp burp-suite cli hacking heuristics hugging-face huggingface idor infosec python qa security testing yaml

Last synced: 18 May 2026

https://github.com/shreyaschavhan/bugbountywriteups

This Repository will contain Bug Bounty Write-Up that I read on daily basis!

bounty bounty-hunters bug-bounty bugbounty bugcrowd hackerone hackers payloads synack tools writeups

Last synced: 10 Mar 2025

https://github.com/hellblack55/dobby

This script finds subdomains and URLs, filters them into .js, .json, and sensitive categories, and helps streamline your security assessments and bug hunting.

bash bash-script bug bug-bounty bugbounty bugbounty-tool

Last synced: 31 Jan 2026

https://github.com/h3xploit0x1/1line-bash

Collection Of Line BASH Useful for BugBounty.

bash bugbounty hacking

Last synced: 07 Feb 2026

https://github.com/adarshaddee/httpsx

Bug Bounters and others can also use this tool to make make any link accessible on browser.

adarsh-addee adarshaddee bug-bounty bugbounty codarsh cyber-security cybersecurity hackers hacking https httpsx mr-idealhat mridealhat

Last synced: 07 Jul 2025

https://github.com/demon1a/mapz

Mapz is a tool written in go to validate the existance of JavaScript map files in websites

bugbounty go-tools hacking javascript recon

Last synced: 19 May 2026

https://github.com/sumidcyber/secureye

🔒 SecurEye: Web Security Simplified SecurEye helps you keep your website safe with log analysis and IP/port scanning. Get protected now on GitHub!

bugbounty bugbounty-tools ip ip-port-scanning ipscanner log-analysis log-analytics port portscanner python python3 web-scanner webserver website wifi-hacking

Last synced: 24 Mar 2025

https://github.com/ranskyth/steet

ferramenta automatizada para web recon

bugbounty bughunter hacker hacking hacking-tool recon

Last synced: 14 Jun 2025

https://github.com/mamad4ever/next-dork

Useful Google Dorks for Bug Bounty

bug-bounty bug-bounty-tools bugbounty google-dorks

Last synced: 27 Mar 2025

https://github.com/edivangalindo/aws-test

A little tool to fastly test if AWS IAM keys are valid

aws bugbounty iam infosec sast security-tools

Last synced: 25 Jan 2026

https://github.com/wallacescott240/auto-recon

OSINT Multi Recon Tool is an advanced open-source intelligence (OSINT) gathering tool designed for ethical hackers, penetration testers, and cybersecurity professionals. This tool automates reconnaissance by collecting valuable information from various sources, including GitHub, LinkedIn, WHOIS, subdomains, and phone number lookups.

automation bugbounty cybersecurity ethicalhacking osint pentesting programming pyton reconnaissance redteam social-engineering threathunting threatintelligence whoislookup

Last synced: 05 Oct 2025

https://github.com/ayuxsec/cachex

A high-accuracy, behavioral cache poisoning scanner for modern Web APIs

bugbounty cache-poisoning hacking security-tools

Last synced: 14 Jan 2026

https://github.com/mateofumis/xunifedparams.py

Python script for Unify all Parameters with all URLs.

bugbounty bugbountytips hacking hacking-tool pentesting python

Last synced: 31 Mar 2025

https://github.com/rix4uni/cspfinder

Discover new target domains using Content Security Policy

bugbounty content-security-policy csp golang hacking recon reconnaissance security

Last synced: 02 Feb 2026

https://github.com/rafabd1/harpy

High-performance web reconnaissance tool for extracting endpoints, parameters, and hidden assets from Web files.

bugbounty reconnaissance

Last synced: 14 Jan 2026

https://github.com/topscoder/aisubs

Leverage the power of AI to find hard to find subdomains.

ai bugbounty bugbounty-tools chatgpt infosec security subdomain subdomain-finder

Last synced: 06 May 2026

https://github.com/myavuzyagis/poker

a small helper tool for pentesting. Automates boring stuff.

bugbounty golang osint pentest-tool

Last synced: 12 Jan 2026

https://github.com/mathis2001/qrecipe

QRecipe is a simple python script that have been designed to fuzz Android and iOS apps QR code readers for multiple vulnerabilities depending on the given wordlist.

android-application appsec bugbounty fuzzing ios-app pentest qrcode qrcode-generator tool

Last synced: 10 May 2026

https://github.com/eagleEggs/bugBounties

Authorized dislosures of bugbounties that have been resolved

bugbounty bugcrowd fitbit penetration-testing security

Last synced: 10 Mar 2025

https://github.com/AdarshAddee/httpsx

Bug Bounters and others can also use this tool to make make any link accessible on browser.

adarsh-addee adarshaddee bug-bounty bugbounty codarsh cyber-security cybersecurity hackers hacking https httpsx mr-idealhat mridealhat

Last synced: 10 Mar 2025

https://github.com/yogsec/sql-injection-payloads

This repository is a comprehensive collection of SQL Injection Payloads designed for educational, research, and testing purposes. It includes a wide variety of payloads for different SQLi techniques.

bug-bounty bugbounty cybersecurity ethical-hacking ethical-hacking-tools osint sql-injection sql-injection-exploitation sql-injection-payload sql-injection-payloads sql-injections sql-payload sql-payload-list sql-payloads sqli sqli-payloads-list sqlinj sqlinjection sqlmap yogsec

Last synced: 02 Jan 2026

https://github.com/povzayd/ultron

Ultron is an API Key Validator tool that verifies API keys and tokens across multiple services like Slack, GitLab, AWS, GitHub, Stripe, and more. It accepts plain text files with API keys, performs automated validation checks, and provides clear feedback on key status.

api apikey-authentication apikey-checker apikey-finder apikeyauthentication apitesting awskey bugbounty github-api token-authetication tokenchecker validation-tool

Last synced: 30 Jun 2025

https://github.com/ananya-0306/log-4j-scanner

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

bugbounty cybersecurity fork-for-contribution log4j open-source trending-repositories

Last synced: 04 Apr 2025

https://github.com/packetengine/packetengine

The subdomain enumeration tool to replace all subdomain enumeration tools

bugbounty golang hacking offensive-security osint reconnaissance redteam subdomain-enumeration subdomains

Last synced: 15 Jan 2026

https://github.com/xvolume/fuzzmap

Light, fast fuzz.

bugbounty fuzz fuzzing pentesting recon

Last synced: 10 Mar 2025

https://github.com/aviksaikat/httprex

'httpRex' is a command-line tool for checking the status code of one or multiple URLs. It can also save the output to a file.

bugbounty go golang httpx

Last synced: 18 Feb 2026

https://github.com/yogsec/digital-forensics-tools

A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analysis, and more.

bug-bounty-tools bugbounty cybersecurity cybersecurity-tools digital-forensics digital-forensics-tool digital-forensics-tools ethicalhacking forensic-analysis forensic-investigation forensics kali-linux linux osint pentesting pentesting-tools yogsec

Last synced: 16 Jun 2025

https://github.com/yogsec/hacking-bot

HACKING BOT is an automated bug bounty tool that streamlines security testing by running multiple cybersecurity tools in parallel. It allows you to customize the tools list and automate reconnaissance, scanning, exploitation, and post-exploitation analysis.

ai-hacking automation bug-bounty-tools bugbounty bugbountytools cyber-security cybersecurity hack hackers hacking hacking-bot hackingsoftwares hackingtools python yogsec

Last synced: 20 Aug 2025

https://github.com/rix4uni/gitrepoenum

Download all github repositories of a org, user, fetch all member of a org, then Find leaked credentials.

bugbounty enumeration github-osint github-repository-search github-user-search osint penetration-testing penetration-testing-tools pentesting pentesting-tools recon reconnaissance security

Last synced: 09 May 2025

https://github.com/0xrobiul/FInstall

It's An Automation Script Which Will Automatically Install Tools For Bug Hunting/Web-Application Penetration Testing!

bugbounty cyber-security hacking penetration-testing pentesting

Last synced: 10 Mar 2025

https://github.com/Aviksaikat/httpRex

'httpRex' is a command-line tool for checking the status code of one or multiple URLs. It can also save the output to a file.

bugbounty go golang httpx

Last synced: 14 Apr 2025

https://github.com/girorme/binoculo-mcp

Banner grabbing with LLM (MCP Server)

bugbounty claude-ai llm mcp-server python redteam-tools security

Last synced: 26 Feb 2026

https://github.com/abhinandan-khurana/l337_5ub0v3r

A python tool to check subdomain takeover vulnerability

bugbounty cybersecurity docker pentesting python3

Last synced: 17 May 2026

https://github.com/Retr0-45809/autorecon

An automation tool to perform multiple reconnaissance attacks on a domain instantly

bugbounty bugbountyautomation reconnaissance

Last synced: 10 Mar 2025

https://github.com/wijicute/scriptsniffer

# ScriptSniffer**ScriptSniffer** is a Python tool that extracts relative URLs from online JavaScript files and saves them as absolute URLs in a text file. Easy to use, this tool streamlines your workflow with a simple command-line interface. 🐙✨

api blackhat bugbounty cybersecurity dumper hacking hunter javascript kali-linux linux python reconnaissance termux

Last synced: 13 Apr 2026

https://github.com/hunthubspace/subscope

SubScope is a Python-based command-line tool that helps you manage domains and subdomains in workspaces using an SQLite database.

automation bugbounty bugbounty-tool database ethical-hacking exploit penetration-testing python sqlite web web-penetration-testing

Last synced: 12 Feb 2026

https://github.com/arshadkazmi42/wbm

Waybackmachine to pull all wayback urls of input domain

bugbounty wayback-machine

Last synced: 02 Apr 2025

https://github.com/wesleya0101/enumerador_de_subdominios

Este é um script simples para enumerar subdomínios de um domínio-alvo usando uma wordlist. Ele realiza consultas DNS para identificar subdomínios válidos e exibe seus respectivos endereços IP.

brute bug bugbounty enumerador pentest pentesting subdomain subdomi subdominios

Last synced: 16 Feb 2026

https://github.com/progsjessi/JS-Monitor

Track JavaScript changes websites. Website bot can detected new API endpoints & more!

api api-change-log bugbounty hacking javascript js js-monitor monitor osint toolkit tools website

Last synced: 05 Apr 2025

https://github.com/destan0098/ipchecker

Test IP up or down

bugbounty ip network

Last synced: 11 Sep 2025

https://github.com/eagleeggs/bugbounties

Authorized dislosures of bugbounties that have been resolved

bugbounty bugcrowd fitbit penetration-testing security

Last synced: 19 Mar 2026

https://github.com/blackvoidx/google-dorker

Simple Google Dork Generator for Cybersecurity

bug-bounty bugbounty cybersecurity dork dorker google-dorks googledork osint security

Last synced: 04 Mar 2026

https://github.com/gustavogss/scanner-penetration

Ferramenta de scanner a procura de portas abertas em um host - desenvolvida em Python

bugbounty portscanner python3

Last synced: 15 Jun 2025

https://github.com/amitlttwo/endpointxplorer

A powerful Go-based tool to discover hidden endpoints, parameters, and URLs using GAU, Waybackurls, JS file analysis, and OSINT techniques.

bugbounty cybersecurity endpoint endpointxplorer hacking osint pentesting webpentest

Last synced: 10 Aug 2025

https://github.com/miladhzzzz/nuclei-api

MCP Server / API Wrapper For Nuclei Scanner

automation bugbounty cybersecurity mcp-server platform python reconnaissance

Last synced: 13 Aug 2025

https://github.com/r0x4r/varoon

A tool for checking reflected parameters in URLs.

bug bugbounty bugbounty-tool penetration-testing-tools python python3

Last synced: 30 Jan 2026

https://github.com/subnwa/erc-cli

It is a CLI source that works ergonomically and systematically within the system. These errors are added to the database with customization. In addition, it ensures that the bugs that occur in the system do not create system vulnerabilities.

bit bits bugbounty cargo cli creates db error-handling lang line rust terms

Last synced: 19 Apr 2026

https://github.com/acuciureanu/log-name-generator

A tool which enhances fuzzing with date-formatted log file names.

bugbounty bugbounty-tool bugbountytips content-discovery fuzzing wordlist wordlist-generator

Last synced: 27 Aug 2025

https://github.com/zebbern/exploitdb-extracter

📥 | Extracts and saves dorks in various formats for analysis. Fetches all dorks from Exploit-DB/google-hacking-database!

automation bugbounty cross-platform database developer exploit exploitdb extractor google google-hacking google-hacking-database hacker hacking osint pentesting python python3 script

Last synced: 20 Apr 2026

https://github.com/hunthubspace/torwatch

TorWatch is a powerful bash script for monitoring the availability of websites through the Tor network. It manages IP address rotation, blocks IP addresses if the site is inaccessible, and logs activities for tracking events.

bash-scripting bugbounty exploit penetration-testing tor web-penetration-testing

Last synced: 23 Sep 2025

https://github.com/remonsec/remonsec.github.io

My personaal blog website

bugbounty cybersecurity infosec

Last synced: 24 Mar 2025

https://github.com/sa7mon/vulnchest

A collection of vulnerable applications for research purposes

bugbounty cve infosec

Last synced: 06 Mar 2026

https://github.com/4m3rr0r/gitversionhashsearch

GitVersionHashSearch is a bash script designed for bug bounty hunters, CTF participants, and red team operations. It allows you to search for specific patterns in the MD5 hashes of all versions of a file in a Git repository, making it a valuable tool for security assessments and exploit development.

bugbounty ctf gitversion gitversionhashsearch red-team

Last synced: 29 Mar 2025

https://github.com/zebbern/secops-cli-guides

A collection of essential penetration testing and Linux administration commands, compiled in easy-to-use PDFs. This repository includes detailed guides on tools like Metasploit, Nmap, Sqlmap, Hydra, and Linux system management. Ideal for ethical hackers, sysadmins, and security professionals. More resources coming soon!

api buffer-overflow bugbounty burp-suite cloud cloud-pentesting cross-site-scripting csrf ddos exploits guide linux networking pentesting privilege-escalation secops security toolset wireshark

Last synced: 24 Dec 2025

https://github.com/linuxndroid/idor-lab

A Python Web App For IDOR Vulnerability Practices and Learning Purpose

bugbounty hacking-tool idor idor-attack idor-vulnerability linuxndroid webhacking

Last synced: 28 Jan 2026

https://github.com/abhinandan-khurana/httpx-visualizer

A browser-based, single-file tool to visually parse, filter, sort, and explore HTTPx JSON output. This enhanced version provides a more refined UI and advanced features for efficient analysis of web scan results.

bugbounty cyber-security cybersecurity httpx httpx-toolkit json-visualizer recon reconnaissance tool ui visualization visualizer

Last synced: 12 Jan 2026

https://github.com/rudsarkar/phar-vulnerability

Code for exploiting phar vulnerability for educational purpose for my Medium blog

bugbounty php phpphar source-code

Last synced: 04 Jun 2026

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,313 Cross Site Scripting (XSS) 2,115 Others 1,677 Go 1,218 Java 888 Uncategorized 729 Shell 700 JavaScript 675 C 520 Weapons 499 C# # 439 Remote Code Execution (RCE) 431 C++ 410 Android 355 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183