Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2024-11-15 00:03:57 UTC
- JSON Representation
https://github.com/bruston/sonar
Subdomain enumeration via the JSON API provided by https://sonar.omnisint.io/ which uses the Rapid7 dataset.
Last synced: 23 Oct 2024
https://github.com/shreyaschavhan/bugbountywriteups
This Repository will contain Bug Bounty Write-Up that I read on daily basis!
bounty bounty-hunters bug-bounty bugbounty bugcrowd hackerone hackers payloads synack tools writeups
Last synced: 23 Oct 2024
https://github.com/crypticq/WP-killer
vulnerability scanner for wordpress
bugbounty cybersecurity exploit exploitation hacking penetration-testing vulnerability-scanners wordpress
Last synced: 23 Oct 2024
https://github.com/pwnb0y/BugBounty-Scripts
Quick scripts to make life easier of a Hacker 😎
bash-script bugbounty vps-setup
Last synced: 23 Oct 2024
https://github.com/rundtstykker/subdomain-crawler-application-security-
A simple & lightweight domain crawler that uses a pre-defined wordlist to discover subdomains on specified domain
Last synced: 10 Nov 2024
https://github.com/lucabarile/zdi-can-16857
Exploit and report for CVE-2023-32163
0-day 0day bugbounty cve-2023-32163 disclosure elevation-of-privilege exploit local-privilege-escalation logical-vulnerability lpe poc privilege-escalation proof-of-concept vulnerability wacom wacom-driver wacom-vulnerability write-up writeups zdi-can-16857
Last synced: 08 Nov 2024
https://github.com/x00tex/duckscripts
Collection of script i wrote during bug bounty hunting.
android-application apkpure-scraper bugbounty subdomain-enumeration
Last synced: 01 Nov 2024
https://github.com/n0kovo/random-agent
Simply output a random user-agent. Use it with tools that don't have a --random-agent flag. Like `random-agent` or $(random-agent)
appsec bug-bounty bug-bounty-tools bugbounty bugbounty-tool bugbountytools fuzzer fuzzing infosec infosectools pentesting pentesting-tools redteam-tools web-app-security webfuzzer
Last synced: 08 Nov 2024
https://github.com/hellblack55/dobby
This script finds subdomains and URLs, filters them into .js, .json, and sensitive categories, and helps streamline your security assessments and bug hunting.
bash bash-script bug bug-bounty bugbounty bugbounty-tool
Last synced: 09 Oct 2024
https://github.com/mathis2001/wappassivescan
Passive Vulnerability Scanner working with Wappalyzer API and MITRE CVE search functionnality.
bugbounty bugbounty-tool cve mitre passive-vulnerability-scanner pentest pentest-tool pentesting pentesting-tools wappalyzer
Last synced: 11 Nov 2024
https://github.com/haccer/xmail
Go tool that detects which email addresses have domains which are able to be registered
account-takeover bug-bounty bugbounty cyber email go golang infosec osint pentesting redteam redteam-tools security
Last synced: 11 Nov 2024
https://github.com/pocdork/gitdomain
Discover endpoints using companies GitHub Repositories name
bugbounty bugbounty-tool hacking infosec
Last synced: 04 Aug 2024
https://github.com/proditis/bugbounty-journal
The journal of a unix geek taking its first steps into the BugBounty world...
Last synced: 15 Oct 2024
https://github.com/it-jhack/bughunter-debian-setup
Bash script to install essential tools for bughunting
bounty bug bug-bounty bugbounty bugbounty-tool cyber-security debian debian-linux linux python python3 subdomain subdomain-scanner subdomain-takeover
Last synced: 04 Nov 2024
https://github.com/itpey/taz
A simple yet powerful load testing framework for Go.
api attack bugbounty ddos go high-performance load-testing penetration-testing pentesting pentesting-tools testing unit-test unittesting
Last synced: 15 Nov 2024
https://github.com/arshadkazmi42/is-broken-link-github
Github Links Broken Status Checker
blc broken-links bugbounty github links python script
Last synced: 28 Oct 2024
https://github.com/lord3ver/gctsubdomains
Discover subdomains in Certificate Transparency logs using Google's Transparency Report
bugbounty go osint penetration-testing pentest recon subdomain subdomain-enumeration
Last synced: 04 Aug 2024
https://github.com/markgacoka/r3c0n
A tool for performing reconnaissance on web targets in Python
bugbounty cybersecurity library python recon reconnaissance reconnaissance-framework
Last synced: 04 Aug 2024
https://github.com/alwalxed/juicyurls
A CLI tool to scan suspicious URLs by keywords, extensions, paths and hidden files.
automation bugbounty cli cybersecurity detection exploit golang malware open-source osint penetration-testing projectdiscovery recon reconnaissance scanner scanning security urlscan vulnerabilities
Last synced: 15 Nov 2024
https://github.com/abhinandan-khurana/l337_5ub0v3r
A python tool to check subdomain takeover vulnerability
bugbounty cybersecurity docker pentesting python3
Last synced: 11 Nov 2024
https://github.com/topscoder/aisubs
Leverage the power of AI to find hard to find subdomains.
ai bugbounty bugbounty-tools chatgpt infosec security subdomain subdomain-finder
Last synced: 13 Nov 2024
https://github.com/arshadkazmi42/wbm
Waybackmachine to pull all wayback urls of input domain
Last synced: 28 Oct 2024
https://github.com/padsalatushal/burp-suite-pro-installer
Install & Activate Burp Suite Pro v1.7.37 with Key-Loader
bugbounty bugbounty-tool burpsuite burpsuite-cracked burpsuite-old burpsuite-pro burpsuite-pro-windows powershell security-tools v1-7-37
Last synced: 14 Nov 2024
https://github.com/it-jhack/subsort
Subsort removes grep redundancies for subdomains in a list.
bugbounty dns fdns osint project-sonar python reconnaissance subdomain subdomain-sorter subdomain-takeover subdomains subdomains-discovery subdomains-enumeration
Last synced: 13 Nov 2024
https://github.com/Retr0-45809/autorecon
An automation tool to perform multiple reconnaissance attacks on a domain instantly
bugbounty bugbountyautomation reconnaissance
Last synced: 23 Oct 2024
https://github.com/d3mondev/cidrex
A command-line utility for expanding CIDR ranges with support for IPv6.
bugbounty cidr cidr-range ipv4 ipv6
Last synced: 12 Nov 2024
https://github.com/mathis2001/Reflection
Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)
bugbounty parameters pentest reflected
Last synced: 23 Oct 2024
https://github.com/acuciureanu/wp-plugins-analyzer
A WordPress plugins analyzer which is still work in progress anyway
bugbounty bugbounty-tool wordpress-security-scanner
Last synced: 12 Oct 2024
https://github.com/mathis2001/reflection
Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)
bugbounty parameters pentest reflected
Last synced: 11 Nov 2024
https://github.com/andreystepanov/pentesterland-writeups
Pentester Land's curated collection of bug bounty writeups in formatted JSON
bugbounty bugbounty-writeups pentesterland pentesting writeups
Last synced: 11 Nov 2024
https://github.com/mathis2001/gitdiscloser
Python recon tool for Github information disclosure research
bugbounty github pentesting recon
Last synced: 11 Nov 2024
https://github.com/TargetPackage/api-key-impact
A list of different types of API keys and how to prove impact for bug bounty programs.
api api-key api-keys bug-bounty bugbounty impact
Last synced: 10 Sep 2024
https://github.com/rajspeaks/bug-bounty-hall-of-fames
All the Infosec Hall of Fame regarding bug bounty Achievements
bug-bounty bugbounty bugreport cyber-security cybersecurity ethical-hacking hall-of-fame information-security infosec rajdeep-das rajspeaks sql-injection xss-detection
Last synced: 30 Oct 2024
https://github.com/0xrobiul/FInstall
It's An Automation Script Which Will Automatically Install Tools For Bug Hunting/Web-Application Penetration Testing!
bugbounty cyber-security hacking penetration-testing pentesting
Last synced: 23 Oct 2024
https://github.com/mathis2001/subpwnable
Are your (sub)domains pwnable ? SubPwnable is a simple Python tool designed to helps you answer this question.
bugbounty cname pentest subdomain-takeover
Last synced: 11 Nov 2024
https://github.com/sa7mon/vulnchest
A collection of vulnerable applications for research purposes
Last synced: 12 Nov 2024
https://github.com/acuciureanu/png-payload-injector
CLI tool for embedding XSS payloads in PNG files.
bugbounty bugbounty-tool bugbountyhunting security-automation
Last synced: 12 Oct 2024
https://github.com/ahmadchen/wpscan
bugbounty linux python shell-script wordpress
Last synced: 15 Nov 2024
https://github.com/gwen001/10degres_hugo
http://10degres.net
blog bugbounty bugbountytips bugbountytools hugo pentesting sectools security security-tools
Last synced: 09 Nov 2024
https://github.com/it-jhack/subtaker
A tool to help find subdomain takeover vulnerabilities
bug-bounty bugbounty enumeration hacking infosec osint penetration-testing pentesting python recon reconnaissance subdomain subdomain-takeover
Last synced: 13 Nov 2024
https://github.com/lucabarile/zdi-can-16318
Exploits and reports for CVE-2023-32162
0-day 0day bugbounty cve-2023-32162 disclosure elevation-of-privilege exploit local-privilege-escalation logical-vulnerability lpe poc privilege-escalation proof-of-concept vulnerability wacom wacom-driver wacom-vulnerability write-up writeups zdi-can-16318
Last synced: 08 Nov 2024
https://github.com/D0N-B0T/scripts
short Scripts i use for bugbounty and others.
Last synced: 23 Oct 2024
https://github.com/GabrielCS0/security-trails
This is a tool to automate the search for subdomains on the website securitytrails.com
bugbounty pentesting python recon subdomains
Last synced: 23 Oct 2024
https://github.com/sysevil/rusho
subdomain tool cli for shodan by Rust lang
bugbounty hacking hacking-tool recon reconnaissance rust rust-lang subdomain-enumeration
Last synced: 29 Oct 2024
https://github.com/mathis2001/ezcomments
EzComments is a tool allowing you to get all html and js comments of each url given to him
bugbounty comments pentest recon
Last synced: 11 Nov 2024
https://github.com/arshadkazmi42/npmdc-poc
NPM Dependency Confusion - PoC
bugbounty confusion dependency infosec npm poc
Last synced: 28 Oct 2024
https://github.com/mathis2001/lightssticheck
LightSSTICheck is a tool designed to find basic SSTI vulnerabilities
Last synced: 11 Nov 2024
https://github.com/mathis2001/jsembed
Simple Python tool to embed JavaScript code in different types of files (pdf and svg for now)
bugbounty fileupload javascript pdf pentest svg xss
Last synced: 11 Nov 2024
https://github.com/codeb0ss/CVE-2023-3836
0day bugbounty codeb0ss codeboss cve cve-2023-3836 exploit exploiter hackerone uncodeboss webshell
Last synced: 23 Oct 2024
https://github.com/RandomRobbieBF/grafana-bruteforce
Grafana Bruteforce tool
brute-force bugbounty grafana red-team
Last synced: 23 Oct 2024
https://github.com/acuciureanu/log-name-generator
A tool which enhances fuzzing with date-formatted log file names.
bugbounty bugbounty-tool bugbountytips content-discovery fuzzing wordlist wordlist-generator
Last synced: 12 Oct 2024
https://github.com/ichbinbork/JS_lookup
Tool that helps javascript source code analysis processes
bugbounty codereview websecurity
Last synced: 23 Oct 2024
https://github.com/n0kovo/dnsplz
A simple Bash script that resolves a list of domains from stdin to IP addresses and prints them to stdout
bug-bounty bugbounty dns dns-enum dns-enumeration dns-lookup dns-lookups dns-reconnaissance dns-requests dns-resolver
Last synced: 08 Nov 2024
https://github.com/mathis2001/EzComments
EzComments is a tool allowing you to get all html and js comments of each url given to him
bugbounty comments pentest recon
Last synced: 23 Oct 2024
https://github.com/mrvcoder/bug-hunting-methodologies
this repo contains some public methodologies which I found from internet (google,telegram,discord,writeups etc..)
bounty bug bugbounty bugbounty-methodology hack hunt information-gathering methodology osint recon reconnaissance
Last synced: 06 Nov 2024
https://github.com/sarperavci/infinitedorkscanner
A premium OSINT tool that allows you to scan dorks on Search Engines WITHOUT LIMITS
bing-dorks bug-bounty bugbounty bugbounty-tool dork dork-scanner dork-scanning dorking-tool google-dork hacking hacking-tool infosec osint python sql sql-injection sqli vulnerability-scanners
Last synced: 10 Nov 2024
https://github.com/sudosuraj/Dorks
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
bounty bug bugbounty dork dorks google googledorks sudosuraj
Last synced: 23 Oct 2024
https://github.com/codeb0ss/cve-2023-3836
0day bugbounty codeb0ss codeboss cve cve-2023-3836 exploit exploiter hackerone uncodeboss webshell
Last synced: 13 Nov 2024
https://github.com/codeb0ss/cve-2023-20073-
Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]
0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router
Last synced: 13 Nov 2024
https://github.com/h3xploit0x1/url-gatherer
Simple Bash Script To Gather URL From Target. Useful For BugBounty.
bugbounty ethical-hacking hacking pentesting tool
Last synced: 15 Nov 2024
https://github.com/eagleeggs/bugbounties
Authorized dislosures of bugbounties that have been resolved
bugbounty bugcrowd fitbit penetration-testing security
Last synced: 11 Nov 2024
https://github.com/qyfashae/bug_bounty_scripts
My private bug bounty scripts i have written under the years for real time projects within bug bounty hunting and penetration testing(red team).
bug-bounty-tools bugbounty bugbounty-tools exploits exploits-scripts hacking penetration-testing pentesting python-exploits
Last synced: 13 Nov 2024
https://github.com/carloocchiena/subdomain_scanner
A simple script that ping up to 10K most common subdomains in a target website and returns a list of finding.
bugbounty networking scanner vulnerability-scanners
Last synced: 14 Oct 2024
https://github.com/cak/foot
Foot is a library that fetches a list of URLs and silly walks through each site to gather information.
Last synced: 14 Nov 2024
https://github.com/cosad3s/njsdump
Dump paths & pages from Next.js Manifest
bugbounty nextjs recon security
Last synced: 29 Oct 2024
https://github.com/prvvv/submapper
A subdomain enumeration tool designed to find WAF's and 404 pages for takeover and enumeration
404 404-page amazon bug-bounty bugbounty cloudflare python3 subdomain-enumeration subdomain-scanner subdomain-takeover waf-detection
Last synced: 13 Nov 2024
https://github.com/eagleEggs/bugBounties
Authorized dislosures of bugbounties that have been resolved
bugbounty bugcrowd fitbit penetration-testing security
Last synced: 23 Oct 2024
https://github.com/codeb0ss/CVE-2023-20073-
Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]
0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router
Last synced: 23 Oct 2024
https://github.com/palanioffcl/CTFation
I made this for my personal use to automate things like enumeration and all other stuffs to reduce time in recon and helps to claim first blood. ⛳ 😀
automation bash-script bugbounty ctf hacking linux penetration-testing pentesting
Last synced: 23 Oct 2024
