Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/MindPatch/lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity

Last synced: 03 Nov 2024

https://github.com/daffainfo/match-replace-burp

Useful "Match and Replace" burpsuite rules

bugbounty burpsuite hacktoberfest pentest

Last synced: 11 Nov 2024

https://github.com/firefart/hijagger

Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration

bugbounty golang hacking npm pypi security security-tools

Last synced: 15 Nov 2024

https://github.com/projectdiscovery/dnsprobe

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

bugbounty dns dns-utils dnsprobe retryabledns security subdomain

Last synced: 05 Nov 2024

https://github.com/edoardottt/missing-cve-nuclei-templates

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

automation bug-bounty bug-hunting bugbounty bugbounty-tool bugbountytips cve cve-scanning hacking nuclei nuclei-engine nuclei-templates penetration-testing pentesting projectdiscovery security security-tools vulnerability-detection vulnerability-scanners

Last synced: 26 Oct 2024

https://github.com/tegal1337/0l4bs

Cross-site scripting labs for web application security enthusiasts

bugbounty labs xss xss-exploitation xss-vulnerability

Last synced: 16 Nov 2024

https://github.com/si9int/cc.py

Extracting URLs of a specific target based on the results of "commoncrawl.org"

bugbounty osint pentesting

Last synced: 02 Nov 2024

https://github.com/edoverflow/contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.

bugbounty infosec osint security

Last synced: 10 Nov 2024

https://github.com/EdOverflow/contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.

bugbounty infosec osint security

Last synced: 04 Aug 2024

https://github.com/ThreatUnknown/jsubfinder

jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).

bugbounty pentesting proxy security security-tools

Last synced: 09 Nov 2024

https://github.com/Micro0x00/Arsenal

Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty

bug-bounty bugbounty hacking infosec osint penetration-testing pentesting recon reconnaissance security-tools shell

Last synced: 09 Nov 2024

https://github.com/anmolksachan/TheTimeMachine

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

automate bugbounty fuzzer fuzzing jira lfi openredirect osint parameter scanner xss

Last synced: 10 Sep 2024

https://github.com/ThreatUnkown/jsubfinder

jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).

bugbounty pentesting proxy security security-tools

Last synced: 25 Aug 2024

https://github.com/BountyStrike/Bountystrike-sh

Poor (rich?) man's bug bounty pipeline https://dubell.io

bugbounty bugbounty-platform

Last synced: 04 Aug 2024

https://github.com/BitTheByte/Monitorizer

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

bugbounty bugcrowd hackerone subdomain-enumeration subfinder

Last synced: 04 Aug 2024

https://github.com/devploit/XORpass

Encoder to bypass WAF filters using XOR operations.

bugbounty pentesting php waf-bypass websec xor

Last synced: 12 Nov 2024

https://github.com/daffainfo/all-about-apikey

Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)

api apikey bugbounty hacktoberfest pentest

Last synced: 11 Nov 2024

https://github.com/FleexSecurity/fleex

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

bug-bounty bugbounty digitalocean distributed-computing distributed-systems hacking hacking-tool hacktoberfest linode

Last synced: 04 Aug 2024

https://github.com/d3mondev/burp-vps-proxy

This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.

bugbounty burp-extensions burpsuite pentesting proxy socks5

Last synced: 12 Nov 2024

https://github.com/gwen001/bb-datas

Tools and datas related to Bug Bounty.

bugbounty pentesting security

Last synced: 09 Nov 2024

https://github.com/zzzteph/probable_subdomains

Subdomains analysis and generation tool. Reveal the hidden!

bugbounty bugbounty-tool wordlist

Last synced: 04 Aug 2024

https://github.com/blackhatethicalhacking/nucleimonst3r

Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.

bugbounty bugbounty-tool hacking hacking-tool infosec infosectools redteam vulnerability-scanners

Last synced: 05 Nov 2024

https://github.com/Sh1Yo/request_smuggler

Http request smuggling vulnerability scanner

bugbounty request-smuggling rust scanner security web

Last synced: 07 Nov 2024

https://github.com/Josue87/AnalyticsRelationships

Get related domains / subdomains by looking at Google Analytics IDs

bugbounty osint subdomains

Last synced: 04 Aug 2024

https://github.com/Impact-I/x8-Burp

Hidden parameters discovery suite

api-testing bugbounty content-discovery parameter-discovery recon

Last synced: 04 Aug 2024

https://github.com/pdelteil/BugBountyReportTemplates

List of reporting templates I have used since I started doing BBH.

bugbounty bugcrowd hackerone intigriti reports templates

Last synced: 04 Aug 2024

https://github.com/ArturSS7/TukTuk

Tool for catching and logging different types of requests.

bugbounty go golang pentest security summer-of-hack

Last synced: 03 Aug 2024

https://github.com/mlcsec/headi

Customisable and automated HTTP header injection

bugbounty golang header-injection

Last synced: 03 Nov 2024

https://github.com/ameenmaali/wordlistgen

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths

bugbounty content-discovery hacking infosec wordlists

Last synced: 04 Aug 2024

https://github.com/Sachin-v3rma/Astra

Astra is a tool to find URLs and secrets inside a webpage/files

bugbounty hacking infosec pentesting security

Last synced: 04 Aug 2024

https://github.com/pdelteil/BugBountyHuntingScripts

I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.

bbrf bugbounty

Last synced: 04 Aug 2024

https://github.com/nerrorsec/Google-Dorker

Automate dorking while doing bug bounty or other stuffs.

bug-bounty bugbounty github-dorking google-dorking infosec osint pentesting security shodan-dorks

Last synced: 12 Nov 2024

https://github.com/codingo/bbr

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

bug-bounty bug-bounty-hunters bugbounty bugbounty-tool reporting reporting-tool security-tools

Last synced: 15 Nov 2024

https://github.com/codingo/crithit

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

bugbounty enumeration hacking hacking-tool infosec offensive-security penetration-testing pentest-tools pentesting security security-audit security-tools security-vulnerability web-application-security

Last synced: 20 Oct 2024

https://github.com/stevemcilwain/quiver

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

bugbounty hacking hacking-tools kali kali-linux penetration-testing pentesting zsh zsh-plugin

Last synced: 03 Nov 2024

https://github.com/putsi/privatecollaborator

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

bugbounty burp burpsuite burpsuitepro collaborator penetration-testing penetration-testing-tools

Last synced: 03 Aug 2024

https://github.com/riza/linx

Reveals invisible links within JavaScript files

bugbounty infosec recon

Last synced: 01 Nov 2024

https://github.com/harleo/asnip

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

asn bugbounty discovery ip mapping organization osint pentesting reconnaissance target

Last synced: 05 Nov 2024

https://github.com/Static-Flow/gofingerprint

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

bugbounty bugbounty-tool golang hacking hacking-tool

Last synced: 04 Nov 2024

https://github.com/shivamrai2003/reconky-automated_bash_script

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

automated-testing bash-script bugbounty bugbounty-tool bugbounty-tools enumeration exploitation hacking hacking-code nmap osint penetration-testing pentesting-tools recon recon-tools reconnaissance

Last synced: 15 Nov 2024

https://github.com/iamsarvagyaa/AndroidSecNotes

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

adb android androidsecurity bugbounty hacking notes pentesting security

Last synced: 04 Aug 2024

https://github.com/random-robbie/jira-scan

CVE-2017-9506 - SSRF

bugbounty jira ssrf

Last synced: 09 Nov 2024

https://github.com/blackhatethicalhacking/secretopt1c

SecretOpt1c is a Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!

bugbounty hacking infosec reconnaissance secrets-detection

Last synced: 05 Nov 2024

https://github.com/cosad3s/postleaks

Search for sensitive data in Postman public library.

bugbounty leaks osint postman

Last synced: 29 Oct 2024

https://github.com/gwen001/offsectools_www

A vast collection of security tools and resources curated by the community.

bugbounty cybersecurity pentesting security-tools tools

Last synced: 09 Nov 2024

https://github.com/ryandamour/ssrfuzz

SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities

bugbounty security ssrf

Last synced: 04 Aug 2024

https://github.com/sickcodes/no-sandbox

No Sandbox - Applications That Run Chromium and Chrome Without The Sandbox. TL;DR exploits in these browser based applications are already sandboxed escaped: https://no-sandbox.io/

0day bug bugbounty chrome chromium exploit rce research

Last synced: 28 Oct 2024

https://github.com/harleo/knockknock

A simple reverse whois lookup tool which returns a list of domains owned by people or companies

bugbounty domains infosec organization osint owned pentesting reconnaissance reverse whois

Last synced: 05 Nov 2024

https://github.com/shubhampathak/autosetup

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

autoinstall autosetup bash bugbounty debian infosec kali-linux linux post-installation postinstall recon reconnaissance script security shell ubuntu ubuntu-installation

Last synced: 04 Aug 2024

https://github.com/escape-technologies/graphinder

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

bugbounty finder graphql osint reconnaissance security spider subdomain-enumeration subdomain-scanner

Last synced: 11 Nov 2024

https://github.com/InfoSecWarrior/Offensive-Payloads

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

bugbounty payloads pentest pentesting security vulnerability-assessment wordlists

Last synced: 26 Sep 2024

https://github.com/adnanekhan/gato-x

GitHub Attack Toolkit - Extreme Edition

bugbounty cicd github github-actions

Last synced: 15 Oct 2024

https://github.com/shiblisec/rekon

The project contains multiple shell scripts for automating the tasks during recon.

automation bash bugbounty hacking hacking-tools reconnaissance rekon

Last synced: 14 Nov 2024

https://github.com/shiblisec/Rekon

The project contains multiple shell scripts for automating the tasks during recon.

automation bash bugbounty hacking hacking-tools reconnaissance rekon

Last synced: 23 Oct 2024

https://github.com/Shivangx01b/CorsMe

Cross Origin Resource Sharing MisConfiguration Scanner

application bugbounty bugbounty-tool golang offensive-security scanner web

Last synced: 03 Nov 2024

https://github.com/Hrishikesh7665/Android-Pentesting-Checklist

Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skills with essential tools and user-friendly guides. Elevate Android security seamlessly!

android android-app android-penetration-testing-checklist android-pentesting-checklist bug-bounty bugbounty checklist cybersecurity frida magisk objection penetration-testing pentesting red-teaming vulnerability-assessment vulnerability-checklist

Last synced: 06 Nov 2024

https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...

bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups

Last synced: 03 Nov 2024

https://github.com/EdOverflow/proof-of-concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

bugbounty infosec poc proof-of-concept security

Last synced: 13 Nov 2024

https://github.com/edoverflow/proof-of-concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

bugbounty infosec poc proof-of-concept security

Last synced: 03 Aug 2024

https://github.com/r0x4r/d4rkxss

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

bugbounty bughunter bughunting ethical-hacking hacking javascript xss-exploitation xss-filter xss-vulnerability

Last synced: 01 Nov 2024

https://github.com/blackhatethicalhacking/terminatorz

TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.

bugbounty bugbounty-tool hacking offensive-security penetration-testing pentesting redteam

Last synced: 05 Nov 2024

https://github.com/oliverwiegers/pentest_lab

Local penetration testing lab using docker-compose.

bug-bounty bugbounty docker docker-compose penetration-testing pentest

Last synced: 10 Nov 2024

https://github.com/dhn/udon

A simple tool that helps to find assets/domains based on the Google Analytics ID.

bugbounty domain osint recon reconnaissance subdomain

Last synced: 04 Aug 2024

https://github.com/EasyRecon/Hunt3r

Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework

bugbounty reconnaissance subdomains

Last synced: 03 Aug 2024

https://github.com/iknowjason/edge

Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.

bugbounty pentesting pentesting-tools redteam-tools

Last synced: 13 Nov 2024

https://github.com/daffainfo/oneliner-bugbounty

A collection oneliner scripts for bug bounty

bugbounty hacktoberfest pentest

Last synced: 11 Nov 2024

https://github.com/R0X4R/D4rkXSS

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

bugbounty bughunter bughunting ethical-hacking hacking javascript xss-exploitation xss-filter xss-vulnerability

Last synced: 04 Aug 2024

https://github.com/yevh/VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 07 Sep 2024

https://github.com/RossGeerlings/webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

attack-surface bugbounty bugbounty-tool cybersecurity footprinting information-gathering infosec pentest-scripts pentest-tools pentesting pentesting-tools recon reconnaissance security security-tools

Last synced: 04 Aug 2024

https://github.com/gwen001/dataextractor

A Burp Suite extension to extract datas from source code while browsing.

bugbounty burpsuite pentesting private python secrets security-tools

Last synced: 09 Nov 2024

https://github.com/daffainfo/Oneliner-Bugbounty

A collection oneliner scripts for bug bounty

bugbounty hacktoberfest pentest

Last synced: 08 Aug 2024

https://github.com/m0nad/dns-discovery

DNS-Discovery is a multithreaded subdomain bruteforcer.

bugbounty c dns multithreading network network-analysis security security-tools

Last synced: 15 Nov 2024

https://github.com/xer0times/SQLi-Query-Tampering

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

bug-bounty bugbounty bughunting burp-extensions burp-plugin burpsuite burpsuite-pro evasion payload-generator pentesting pentesting-tools sqli sqlinjection

Last synced: 10 Sep 2024