Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2025-02-11 00:04:11 UTC
- JSON Representation
https://github.com/aviksaikat/bug-bounty-essentials
All the tools you need for webapp pentesting & bug bouty hunting
bug-bounties bug-bounty-tools bugbounty bugbounty-tool linux tools
Last synced: 24 Jan 2025
https://github.com/x00tex/duckscripts
Collection of script i wrote during bug bounty hunting.
android-application apkpure-scraper bugbounty subdomain-enumeration
Last synced: 22 Jan 2025
https://github.com/spheronfdn/argo-bounty-issue
πArGo Bug Bounty Program
Last synced: 21 Jan 2025
https://github.com/arshadkazmi42/is-broken-link-github
Github Links Broken Status Checker
blc broken-links bugbounty github links python script
Last synced: 15 Dec 2024
https://github.com/alwalxed/juicyurls
A CLI tool to scan suspicious URLs by keywords, extensions, paths and hidden files.
automation bugbounty cli cybersecurity detection exploit golang malware open-source osint penetration-testing projectdiscovery recon reconnaissance scanner scanning security urlscan vulnerabilities
Last synced: 15 Nov 2024
https://github.com/h3xploit0x1/1line-bash
Collection Of Line BASH Useful for BugBounty.
Last synced: 22 Jan 2025
https://github.com/pvnotpv/url-tree
Tool to generate a tree from a list of urls with color for each nodes.
bugbounty endpoint-discovery mitmproxy-addons pentesting pentesting-tools recon reconnaissance tree urls
Last synced: 22 Jan 2025
https://github.com/tigthor/hacktoolkit
Simplified Tool for Global Hackers. From Information Gathering to Exploitation and maintaining access
automation bugbounty hacking pentest pentest-tool
Last synced: 22 Jan 2025
https://github.com/lord3ver/gctsubdomains
Discover subdomains in Certificate Transparency logs using Google's Transparency Report
bugbounty go osint penetration-testing pentest recon subdomain subdomain-enumeration
Last synced: 21 Nov 2024
https://github.com/haccer/xmail
Go tool that detects which email addresses have domains which are able to be registered
account-takeover bug-bounty bugbounty cyber email go golang infosec osint pentesting redteam redteam-tools security
Last synced: 11 Nov 2024
https://github.com/pwnb0y/BugBounty-Scripts
Quick scripts to make life easier of a Hacker π
bash-script bugbounty vps-setup
Last synced: 23 Oct 2024
https://github.com/shreyaschavhan/bugbountywriteups
This Repository will contain Bug Bounty Write-Up that I read on daily basis!
bounty bounty-hunters bug-bounty bugbounty bugcrowd hackerone hackers payloads synack tools writeups
Last synced: 23 Oct 2024
https://github.com/bruston/sonar
Subdomain enumeration via the JSON API provided by https://sonar.omnisint.io/ which uses the Rapid7 dataset.
Last synced: 23 Oct 2024
https://github.com/mathis2001/gitdiscloser
Python recon tool for Github information disclosure research
bugbounty github pentesting recon
Last synced: 09 Jan 2025
https://github.com/crypticq/WP-killer
vulnerability scanner for wordpress
bugbounty cybersecurity exploit exploitation hacking penetration-testing vulnerability-scanners wordpress
Last synced: 23 Oct 2024
https://github.com/x00tex/rsiw
Collection of script i wrote during bug bounty hunting.
android-application apkpure-scraper bugbounty subdomain-enumeration
Last synced: 08 Feb 2025
https://github.com/jeninsutradhar/bug-bounty-command-arsenal
A comprehensive collection of 100 essential commands for ethical hacking and bug bounty hunting. This arsenal covers various aspects of security testing, including domain enumeration, vulnerability scanning, and more.
bug-bounty bug-bounty-tools bugbounty command-line ethical-hacking linux
Last synced: 09 Jan 2025
https://github.com/revanmalang/yuyu_scanner
bugbounty osint pentesting scanner
Last synced: 25 Jan 2025
https://github.com/lucabarile/zdi-can-16857
Exploit and report for CVE-2023-32163
0-day 0day bugbounty cve-2023-32163 disclosure elevation-of-privilege exploit local-privilege-escalation logical-vulnerability lpe poc privilege-escalation proof-of-concept vulnerability wacom wacom-driver wacom-vulnerability write-up writeups zdi-can-16857
Last synced: 31 Dec 2024
https://github.com/itpey/taz
A simple yet powerful load testing framework for Go.
api attack bugbounty ddos go high-performance load-testing penetration-testing pentesting pentesting-tools testing unit-test unittesting
Last synced: 15 Jan 2025
https://github.com/houssemcharf/bugbounty_platform
BugBounty platform for IsetCom Event!
bug bugbounty bugbounty-platform flask hack hacking python3 raport vunerability
Last synced: 05 Feb 2025
https://github.com/machiavelliii/machiavelli.github.io
bugbounty ctf-writeups privacy redteam security tutorials
Last synced: 06 Feb 2025
https://github.com/pocdork/gitdomain
Discover endpoints using companies GitHub Repositories name
bugbounty bugbounty-tool hacking infosec
Last synced: 21 Nov 2024
https://github.com/mrofisr/wordlist
Wordlist Collection for Security
bruteforce bugbounty database hacking wordlist
Last synced: 23 Jan 2025
https://github.com/rix4uni/org2asn
Extract ASN and IPs in bgp.he.net
bugbounty org-finder recon reconnaissance
Last synced: 07 Feb 2025
https://github.com/codeb0ss/cve-2023-20073-
Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]
0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router
Last synced: 12 Jan 2025
https://github.com/qyfashae/bug_bounty_scripts
My private bug bounty scripts i have written under the years for real time projects within bug bounty hunting and penetration testing(red team).
bug-bounty-tools bugbounty bugbounty-tools exploits exploits-scripts hacking penetration-testing pentesting python-exploits
Last synced: 12 Jan 2025
https://github.com/n0kovo/random-agent
Simply output a random user-agent. Use it with tools that don't have a --random-agent flag. Like `random-agent` or $(random-agent)
appsec bug-bounty bug-bounty-tools bugbounty bugbounty-tool bugbountytools fuzzer fuzzing infosec infosectools pentesting pentesting-tools redteam-tools web-app-security webfuzzer
Last synced: 30 Dec 2024
https://github.com/acuciureanu/wp-plugins-analyzer
A WordPress plugins analyzer which is still work in progress anyway
bugbounty bugbounty-tool wordpress-security-scanner
Last synced: 19 Jan 2025
https://github.com/hunthubspace/cve-2024-0757-exploit
A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)
bugbounty cve ethical-hacking exploit penetration-testing web
Last synced: 31 Jan 2025
https://github.com/mrnazu/tryhackme-ctf-s
Capture the Flag (CTF) is a cybersecurity competition that is used as a test of security skills.
bugbounty burpsuite csrf ctf-writeups idor openredirect rce recon sqlinjection tryhackme webhacking xss-vulnerability xxe-injection
Last synced: 18 Jan 2025
https://github.com/proditis/bugbounty-journal
The journal of a unix geek taking its first steps into the BugBounty world...
Last synced: 01 Feb 2025
https://github.com/hellblack55/dobby
This script finds subdomains and URLs, filters them into .js, .json, and sensitive categories, and helps streamline your security assessments and bug hunting.
bash bash-script bug bug-bounty bugbounty bugbounty-tool
Last synced: 08 Feb 2025
https://github.com/rundtstykker/subdomain-crawler-application-security-
A simple & lightweight domain crawler that uses a pre-defined wordlist to discover subdomains on specified domain
Last synced: 07 Jan 2025
https://github.com/b1narygl1tch/awesome-oauth-sec
OAuth2.0 and OpenID from an information security perspective
bugbounty information-security infosec oauth2 security
Last synced: 19 Dec 2024
https://github.com/xthezealot/saar
Saar is a bug bounty script combining the best tools for a smooth recon workflow
bugbounty dns http hunting nuclei pentesting recon redteam scanner security subdomain vulnerability
Last synced: 09 Feb 2025
https://github.com/it-jhack/bughunter-debian-setup
Bash script to install essential tools for bughunting
bounty bug bug-bounty bugbounty bugbounty-tool cyber-security debian debian-linux linux python python3 subdomain subdomain-scanner subdomain-takeover
Last synced: 21 Dec 2024
https://github.com/rix4uni/wordpress-plugins
Scrape all wordpress plugins (updates every 6 hour)
bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance scraper-wordpress-plugin-addon security security-tools threat-intelligence wordpress wordpress-plugin wordpress-scraper
Last synced: 27 Jan 2025
https://github.com/mateofumis/xunifedparams.py
Python script for Unify all Parameters with all URLs.
bugbounty bugbountytips hacking hacking-tool pentesting python
Last synced: 06 Feb 2025
https://github.com/ranskyth/steet
ferramenta automatizada para web recon
bugbounty bughunter hacker hacking hacking-tool recon
Last synced: 10 Jan 2025
https://github.com/abhinandan-khurana/l337_5ub0v3r
A python tool to check subdomain takeover vulnerability
bugbounty cybersecurity docker pentesting python3
Last synced: 10 Jan 2025
https://github.com/rajspeaks/bug-bounty-hall-of-fames
All the Infosec Hall of Fame regarding bug bounty Achievements
bug-bounty bugbounty bugreport cyber-security cybersecurity ethical-hacking hall-of-fame information-security infosec rajdeep-das rajspeaks sql-injection xss-detection
Last synced: 09 Feb 2025
https://github.com/hunthubspace/subscope
SubScope is a Python-based command-line tool that helps you manage domains and subdomains in workspaces using an SQLite database.
automation bugbounty bugbounty-tool database ethical-hacking exploit penetration-testing python sqlite web web-penetration-testing
Last synced: 31 Jan 2025
https://github.com/linuxmobile/bugbounty-flake
Bug Bounty Flake
bounty bug bugbounty bugbounty-tool cybersecurity kali-linux red red-team team
Last synced: 23 Dec 2024
https://github.com/mathis2001/Reflection
Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)
bugbounty parameters pentest reflected
Last synced: 23 Oct 2024
https://github.com/opcod3r/godan
Shodan tool subdomains with rotation keys.. π©
bugbounty bugbounty-tool golang pentest recon security shodan subdomains
Last synced: 02 Jan 2025
https://github.com/codeb0ss/cve-2023-3836
0day bugbounty codeb0ss codeboss cve cve-2023-3836 exploit exploiter hackerone uncodeboss webshell
Last synced: 12 Jan 2025
https://github.com/luddekn/subfuzzer
Subdomain fuzzer
brute-force bug-bounty bugbounty fuzzer fuzzing python python3 redteam subdomain subdomain-bruteforcing subdomain-enumeration subdomain-scanner tool web
Last synced: 20 Dec 2024
https://github.com/mamad4ever/next-dork
Useful Google Dorks for Bug Bounty
bug-bounty bug-bounty-tools bugbounty google-dorks
Last synced: 01 Feb 2025
https://github.com/mathis2001/qrecipe
QRecipe is a simple python script that have been designed to fuzz Android and iOS apps QR code readers for multiple vulnerabilities depending on the given wordlist.
android-application appsec bugbounty fuzzing ios-app pentest qrcode qrcode-generator tool
Last synced: 09 Jan 2025
https://github.com/acuciureanu/log-name-generator
A tool which enhances fuzzing with date-formatted log file names.
bugbounty bugbounty-tool bugbountytips content-discovery fuzzing wordlist wordlist-generator
Last synced: 19 Jan 2025
https://github.com/topscoder/aisubs
Leverage the power of AI to find hard to find subdomains.
ai bugbounty bugbounty-tools chatgpt infosec security subdomain subdomain-finder
Last synced: 12 Jan 2025
https://github.com/Retr0-45809/autorecon
An automation tool to perform multiple reconnaissance attacks on a domain instantly
bugbounty bugbountyautomation reconnaissance
Last synced: 23 Oct 2024
https://github.com/andreystepanov/pentesterland-writeups
Pentester Land's curated collection of bug bounty writeups in formatted JSON
bugbounty bugbounty-writeups pentesterland pentesting writeups
Last synced: 09 Jan 2025
https://github.com/n0kovo/dnsplz
A simple Bash script that resolves a list of domains from stdin to IP addresses and prints them to stdout
bug-bounty bugbounty dns dns-enum dns-enumeration dns-lookup dns-lookups dns-reconnaissance dns-requests dns-resolver
Last synced: 30 Dec 2024
https://github.com/0xrobiul/FInstall
It's An Automation Script Which Will Automatically Install Tools For Bug Hunting/Web-Application Penetration Testing!
bugbounty cyber-security hacking penetration-testing pentesting
Last synced: 23 Oct 2024
https://github.com/remonsec/remonsec.github.io
My personaal blog website
bugbounty cybersecurity infosec
Last synced: 29 Jan 2025
https://github.com/sumidcyber/secureye
π SecurEye: Web Security Simplified SecurEye helps you keep your website safe with log analysis and IP/port scanning. Get protected now on GitHub!
bugbounty bugbounty-tools ip ip-port-scanning ipscanner log-analysis log-analytics port portscanner python python3 web-scanner webserver website wifi-hacking
Last synced: 29 Jan 2025
https://github.com/sa7mon/vulnchest
A collection of vulnerable applications for research purposes
Last synced: 12 Jan 2025
https://github.com/hunthubspace/ssm-subscopemongo
SubScopeMongo is a Python-based command-line tool that helps you manage domains and subdomains in workspaces using an MongoDB database.
automation bugbounty bugbounty-tool cybersecurity database ethical-hacking mongodb penetration-testing python
Last synced: 31 Jan 2025
https://github.com/hunthubspace/torwatch
TorWatch is a powerful bash script for monitoring the availability of websites through the Tor network. It manages IP address rotation, blocks IP addresses if the site is inaccessible, and logs activities for tracking events.
bash-scripting bugbounty exploit penetration-testing tor web-penetration-testing
Last synced: 31 Jan 2025
https://github.com/nando-z/webshell
Web Shell in Php
bugbounty cybersecurity-tool pentesting php webshell
Last synced: 20 Jan 2025
https://github.com/adarshaddee/httpsx
Bug Bounters and others can also use this tool to make make any link accessible on browser.
adarsh-addee adarshaddee bug-bounty bugbounty codarsh cyber-security cybersecurity hackers hacking https httpsx mr-idealhat mridealhat
Last synced: 27 Dec 2024
https://github.com/adarshaddee/base64
base64 & base32 decoder tool for you!
adarsh adarsh-addee adarshad adarshadddee addee base32 base32-encryption base32check base64 base64-decoding base64-encoding bugbounty cyber-security cybersecurity encryption end-to-end-encryption mr-idealhat mridealhat
Last synced: 27 Dec 2024
https://github.com/it-jhack/subsort
Subsort removes grep redundancies for subdomains in a list.
bugbounty dns fdns osint project-sonar python reconnaissance subdomain subdomain-sorter subdomain-takeover subdomains subdomains-discovery subdomains-enumeration
Last synced: 12 Jan 2025
https://github.com/padsalatushal/burp-suite-pro-installer
Install & Activate Burp Suite Pro v1.7.37 with Key-Loader
bugbounty bugbounty-tool burpsuite burpsuite-cracked burpsuite-old burpsuite-pro burpsuite-pro-windows powershell security-tools v1-7-37
Last synced: 14 Jan 2025
https://github.com/subnwa/erc-cli
It is a CLI source that works ergonomically and systematically within the system. These errors are added to the database with customization. In addition, it ensures that the bugs that occur in the system do not create system vulnerabilities.
bit bits bugbounty cargo cli creates db error-handling lang line rust terms
Last synced: 16 Jan 2025
https://github.com/gustavogss/scanner-penetration
Ferramenta de scanner a procura de portas abertas em um host - desenvolvida em Python
Last synced: 26 Jan 2025
https://github.com/mrnazu/directory-scanner-tool
Directory brute forcing is a web application technology used to find and identify possible hidden directories in websites. This is done with the aim of finding forgotten or unsecured web directories to see if they are vulnerable to exploitation.
bruteforce bugbounty directory directory-bruteforce hacking hidden-directory information-disclosure pentesting python3 url-fuzzer web-hacking-tool
Last synced: 18 Jan 2025
https://github.com/arshadkazmi42/wbm
Waybackmachine to pull all wayback urls of input domain
Last synced: 08 Feb 2025
https://github.com/rix4uni/certinfo
Scrape domain names from Certificate Subject Alternative Name
bugbounty recon reconnaissance scrape ssl tls
Last synced: 07 Feb 2025
https://github.com/rix4uni/timelimitx
timelimitx is alternative advanced version of timeout command.
bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence timeout
Last synced: 07 Feb 2025
https://github.com/rix4uni/burpsuite-config
Useful "Match and Replace" & "TLS Pass Through" in Burpsuite Rules
bug-bounty bugbounty bugbountytips burp burpsuite hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence
Last synced: 07 Feb 2025
https://github.com/eagleeggs/bugbounties
Authorized dislosures of bugbounties that have been resolved
bugbounty bugcrowd fitbit penetration-testing security
Last synced: 10 Jan 2025
https://github.com/rix4uni/msarjun
Mass scale Hidden parameters discovery using Arjun.
api-fuzzer api-fuzzing api-testing arjun bug-bounty bugbounty bugbountytips content-discovery hacking infosec osint osint-tool parameter-discovery penetration-testing pentest-tool pentesting recon reconnaissance security security-tools
Last synced: 07 Feb 2025
https://github.com/rix4uni/scope
An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)
bug-bounty bugbounty bugbountytips bugcrowd hackenproof hackerone hacking infosec intigriti osint osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools vrp yeswehack
Last synced: 07 Feb 2025
https://github.com/rix4uni/cspfinder
Discover new target domains using Content Security Policy
bugbounty content-security-policy csp golang hacking recon reconnaissance security
Last synced: 07 Feb 2025
https://github.com/hackshiv/jsurlextractor
A simple bash script to extract more urls from js endpoints
bugbounty endpoints extractor javascript jsextractor
Last synced: 11 Jan 2025
https://github.com/mathis2001/EzComments
EzComments is a tool allowing you to get all html and js comments of each url given to him
bugbounty comments pentest recon
Last synced: 23 Oct 2024
https://github.com/bonifield/jitt
simple jitter tool
bugbounty jitter jitter-calculation penetration-testing python3
Last synced: 18 Jan 2025
https://github.com/it-jhack/subtaker
A tool to help find subdomain takeover vulnerabilities
bug-bounty bugbounty enumeration hacking infosec osint penetration-testing pentesting python recon reconnaissance subdomain subdomain-takeover
Last synced: 12 Jan 2025
https://github.com/hoshigakikisame/hostprobe
Host Probe is a Python script that simplifies host discovery using ICMP ping. It enables users to determine the status of a list of IP addresses or domain names, helping identify hosts that are online (UP) or offline (DOWN).
bugbounty cybersecurity prober
Last synced: 07 Jan 2025
https://github.com/jsmoreira02/lfi-hunter
Automated tool to bypass filtering systems and exploit Local File Inclusion, created for Bug Bounty tests and better optimization during the hack (and with special attention to CTFs)
bugbounty ctf-tools cybersecurity hacking-tool lfi-exploitation
Last synced: 19 Jan 2025
https://github.com/GabrielCS0/security-trails
This is a tool to automate the search for subdomains on the website securitytrails.com
bugbounty pentesting python recon subdomains
Last synced: 23 Oct 2024
https://github.com/rudsarkar/phar-vulnerability
Code for exploiting phar vulnerability for educational purpose for my Medium blog
bugbounty php phpphar source-code
Last synced: 19 Jan 2025
https://github.com/emrekybs/leaks
bash script to check data leakage on websites
bugbounty discovery leask reconnaissance webpentesting
Last synced: 19 Jan 2025
https://github.com/sarperavci/infinitedorkscanner
A premium OSINT tool that allows you to scan dorks on Search Engines WITHOUT LIMITS
bing-dorks bug-bounty bugbounty bugbounty-tool dork dork-scanner dork-scanning dorking-tool google-dork hacking hacking-tool infosec osint python sql sql-injection sqli vulnerability-scanners
Last synced: 06 Jan 2025
https://github.com/carloocchiena/subdomain_scanner
A simple script that ping up to 10K most common subdomains in a target website and returns a list of finding.
bugbounty networking scanner vulnerability-scanners
Last synced: 26 Jan 2025
https://github.com/shingareom/pentestingtools
This repository contains a collection of tools designed for automating penetration testing, while also being valuable for manual testing. Leveraging these tools can enhance both the efficiency and effectiveness of your security assessments.
bugbounty pentesting-tools webpentest
Last synced: 19 Jan 2025
https://github.com/mathis2001/jsembed
Simple Python tool to embed JavaScript code in different types of files (pdf and svg for now)
bugbounty fileupload javascript pdf pentest svg xss
Last synced: 09 Jan 2025
https://github.com/y-mo4n1ngst3r/evillan
A tool for create encoded payloads and test them on targets
bugbounty bugbounty-tools cybersecurity hacking-tool offensive-security pentesting
Last synced: 09 Feb 2025
https://github.com/vin-hacks/querywatch
Simple script to detect changes in a GraphQL api where introspection is enabled.
api bash bash-script bugbounty cybersecurity graphql tool
Last synced: 23 Jan 2025
https://github.com/rtfmkiesel/geopipe
A pipeline tool to filter domains by server location
Last synced: 26 Jan 2025
https://github.com/cak/foot
Foot is a library that fetches a list of URLs and silly walks through each site to gather information.
Last synced: 14 Jan 2025
https://github.com/supreme-snaze/permutations
A local easy-to-use password manager written in python with multiple User Interfaces
audio-separation bugbounty combinations cupp deep-learning dns domains hacking pentest-tool permutation-algorithms permutation-invariant-training permutations phishing pytorch
Last synced: 22 Jan 2025
https://github.com/sysevil/rusho
subdomain tool cli for shodan by Rust lang
bugbounty hacking hacking-tool recon reconnaissance rust rust-lang subdomain-enumeration
Last synced: 09 Feb 2025
https://github.com/y-mo4n1ngst3r/y-mo4n1ngst3r
Config files for my GitHub profile.
assembly bugbounty bugbounty-tool bugbounty-tools config cpp20 ctf ctf-challenges cyber-threat-intelligence cybersecurity github-config golang offensive-security pentesting redteaming
Last synced: 26 Jan 2025