Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2025-02-10 00:04:01 UTC
- JSON Representation
https://github.com/Zarcolio/1pfuscat0r
A tool to automatically generate alternative IP representations, a rewritten version of IPFuscator
bugbounty ctf hacking ip-address obfuscation obfuscator
Last synced: 21 Nov 2024
https://github.com/nsonaniya2010/sanfinder
It finds Subject Alternative Names for a given list of domains
bug-bounty bug-hunting bugbounty infosec madeinindia security security-tools
Last synced: 08 Nov 2024
https://github.com/machine1337/jsscanner
An Efficent tool to find juicy secrets in javascript source code. Automate Your Javascript hunting using this tool.
bugbounty bugbounty-tool hackerone hacking javascript-recon jsscanner machine1337 reconn
Last synced: 10 Nov 2024
https://github.com/melbadry9/domain_reg
Check domain availability for registration
bugbounty domain-registration recon
Last synced: 21 Nov 2024
https://github.com/machine1337/clickjack
An efficient tool To Find click jacking vulnerabilities in easiest way with poc
bugbounty clickjacking clickjacking-vulnerability cybersecurity hacking machine1337
Last synced: 10 Nov 2024
https://github.com/tkmru/xss_dict
xss dictionary for Google 日本語入力
bugbounty bugbountytips xss-detection
Last synced: 01 Feb 2025
https://github.com/root4loot/recrawl
A Web URL crawler written in Go
bugbounty crawler discovery enumeration go golang recon reconnaissance web
Last synced: 06 Nov 2024
https://github.com/hueristiq/xurlbits
A CLI utility to pull out bits of URLs.
bugbounty go golang infosec parser reconnaissance url url-parsing
Last synced: 06 Nov 2024
https://github.com/momenbasel/liffier
tired of manually add dot-dot-slash to your possible path traversal? this short snippet will increment ../ on the URL.
bugbounty python python3 vulnerability-scanners
Last synced: 11 Oct 2024
https://github.com/krishpranav/packetkit
An Advanced Network Packet Sniffer Built In Rust
bugbounty hacking hackingtools network network-scanner pcap pentesting rust rust-security security sniffer
Last synced: 15 Oct 2024
https://github.com/h0x0er/andromanifest
AndroidManifest.xml parser written in go
android android-manifest androidsecurity bugbounty golang mobile security-tools
Last synced: 23 Oct 2024
https://github.com/mrvcoder/bug-hunting-methodologies
this repo contains some public methodologies which I found from internet (google,telegram,discord,writeups etc..)
bounty bug bugbounty bugbounty-methodology hack hunt information-gathering methodology osint recon reconnaissance
Last synced: 26 Dec 2024
https://github.com/cryonayes/GoFilter
A tool to filter URLs by parameter count or size
bugbounty bugbounty-tool golang
Last synced: 21 Nov 2024
https://github.com/Iamstanlee/bee
Bee Recon Framework
bugbounty infosec pentesting-tools
Last synced: 21 Nov 2024
https://github.com/MPaandeey/dlevel
A tool get level of subdomain from 1....n
bugbounty infosec subdomain subdomainlist subdomains subdomains-enumeration tool tools
Last synced: 21 Nov 2024
https://github.com/zha0gongz1/html-absorber
一款可批量提取url或本地html文件中注释、属性及标签内容的工具
bash-script bugbounty golang hack hacktool html infosec redteam
Last synced: 11 Jan 2025
https://github.com/shazsyed/FavHunt
Favicon based recon for faster fingerprinting of web services
bugbounty fingerprinting hacking recon reconaissance webservices
Last synced: 21 Nov 2024
https://github.com/javeleyqaq/drozer-tester
Bash script for automated testing of the drozer component used in penetration testing. drozer组件自动化测试脚本
android android-component bugbounty cybersecurity droze pentesting
Last synced: 21 Jan 2025
https://github.com/QSoloX/whoisyou
Take a list of domains and output the hostname and ip.
bugbounty golang hacking hacking-tools infosec
Last synced: 21 Nov 2024
https://github.com/root4loot/screener
Take screenshots of webpages
aquatone bugbounty chromedp go golang gowitness pentesting screenshot web
Last synced: 06 Nov 2024
https://github.com/DevanshRaghav75/bugbounty-dorks
Google dorks for bug bounty hunting
bugbounty google-dorks security
Last synced: 23 Oct 2024
https://github.com/k2haxor/HACK-THEM-ALL
Hack like a pro
bugbounty exploits hacking penetration-testing pentesting
Last synced: 23 Oct 2024
https://github.com/jaydhulia/go-url-fuzz
URL Fuzzer in Go - Find hidden directories!
Last synced: 04 Nov 2024
https://github.com/Revenant40/2tearsinabucket
Enumerate s3 buckets for a specific target.
bugbounty enumeration go golang s3-bucket
Last synced: 03 Nov 2024
https://github.com/cosad3s/sonarleaks
Digging into private data through Sonarcloud public projects
bugbounty hacking osint sonarqube
Last synced: 29 Oct 2024
https://github.com/tarunkoyalwar/nestle
Match and Extract Nested groups (ex: graphql) using regex with Nestle
automation bugbounty bugbounty-tool go graphql javascript-recon javascript-regex recon regex
Last synced: 13 Oct 2024
https://github.com/machine1337/admin-finder
A small tool to find admin panel of the website
admin admin-dashboard adminpanel adminpanelfinder bugbounty hacking machine1337
Last synced: 10 Nov 2024
https://github.com/whomrx666/xbughunting
This is a tool for bug hunters
bugbounty bughunter bughunting hacking hacking-tool information-gathering information-gathering-tools kali-linux linux termux xbughunting
Last synced: 11 Nov 2024
https://github.com/mathis2001/subpwnable
Are your (sub)domains pwnable ? SubPwnable is a simple Python tool designed to helps you answer this question.
bugbounty cname pentest subdomain-takeover
Last synced: 09 Jan 2025
https://github.com/drdataye/drdir
DrDir is a powerful tool for scanning web paths, identifying directories and files on web servers.
bug bug-bounty bugbounty dirb kali-linux nmap parrot scan scanner termux termux-tool web
Last synced: 21 Jan 2025
https://github.com/alanEG/Gosna
Dynamic url monitor
bugbounty change-detection url url-change url-change-notification url-monitor
Last synced: 21 Nov 2024
https://github.com/amine123ait/bug_bounty
opensource bug bounty toolkit/framework
bugbounty bugbounty-tool bugbountytips bugbountytricks hacking programing
Last synced: 23 Oct 2024
https://github.com/RESETHACKER-COMMUNITY/ReporterX
Template based report writing tool.
bug-hunting bug-reporting bug-reproduction bugbounty reporterx
Last synced: 23 Oct 2024
https://github.com/Imran407704/multi-urls
This is a simple bash script for getting passive urls from a gau, gauplus, waybackurls from a multiple urls list.
automation bugbounty bugbounty-tool infosectools
Last synced: 23 Oct 2024
https://github.com/0xpugal/hacktheweb
Things to do while Hacking/Hunting in Web Applications
bugbounty bugbountytips hack recon subdomain-enumeration vulnerability web webappsec websecurity
Last synced: 31 Dec 2024
https://github.com/TargetPackage/api-key-impact
A list of different types of API keys and how to prove impact for bug bounty programs.
api api-key api-keys bug-bounty bugbounty impact
Last synced: 02 Jan 2025
https://github.com/sweetsoftware/vhostmap
Find virtual hosts (vhosts) from IP addresses and hostnames
bug-bounty bugbounty bugbounty-tool hostmapper hostnames ip osint penetration-testing python3 recon reconnaissance vhost vhosts virtual-hosts
Last synced: 08 Nov 2024
https://github.com/arshadkazmi42/blc
Broken link checker
blc broken-link-checker broken-link-finder bug-bounty bugbounty crawler python
Last synced: 28 Oct 2024
https://github.com/machine1337/cors_scanner
Fast CORS Misconfiguration Scanner
bugbounty cors hacking misconfiguration pentesting
Last synced: 10 Nov 2024
https://github.com/sa7mon/h1rss
An RSS feed generator for HackerOne Hacktivity
bugbounty golang hackerone rss
Last synced: 12 Nov 2024
https://github.com/bountyhacking/Payloads_Tool_box
At this repo you can find any tools, tricks or templates for general penetration testing assesment
bounty bounty-hunting-tools bug bugbounty burpsuite curl fuzzing payload payloads pentesting sqli sqlmap tty xss
Last synced: 23 Oct 2024
https://github.com/machine1337/host-injector
A small to find Host Header Injection vulnerabilities in a websites
bugbounty hacking hostheader injection kali-linux machine1337 pentesting webhacking
Last synced: 10 Nov 2024
https://github.com/z3n70/CVE-2021-43798
Simple program for exploit grafana
bugbounty cybersecurity exploit grafana pentesting
Last synced: 23 Oct 2024
https://github.com/fabiosmuu/fabiosmuu
am bugbounty construct fabio fabio-smuu fabiosmuu game-development ia javascirpt mysql nodejs npm pdo php smuu sql sqlite stredit
Last synced: 14 Nov 2024
https://github.com/hackshiv/textfilterfuzzer
TextFilterFuzzer For Directory Fuzzing - filter for (e.g, Not Found, 404, Not Accepted)
bugbounty bugbounty-tool bughunter contentdiscovery cybersecurity directory-bruteforce fuzzer fuzzing github hacker hacking hacking-tools python python3
Last synced: 12 Nov 2024
https://github.com/jsmoreira02/hazard
Hazard is a dictionary brute-force attack, constructed using the Rust language for the most sensitive network protocols and services, including FTP, SSH, PostgreSQL, MySQL, and Samba (SMB networking protocol). Its design prioritizes ease of use and a clean interface, making it suitable for use in Capture the Flag (CTF) or Pentest Services.
brute-force bugbounty ctf-challenges cybersecurity-tool dictionary-attack hacking-tool network-security rust
Last synced: 18 Nov 2024
https://github.com/proditis/mini-tools
A collection of mini tools and snippets for various purposes
bugbounty csp cybersecurity dns hacking sni snippets
Last synced: 15 Oct 2024
https://github.com/proditis/orunmila
a simple tool to refine and produce lists for your bugbounty and pen-test engagements
bugbounty dirbuster ffuf pen-test-tools pen-testing penetration-testing pentest-tool pentesting
Last synced: 15 Oct 2024
https://github.com/topscoder/lurk-sonar
Download source code of all projects in a SonarQube instance. #bugbounty #opsec #infosec #sonarqube
bug-bounty bugbounty bugbounty-tool bugbountyautomation infosec sonarqube
Last synced: 12 Jan 2025
https://github.com/rodnt/bffuf
Burp bridge to FFUF
bugbounty bugs burp ffuf fuzzing pentest portswigger
Last synced: 03 Jan 2025
https://github.com/rix4uni/portmap
portmap is a fast portscan tool, uses shodan public data for port scan used internetdb.shodan.io and api.shodan.io/shodan/host
bug-bounty bugbounty bugbountytips hacking infosec internetdb osint osint-resources penetration-testing pentest-tool pentesting port-enumeration portscanner recon reconnaissance scan-ports security security-tools shodan threat-intelligence
Last synced: 07 Feb 2025
https://github.com/luddekn/crtsh-list
Grabbing the results from a crt.sh search
bug-bounty bugbounty crt crt-sh crtsh enumeration python python3 tool web web-enumeration
Last synced: 20 Dec 2024
https://github.com/neospl0it/dorks
Google dork queries targeting URLs with potential vulnerabilities
bugbounty cybersecurity dork google-dorking google-dorking-payloads quries websecurity
Last synced: 17 Jan 2025
https://github.com/topscoder/subgomain
A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.
bugbounty bugbounty-tool domain-takeover infosec infosectools security security-tools subdomain-takeover
Last synced: 13 Nov 2024
https://github.com/rodnt/submon
Python script to monitor subs from crt.sh | The script focuses on monitoring for new subdomains of a given domain using the crt.sh public API, which can be a component of bug bounty hunting
bugbounty monitor monitoring-tool python subdomain-enumeration subdomains
Last synced: 03 Jan 2025
https://github.com/adeadfed/pwnfox-for-chromium
A BurpSuite extension that allows you to use Chromium with PwnFox
bugbounty burpsuite chromium hacking webhacking
Last synced: 12 Oct 2024
https://github.com/Sharpforce/cybersecurity
GitHub for my GitBook : https://sharpforce.gitbook.io/cybersecurity/
bugbounty challenge cybersecurity owasp pentest training vulnerability web
Last synced: 18 Jan 2025
https://github.com/edoardottt/bugcrowd-go
Golang Bugcrowd API client
api bug-bounty bugbounty bugcrowd bugcrowd-api bugcrowd-client golang security
Last synced: 11 Oct 2024
https://github.com/CasperGN/GoHead
Get interesting http headers, internal IPs, possible endpoints from target(s) and search JS files for juicy info
bugbounty headers http http-requests probe
Last synced: 21 Nov 2024
https://github.com/itszeeshan/crawlinit
A web crawler written in python3
appsec bugbounty bugbounty-tool bugbountytips crawler crawler-python enumeration infosec python recon reconnaissance scanner url web
Last synced: 12 Oct 2024
https://github.com/z3n70/CVE-2021-41277
simple program for exploit metabase
bugbounty cybersecurity exploit metabase ruby
Last synced: 23 Oct 2024
https://github.com/ElSicarius/Hacks
toolset for various purposes.
bugbounty bugbounty-tool hacking hacking-tools
Last synced: 23 Oct 2024
https://github.com/mamad4ever/bug-bounty-tools
A list of resources for those interested in getting started in bug bounties
bug-bounty bug-bounty-tools bugbounty cybersecurity hunter pentest-tool
Last synced: 21 Jan 2025
https://github.com/root-tanishq/pscrap
multi processed parameter scrapper
bugbounty hacking pentesting python scrapping security web
Last synced: 06 Feb 2025
https://github.com/dubs3c/assetnote
Push notifications for passive DNS data
Last synced: 23 Oct 2024
https://github.com/ropwareJB/jwtfuzz
Library for fuzzing & attacking JSON Web Tokens (JWTs). Bindings for other languages included.
bug-bounty bug-bounty-tools bugbounty fuzz fuzzing hacking hacking-tool jwt jwt-token pentesting pentesting-tools security
Last synced: 23 Oct 2024
https://github.com/hahwul/buildpack-zap-daemon
zap(zed attack proxy) daemon mode buildpack of heroku
bugbounty hacking heroku-buildpack security zap
Last synced: 12 Dec 2024
https://github.com/jmcph4/lm5
Simple and extensible fuzzer
binary-analysis binary-exploitation bugbounty fuzz-testing fuzzer fuzzing penetration-testing pentest-tool pentesting python3 security security-tools vulnerabilities vulnerability-detection vulnerability-identification vulnerability-scanners
Last synced: 06 Nov 2024
https://github.com/anshumanpattnaik/hackbotone-website
HackbotOne | Exploring Application Security & Software Development
blogging-application blogging-platform blogging-site bugbounty cybersecurity django django-application django-blog django-project full-stack full-stack-application full-stack-web-development owasp python python3 web-hacking web-security webapplication webdevelopment website
Last synced: 10 Nov 2024
https://github.com/austinsonger/sitemapsandrobotsaroundtheweb
Sitemaps and Robots.txt for websites around the world.
bug-bounty bugbounty ethical-hacking footprinting hacking information-gathering osint penetration-testing reconnaissance robots robots-txt scanning search searching security security-research sitemap sitemap-xml sitemaps webpentest
Last synced: 21 Jan 2025
https://github.com/qbraid/community
Where qBraid users discuss, report bugs and submit feature requests.
bugbounty bugs discussion feature-requests
Last synced: 22 Jan 2025
https://github.com/rix4uni/resolvers
List of Fresh DNS resolvers updates every 1 hour
bug-bounty bugbounty bugbountytips dns hacking infosec network osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance resolver resolvers security security-tools threat-intelligence
Last synced: 07 Feb 2025
https://github.com/rix4uni/nucleihub-templates
This repo collects nuclei template from 600+ github repos, updates every 6 hours.
bug-bounty bugbounty bugbountytips exploits fingerprint hacking infosec nuclei nuclei-templates osint osint-resources penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence vulnerability-detection
Last synced: 07 Feb 2025
https://github.com/robotshell/orhound
ORHound is a tool written in Python whose main function is to find possible Open Redirects on a target using Google Dorks
bugbounty dork google hacking infosec pentesting python
Last synced: 06 Dec 2024
https://github.com/mrnazu/2023-ctf
CTF challenges
api bugbounty ctf ctf-challenges ctf-solutions ctf-tools ctf-writeups hacking hackthebox-writeups rootme tryhackme tryhackme-writeups websecurity website
Last synced: 18 Jan 2025
https://github.com/tradmod/preaudits
Smart Contract Audits & Bug Findings
audits bugbounty cybersecurity smart-contracts smartcontract-security smartcontractaudit web3security
Last synced: 01 Feb 2025
https://github.com/aviksaikat/httprex
'httpRex' is a command-line tool for checking the status code of one or multiple URLs. It can also save the output to a file.
Last synced: 24 Nov 2024
https://github.com/mrnazu/sub-domain-enumeration-tool
Sub-domain enumeration is the process of finding sub-domains for one or more domains. It helps to broader the attack surface, find hidden applications, and forgotten subdomains. Note: Vulnerabilities tend to be present across multiple domains and applications of the same organization.
bugbounty nazu nazu-security python3 subdomain-bruteforcing subdomain-enumeration subdomain-finder subdomain-scanner vulnerability-scanners
Last synced: 18 Jan 2025
https://github.com/probonodev/jailbreak
jailbreakme.xyz is an open-source decentralized app (dApp) where users are challenged to try and jailbreak pre-existing LLMs in order to find weaknesses and be rewarded. 🏆
ai bugbounty cryptocurrency cybersecurity prompt-engineering prompt-injection solana solana-program
Last synced: 11 Dec 2024
https://github.com/theunknownsoul/htb-certified-bug-bounty-hunter-exam-cheetsheet
All cheetsheets with main information from HTB CBBH role path in one place.
bugbounty cheetsheet htb security
Last synced: 08 Nov 2024
https://github.com/mathis2001/wappassivescan
Passive Vulnerability Scanner working with Wappalyzer API and MITRE CVE search functionnality.
bugbounty bugbounty-tool cve mitre passive-vulnerability-scanner pentest pentest-tool pentesting pentesting-tools wappalyzer
Last synced: 09 Jan 2025
https://github.com/Aviksaikat/httpRex
'httpRex' is a command-line tool for checking the status code of one or multiple URLs. It can also save the output to a file.
Last synced: 08 Nov 2024
https://github.com/d3mondev/cidrex
A command-line utility for expanding CIDR ranges with support for IPv6.
bugbounty cidr cidr-range ipv4 ipv6
Last synced: 12 Jan 2025
https://github.com/mathis2001/reflection
Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)
bugbounty parameters pentest reflected
Last synced: 09 Jan 2025
https://github.com/wfinn/ucors
tool that scans for CORS bypasses
bugbounty bypass cors pentesting vulnerability-scanners
Last synced: 21 Nov 2024
https://github.com/hunthubspace/exploit-tracker
A script designed to automatically discover new exploits and save results to a file or integrate with your Discord server. Also search for exploits related to specific CVEs of your choice.
bugbounty cve ethical-hacking exploit penetration-testing-tools web
Last synced: 31 Jan 2025
https://github.com/mathis2001/lightraversal
LighTraversal is a tool designed to find basic directory traversal vulnerabilities
bugbounty lfi path-traversal pentest
Last synced: 09 Jan 2025
https://github.com/ant4g0nist/chronometry
Chronometry, a transparent and cryptographically verifiable proof-of-hack signature store
bugbounty chronometry golang hacking proof-of-hack
Last synced: 22 Jan 2025
https://github.com/pvnotpv/bbrsmend.sh
Fetches the latest bugbounty programs on major platforms from kleoz's bbradar.io and sends notification every N hours, also a notification when a new program is released.
bugbounty bugbounty-program pentesting pentesting-tools reconnaissance
Last synced: 22 Jan 2025
https://github.com/davemolk/dorking
advanced searching for bing, brave, duck duck go, and yahoo
bug-bounty bugbounty dorking go golang infosec osint pentesting pentesting-tools recon research search search-engine security
Last synced: 03 Feb 2025
https://github.com/acuciureanu/png-payload-injector
CLI tool for embedding XSS payloads in PNG files.
bugbounty bugbounty-tool bugbountyhunting security-automation
Last synced: 19 Jan 2025
https://github.com/tradmod/audits
Smart Contract Audits & Bug Findings
audits bugbounty cybersecurity smart-contracts smartcontract-security smartcontractaudit web3security
Last synced: 17 Jan 2025
https://github.com/markgacoka/r3c0n
A tool for performing reconnaissance on web targets in Python
bugbounty cybersecurity library python recon reconnaissance reconnaissance-framework
Last synced: 21 Nov 2024
https://github.com/xalgord/source-scraper
Scrape Source Code of sensitive files like js, jsp, aspx, json and php using curl.
bugbounty curl scraper sensitive-data-exposure
Last synced: 21 Jan 2025
https://github.com/hackshiv/ffuf-outputter
A cleaner way to save my ffuf output - consider combining it with ffuf easily.
automation bugbounty bugbounty-tool bughunter cybersecurity directoryfuzzer ffuf fuzzer hacking output python3 tools tools-and-automation
Last synced: 12 Nov 2024
https://github.com/hackerajofficial/server-side-template-injection
A server-side template injection occurs when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.
bug bug-bounty bugbounty bugs hackeraj hackeraj-official hackerajofficial injection
Last synced: 08 Jan 2025
https://github.com/drdataye/drxploit
DrXploit is a powerful and open-source penetration testing and exploitation tool for web applications. This tool is designed to automate the process of discovering and exploiting vulnerabilities, saving time and effort for security researchers.
bugbounty exploit exploit-db hacking hacking-tool hackweb python3 scanning
Last synced: 20 Nov 2024