Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/p0dalirius/robotstester

This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.

bugbounty crawler pentesting python robots tool

Last synced: 30 Dec 2024

https://github.com/dreamer1eh/ultimate_bughunter_tools

Ultimate Package Of 50 Bug Bounty Hunting Tools

bug-bounty bugbounty infosec security security-tools

Last synced: 21 Nov 2024

https://github.com/Dc4ts/ChangeTower

ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go

bugbounty bugbounty-tool golang red-team webscanner

Last synced: 21 Nov 2024

https://github.com/cqsd/daily-commonspeak2

commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists

bugbounty content-discovery security

Last synced: 21 Nov 2024

https://github.com/m8sec/subwalker

Simultaneously execute various subdomain enumeration tools and aggregate results.

bugbounty recon subdomain-enumeration

Last synced: 19 Dec 2024

https://github.com/BountyStrike/Emissary

Send notifications on different channels such as Slack, Telegram, Discord etc.

bugbounty golang notification

Last synced: 16 Nov 2024

https://github.com/pikpikcu/js-finding

JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various extraction methods and provides additional options for file download and wordlists creation.

bugbounty recon

Last synced: 20 Nov 2024

https://github.com/melbadry9/ScanApi

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

bugbounty recon s3-bucket-scanner subdomains-enumeration

Last synced: 21 Nov 2024

https://github.com/mathis2001/webhackurls

Simple python OSINT tool for urls recon thanks to the waybackmachine.

bugbounty osint pentesting recon wayback-machine webarchive

Last synced: 11 Nov 2024

https://github.com/0xpugal/knoxsser

A concise and effective bash script for mass XSS scanning utilizing the KNOXSS API by Brute Logic

bugbounty knoxss xss

Last synced: 08 Nov 2024

https://github.com/acuciureanu/ppfang

A tool which helps identifying client-side prototype polluting libraries

bugbounty bugbounty-tool bugbountytips chromium cspp prototype-pollution security security-tools vulnerability-scanners

Last synced: 12 Oct 2024

https://github.com/BLACK-SCORP10/url-status-checker

Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded output, and easy CLI usage, it's a handy solution for monitoring web service performance.

automation bug-bounty bugbounty bugbounty-tools bugbountyautomation bulk easy-to-use httpx infosys python status-codes statuscode

Last synced: 25 Nov 2024

https://github.com/brosck/bugbountytricks

「🐞」Bug Bounty Tricks

bounty bug bugbounty security tips tricks

Last synced: 13 Jan 2025

https://github.com/typeerror/crystalball

An enchanting 🔮 web screenshot tool for capturing and sharing web content effortlessly

bugbounty enumeration infosec security web-screenshot

Last synced: 08 Nov 2024

https://github.com/abuvanth/kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool

automation aws aws-s3 bucket-misconfiguration-testing bugbounty s3 s3-bucket-finder security-tools storage

Last synced: 03 Nov 2024

https://github.com/blackhatethicalhacking/openrediwrecked

A powerful and sophisticated tool for detecting and exploiting open redirect vulnerabilities using the sed utility and a selected list of carefully crafted payloads with encoding techniques.

bugbounty hacking infosec openredirect-scanner penetration-testing pentesting

Last synced: 05 Nov 2024

https://github.com/edoardottt/malicious-rmqr-codes

Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

bug-bounty bugbounty malicious-payloads offensive-security payload-generator payloads qr-code qrcode qrcodes red-team red-team-tools redteam redteam-tools redteaming rmqr rmqrcode security security-tools web-security

Last synced: 28 Oct 2024

https://github.com/andripwn/PayloadsAll

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

allpayload bugbounty bugcrowd bughunter hackerone payloads pentest python rce researchers securityresearchers sql vulnerability vulnerabilityanalysis xsss

Last synced: 23 Oct 2024

https://github.com/bountymachine/about

A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!

automation bountymachine bugbounty infosec presentation slides

Last synced: 18 Nov 2024

https://github.com/hahwul/backbomb

💣 Dockerized penetration-testing/bugbounty/app-sec testing environment

appsec bugbounty docker docker-image environment golang hacking pentest security tools

Last synced: 21 Jan 2025

https://github.com/mathis2001/paramfirstcheck

ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, RCE and Open redirect

bugbounty parameters pentest top25

Last synced: 11 Nov 2024

https://github.com/blackhatethicalhacking/sql-injection-pwn

A 1 Liner SQL Injection Attack using SQLMAP and various parameters that helps quickly check for a vulnerabilities during Bug Bounty

bugbounty hacking penetration-testing pentesting redteam sqlinjection

Last synced: 05 Nov 2024

https://github.com/0xpugal/bounty.sh

simple bash script to earn bounties

bash bugbounty recon reconnaissance shell

Last synced: 08 Nov 2024

https://github.com/Sajibekanti/Bug_Bounty_List

Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.

bugbounty halloffame

Last synced: 21 Nov 2024

https://github.com/sidxparab/subdomain-enumeration-guide

This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.

bugbounty pentesting recon reconnaissance subdomain-enumeration

Last synced: 18 Dec 2024

https://github.com/R0X4R/snetra

A Python based scanner uses shodan-internetdb to scan the IP.

bugbounty penetration-testing penetration-testing-tools python3 shodan

Last synced: 21 Nov 2024

https://github.com/r0x4r/snetra

A Python based scanner uses shodan-internetdb to scan the IP.

bugbounty penetration-testing penetration-testing-tools python3 shodan

Last synced: 08 Nov 2024

https://github.com/sidxparab/Subdomain-Enumeration-Guide

This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.

bugbounty pentesting recon reconnaissance subdomain-enumeration

Last synced: 21 Nov 2024

https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn

An AIO Tool to check for Vulnerable Amazon S3 Buckets as part of Bug Bounty, the uniqueness of this tool is that it can take a file full of buckets, and check all of them with various attack scenarios if they are vulnerable

bugbounty hacking penetration-testing pentest-tool pentesting redteam s3-bucket

Last synced: 05 Nov 2024

https://github.com/Damian89/simple-oob-scanner

Simple tool to test for SSRF/OOB HTTP Read within the Path of a request

bugbounty penetration-testing pentesting python3

Last synced: 21 Nov 2024

https://github.com/gwen001/bbstats

Bug Bounty statistics tool.

bugbounty graph php stats

Last synced: 09 Nov 2024

https://github.com/grafana/bugbounty

Grafana Labs bug bounty

bounty bug bugbounty grafana rewards security

Last synced: 04 Feb 2025

https://github.com/BitTheByte/Orkestra

Web-based Android debugger with inspection capabilities using Frida and Jadx as a backbone

android bugbounty bugcrowd debugger decompiler frida hackerone jadx java java-decompiler orkestra

Last synced: 21 Nov 2024

https://github.com/aldo-moreno-leon/ORtester

Open Redirect scanner - (out of date)

bugbounty pentest-tool

Last synced: 21 Nov 2024

https://github.com/BitTheByte/BitTraversal

Burpsuite Plugin to detect Directory Traversal vulnerabilities

bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender java path-traversal traversal web

Last synced: 21 Nov 2024

https://github.com/melbadry9/WhoEnum

Mass querying whois records

bugbounty enumeration recon whois

Last synced: 21 Nov 2024

https://github.com/ihebski/db

Bugbounty utility to store list of enumerated subdomains into an sqlite3 db [one liner style / Pipe and save]

bugbounty database mini-utility sqlite3 subdomain-enumeration

Last synced: 29 Oct 2024

https://github.com/dwisiswant0/nodep

A tool for check available dependency packages across npmjs, PyPI or RubyGems registry.

bugbounty bugbounty-tool gem go golang npm npmjs pip pypi rubygems

Last synced: 12 Oct 2024

https://github.com/swanandx/rustywitness

A CLI tool for getting screenshots of URLs using headless chrome

bugbounty cli headless-chrome recon rust web

Last synced: 27 Oct 2024

https://github.com/mrofisr/gf-patterns

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

bugbounty grep security

Last synced: 23 Jan 2025

https://github.com/theporgs/exegol-resources

Hacking resources for the Exegol project

active-directory bugbounty hacking pentesting

Last synced: 16 Nov 2024

https://github.com/0xAkashsky/sub-scout

Simple bash Script to automate initial recon using (httpx, puredns, regulator, wayback, katana, aquatone)

bugbounty cybersecurity infosec infosectools security tools

Last synced: 23 Oct 2024

https://github.com/gwen001/favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

bugbounty favicon pentesting python security-tools shodan

Last synced: 09 Nov 2024

https://github.com/VincentDS/HackerOne-Notifier

Send notifications if a new program is published on HackerOne using Pushbullet

bugbounty hackerone notifications pushbullet

Last synced: 21 Nov 2024

https://github.com/vah13/BurpCRLFPlugin

Another plugin for CRLF vulnerability detection

bugbounty burp crlf plugin scanner vulnerability-detection

Last synced: 25 Oct 2024

https://github.com/tuxotron/docker-image-generator

Customized docker images generation toolkit

bugbounty docker infosec pentesting

Last synced: 21 Nov 2024

https://github.com/xalgord/my-methodologies

Tools and methods that I personally use for Recon and Exploitations

bug-bounty bugbounty penetration-testing pentesting recon xss

Last synced: 21 Jan 2025

https://github.com/javierolmedo/ipdiscover

🔍 A simple tool to obtain long lists of ips from domains using goroutines

bugbounty bughunter domain hacking-tool ip recon

Last synced: 29 Nov 2024

https://github.com/txuswashere/pentesting

CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...

active-directory audit auditing bugbounty cloudsecurity cyber-security cybersecurity exploiting hacking networksecurity osint pentesting pentesting-tools privilegeescalation purple-team purpleteam resources reversing webpentest webpentesting

Last synced: 30 Jan 2025

https://github.com/melbadry9/cname

CNAME records lookup

bugbounty dns recon

Last synced: 23 Oct 2024

https://github.com/randomrobbiebf/phpunit-brute

Tool to try multiple paths for PHPunit RCE CVE-2017-9841

bugbounty cve-2017-9841 phpunit

Last synced: 20 Nov 2024

https://github.com/itsignacioportal/hacker-scoper

Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.

bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity

Last synced: 30 Dec 2024

https://github.com/gwen001/csp-analyzer

Analyze Content-Security-Policy header of a given URL.

bugbounty content-security-policy csp pentesting python security-tools

Last synced: 09 Nov 2024

https://github.com/thelikes/fuzzmost

all manner of wordlists

bugbounty infosec recon wordlist

Last synced: 21 Nov 2024

https://github.com/ItsIgnacioPortal/hacker-scoper

Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.

bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity

Last synced: 21 Nov 2024

https://github.com/proditis/bugbounty-cicd

A set of Gitlab pipelines and Github workflows to automate and ease on BugBounty and Penetration Testing engagements

bugbounty bugbounty-pipeline cybersecurity devsecops devsecops-pipeline gitlab gitlab-ci

Last synced: 08 Nov 2024

https://github.com/elniak/bountydork

BountyDork is a comprehensive tool designed for penetration testers and cybersecurity researchers. It integrates various modules for performing attacks, reporting, and managing VPN/proxy settings, making it an indispensable asset for any security professional.

bugbounty dork dorking google penetration-testing proxy pypy python vpn

Last synced: 13 Dec 2024

https://github.com/sam5epi0l/beginner-bug-bounty-automation

Many script that can be modified according to your needs for Information Gathering and Asset discovery in Bug Bounty Hunting (Pull requests are welcome!)

amass bash-script beginner-friendly bug-bounty bugbounty hacking hacking-tools nipe penetration-testing recon reconnaissance starter-kit tor tor-network

Last synced: 22 Nov 2024

https://github.com/AmoloHT/TTWAF

「🧱」Test a list of payloads and see if you can bypass it

application bugbounty bugbounty-tool bypass firewall lfi payload rce rust sqli test waf xss

Last synced: 23 Oct 2024

https://github.com/topscoder/fourohme

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.

401 401-bypass 403 403-bypass bugbounty bugbountytips bugbountytricks cli http http-headers osint recon

Last synced: 13 Nov 2024

https://github.com/JavierOlmedo/ipdiscover

🔍 A simple tool to obtain long lists of ips from domains using goroutines

bugbounty bughunter domain hacking-tool ip recon

Last synced: 21 Nov 2024

https://github.com/Naategh/dom-red

Small script to check a list of domains against open redirect vulnerability

bugbounty open-redirect python

Last synced: 03 Nov 2024

https://github.com/incogbyte/laravel-phpunit-rce-masscaner

Masscanner for Laravel phpunit RCE CVE-2017-9841

bugbounty cve-2017-9841

Last synced: 07 Dec 2024

https://github.com/ImAyrix/er

😁 Easy Regex

bug-bounty bugbounty cli golang regex

Last synced: 23 Oct 2024

https://github.com/p0dalirius/robotsvalidator

A python script to check if URLs are allowed or disallowed by a robots.txt file.

allow bugbounty bypass check disallow robots-txt web

Last synced: 30 Dec 2024

https://github.com/choirurrizal/paraminer

finds hidden parameters

bugbounty php recon

Last synced: 21 Nov 2024

https://github.com/anof-cyber/web-recon

Web application recon for bug bounty

bugbounty httprobe linkfinder nmap sublist3r waybackurl

Last synced: 06 Nov 2024

https://github.com/adnanekhan/actionstoctou

Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)

actions bugbounty cicd

Last synced: 08 Nov 2024

https://github.com/humblelad/Needle

Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip

bugbounty bugcrowd chrome-extension hackerone intigriti yeswehack

Last synced: 21 Nov 2024

https://github.com/h0tak88r/nuclei_templates

Collection of templates from various resources

bugbounty cybersecurity nuclei-tamplates

Last synced: 18 Jan 2025

https://github.com/nscuro/fdnssearch

Swiftly search FDNS datasets from Rapid7 Open Data

bugbounty dns fdns golang opendata rapid7 subdomains

Last synced: 21 Nov 2024

https://github.com/adnanekhan/actionscacheblasting

Proof-of-concept code for research into GitHub Actions Cache poisoning.

actions bugbounty cicd

Last synced: 08 Nov 2024

https://github.com/cokebeer/go-cves

收录go语言编写的项目、框架和组件出现的cve,或者一些相关的利用方式的文章

bugbounty cve exploit go poc security

Last synced: 02 Dec 2024

https://github.com/gwen001/detectify-cves

Find CVEs that don't have a Detectify modules.

bugbounty cve detectify pentesting scanner security-tools

Last synced: 09 Nov 2024