Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/lord-alfred/ipranges

🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.

amazon-aws azure bing bingbot bug-bounty bugbounty cidr cidr-ranges digitalocean facebook google-cloud googlebot ip-ranges iplist microsoft network-security oracle osint pentesting twitter

Last synced: 11 Apr 2025

https://github.com/TypeError/domained

Multi Tool Subdomain Enumeration

bugbounty enumeration infosec security subdomains

Last synced: 02 Apr 2025

https://github.com/utkusen/socialhunter

crawls the website and finds broken social media links that can be hijacked

bug-bounty bugbounty osint redteam redteaming

Last synced: 07 Oct 2025

https://github.com/revoltsecurities/subdominator

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

bugbounty information-gathering python reconnaissance subdomain-enumeration subdomain-finder subdomain-gathering subdomains subdomains-discovery subdomains-enumeration

Last synced: 04 Apr 2026

https://github.com/bishopfox/h2csmuggler

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

bugbounty infosec security-research security-tools

Last synced: 04 Apr 2025

https://github.com/BishopFox/h2csmuggler

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

bugbounty infosec security-research security-tools

Last synced: 02 Apr 2025

https://github.com/MrEmpy/mantra

「🔑」A tool used to hunt down API key leaks in JS files and pages

api bugbounty files hacking javascript js key leak leaked-secrets pentest security tool

Last synced: 20 Jun 2025

https://github.com/six2dez/burp-ai-agent

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

ai appsec bugbounty burp burp-extensions burp-plugin burp-suite hacking kotlin llm mcp pentesting security web-security

Last synced: 07 Mar 2026

https://github.com/brosck/mantra

「🔑」A tool used to hunt down API key leaks in JS files and pages

api bugbounty files hacking javascript js key leak leaked-secrets pentest security tool

Last synced: 14 Apr 2025

https://github.com/h33tlit/secret-regex-list

List of regex for scraping secret API keys and juicy information.

bugbounty google google-api juicy oauth regex regex-pattern secret secret-keys

Last synced: 15 May 2025

https://github.com/iamthefrogy/frogy

My subdomain enumeration script. It's unique in the way it is built upon.

bug-bounty bugbounty infosec osint reconnaissance

Last synced: 13 Apr 2025

https://github.com/n0kovo/n0kovo_subdomains

An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.

bugbounty enumeration osint pentesting reconnaissance redteam subdomain-brute subdomain-bruteforcing subdomain-enumeration subdomain-scanner subdomain-wordlist subdomains wordlist wordlists

Last synced: 28 Jan 2026

https://github.com/the-xentropy/samlists

Free, libre, effective, and data-driven wordlists for all!

bugbounty cybersecurity hacking hacking-tools

Last synced: 18 Feb 2026

https://github.com/dwisiswant0/ppfuzz

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

bugbounty bugbounty-tool bugbountytips chromium prototype-pollution rust rust-tools security security-tools vulnerability-scanners

Last synced: 16 May 2025

https://github.com/eslam3kl/SQLiDetector

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

bug-bounty bugbounty infosec penetration-testing pentesting sqlinjection

Last synced: 10 May 2025

https://github.com/intigriti/misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

bug-bounty bugbounty cybersecurity hacking hacking-tool misconfig misfconfiguration services

Last synced: 11 Mar 2025

https://github.com/anasfik/flutter-spy

Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.

bugbounty flutter osint recon reconnaissance reverse-engineering security-tools

Last synced: 04 Apr 2025

https://github.com/infobyte/emploleaks

An OSINT tool that helps detect members of a company with leaked credentials

bugbounty cybersecurity leaked-secrets osint pentesting redteam

Last synced: 15 May 2025

https://github.com/Bywalks/DarkAngel

DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。

bugbounty penetration-testing security-tools

Last synced: 12 Jul 2025

https://github.com/chiasmod0n/chiasmodon

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.

asn attack-surface bugbounty bugbounty-tool chiasmodon cidr credentials email-enumeration emails information-gathering intelligence intelligence-analysis osint reconnaissance reconnaissance-framework subdomain-enumeration subdomains

Last synced: 18 Apr 2025

https://github.com/nullt3r/jfscan

JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report.

bugbounty enumeration masscan network nmap pentesting portscanner python recon scanning security-tools tcp vulnerabilityscanner

Last synced: 07 Apr 2025

https://github.com/xalgord/xalgorix

Xalgorix - The Most Powerful Open-Source AI Pentesting Agent

ai ai-tools bug-bounty bugbounty cybersecurity security technology

Last synced: 07 Jun 2026

https://github.com/ghsec/webHunt

Web App bug hunting

bugbounty

Last synced: 11 Jul 2025

https://github.com/n0mi1k/apk2url

An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling

android android-security apk apktool bugbounty endpoint-discovery jadx osint-tool redteam-tools

Last synced: 16 May 2025

https://github.com/harsh-bothra/securityexplained

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

appsecurity bugbounty hacking learning pentesting

Last synced: 27 Jan 2026

https://github.com/aw-junaid/hacking-tools

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

algorithms artificial-intelligence bugbounty cryptography cyber-threat-intelligence cybersecurity-projects ethical-hacking hacking-tools malware nessus network-monitoring network-security nmap portscanner python pythonprojects threat-intelligence virus-scanning

Last synced: 13 Apr 2025

https://github.com/LewisArdern/bXSS

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

blueteam bugbounty bxss cross-site-scripting infosec security xss

Last synced: 02 Apr 2025

https://github.com/adnanekhan/gato-x

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

bugbounty cicd github github-actions hacking red-team

Last synced: 25 Apr 2026

https://github.com/KathanP19/Gxss

A tool to check a bunch of URLs that contain reflecting params.

bugbounty bugbounty-tool golang xss xss-detection

Last synced: 11 Jul 2025

https://github.com/jordanpotti/cloudscraper

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

aws azure bugbounty digitalocean hacking reconnaissance

Last synced: 05 Apr 2025

https://github.com/jordanpotti/CloudScraper

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

aws azure bugbounty digitalocean hacking reconnaissance

Last synced: 20 Mar 2025

https://github.com/p0dalirius/webapp-wordlists

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

application bugbounty cms content-management-system drupal pentesting typo3 version web wordlists wordpress

Last synced: 15 May 2025

https://github.com/lewisardern/bxss

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

blueteam bugbounty bxss cross-site-scripting infosec security xss

Last synced: 02 Apr 2025

https://github.com/v4d1/Dome

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

bugbounty enumeration hacking-tool osint penetration-testing pentesting recon reconnaissance redteam redteam-tools subdomain subdomain-brute subdomain-enumeration subdomain-finder subdomain-scanner

Last synced: 12 Jul 2025

https://github.com/whitel1st/docem

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

bugbounty oxml xss xss-injection xxe xxe-injection

Last synced: 02 Apr 2025

https://github.com/komomon/Komo

🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具,集成了20余款工具,通过多种方式对子域进行获取,收集域名邮箱,进行存活探测,域名指纹识别,域名反查ip,ip端口扫描,web服务链接爬取并发送给xray,对web服务进行POC漏洞扫描,对主机进行主机漏洞扫描。

amass bugbounty crawlergo ctfr emailall gospider hacking httpx information-gathering infosec ksubdomain naabu nuclei oneforall osint pentesting poc rad subfinder xray

Last synced: 12 Jul 2025

https://github.com/SecShiv/OneDorkForAll

An insane list of all dorks taken from everywhere from various different sources.

alldorks bugbounty darkweb dorking dorking-target dorking-tool dorks dorks-dumper googledork googledorks intel osint red-team research shodandorks

Last synced: 31 Oct 2025

https://github.com/yogsec/hacking-tools

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

blue-team bug-bounty-tools bugbounty bugbountytips cybersecurity ethical-hacking-tools exploit forensics hackers hacking hacking-tools kali-linux linux-tools penetration-testing penetration-testing-tools red-team reverse-engineering vulnerability web-security

Last synced: 05 Mar 2026

https://github.com/RevoltSecurities/Subdominator

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

bugbounty information-gathering python reconnaissance subdomain-enumeration subdomain-finder subdomain-gathering subdomains subdomains-discovery subdomains-enumeration

Last synced: 16 Oct 2025

https://github.com/kleiton0x00/ppmap

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

bug-bounty bugbounty bugbounty-tool cybersecurity infosec prototype-pollution xss xss-detection xss-exploitation xss-vulnerability

Last synced: 05 Apr 2025

https://github.com/edoverflow/bugbountyguide

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

bugbounty infosec security

Last synced: 26 Jan 2026

https://github.com/Josue87/gotator

Gotator is a tool to generate DNS wordlists through permutations.

bug-bounty bugbounty reconnaissance security-tools subdomain

Last synced: 10 May 2025

https://github.com/c0dejump/HawkScan

Security Tool for Reconnaissance and Information Gathering on a website. (python 3.x)

bugbounty fuzzer hawkscan information-gathering reconnaissance web

Last synced: 11 Jul 2025

https://github.com/EdOverflow/bugbountyguide

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

bugbounty infosec security

Last synced: 13 Mar 2025

https://github.com/aydinnyunus/exifLooter

ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap

bug-bounty bugbounty cyber-security exif exif-metadata exiftool golang hack hacking image metadata metadata-extraction osint redteam security

Last synced: 06 Apr 2025

https://github.com/aydinnyunus/exiflooter

ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap

bug-bounty bugbounty cyber-security exif exif-metadata exiftool golang hack hacking image metadata metadata-extraction osint redteam security

Last synced: 27 Oct 2025

https://github.com/capt-meelo/LazyRecon

An automated approach to performing recon for bug bounty hunting and penetration testing.

bugbounty pentest recon reconnaissance

Last synced: 24 Mar 2025

https://github.com/hakluke/hakip2host

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

bugbounty hacking osint recon

Last synced: 06 Apr 2025

https://github.com/anmolksachan/TheTimeMachine

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

automate bugbounty fuzzer fuzzing jira lfi openredirect osint parameter scanner xss

Last synced: 07 Sep 2025

https://github.com/epi052/recon-pipeline

An automated target reconnaissance pipeline.

bugbounty python3 recon recon-pipeline reconnaissance scanner security-tools

Last synced: 05 Apr 2025

https://github.com/Anlominus/Bug-Bounty

Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More

bug-bounty bug-bounty-hunting bug-bounty-recon bug-bounty-tools bugbounty hacking infosec penetration-testing

Last synced: 21 Jul 2025

https://github.com/1in9e/gosint

Gosint is a distributed asset information collection and vulnerability scanning platform

bugbounty information-gathering information-security osint security-tools

Last synced: 06 Apr 2025

https://github.com/ImAyrix/fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

bug-bounty-hunters bugbounty penetration-testing pentest ssrf web-application-security web-security wordlist wordlist-generator xss

Last synced: 01 Mar 2026

https://github.com/anlominus/bug-bounty

Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More

bug-bounty bug-bounty-hunting bug-bounty-recon bug-bounty-tools bugbounty hacking infosec penetration-testing

Last synced: 05 Apr 2025

https://github.com/gradejs/gradejs

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

bugbounty bundle bundling javascript npm package-management security-tools vulnerability vulnerability-detection webpack website-security

Last synced: 26 Mar 2025

https://github.com/domain-protect/domain-protect

OWASP Domain Protect - prevent subdomain takeover

aws bugbounty cloudflare dns owasp security security-tools serverless terraform

Last synced: 16 May 2025

https://github.com/taielab/Taie-Bugbounty-killer

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧,看了并去做了捡钱如喝水。

bugbounty bugbounty-tool bugbountytips

Last synced: 11 Jul 2025

https://github.com/l4yton/RegHex

A collection of regexes for every possbile use

bugbounty regex security

Last synced: 06 Apr 2025

https://github.com/hahwul/authz0

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

auth authorization authz bugbounty golang golang-application security security-scanner security-tools

Last synced: 05 Apr 2025

https://github.com/yassineaboukir/Asnlookup

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

asn bugbounty enumeration hacking infosec masscan nmap pentest port-scanning reconnaissance

Last synced: 07 Apr 2025

https://github.com/hahwul/mad-metasploit

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

bugbounty collections hacking mad-metasploit metasploit resources security

Last synced: 05 Apr 2025

https://github.com/AdnaneKhan/Gato-X

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

bugbounty cicd github github-actions hacking red-team

Last synced: 30 Aug 2025

https://github.com/pikpikcu/airecon

AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI. It is designed to automate security assessments, penetration testing, and bug bounty reconnaissance — without any API keys or cloud dependency.

ai-agents automation bugbounty cli ollama penetration-testing python reconnaissance

Last synced: 01 May 2026

https://github.com/p0dalirius/ipsourcebypass

This Python script can be used to bypass IP source restrictions using HTTP headers.

bugbounty bypass headers http ip pentesting python tool

Last synced: 16 May 2025

https://github.com/gwen001/s3-buckets-finder

Find AWS S3 buckets and test their permissions.

aws aws-s3 bucket bugbounty cloud pentesting php s3 s3-bucket security-tools

Last synced: 06 Apr 2025

https://github.com/AdnaneKhan/gato-x

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

bugbounty cicd github github-actions hacking red-team

Last synced: 15 Jul 2025

https://github.com/al-sultani/url-tracker

Change monitoring app that checks the content of web pages in different periods.

bugbounty change-monitoring recon reconnaissance security

Last synced: 09 Mar 2026

https://github.com/mzfr/slicer

A tool to automate the boring process of APK recon

android apk apktool bugbounty hacktoberfest hacktoberfest2021

Last synced: 07 Apr 2025

https://github.com/ahussam/url-tracker

Change monitoring app that checks the content of web pages in different periods.

bugbounty change-monitoring recon reconnaissance security

Last synced: 10 Mar 2025

https://github.com/gwen001/cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare.

bugbounty cloudflare ips pentesting python security-tools webapp

Last synced: 05 Apr 2025

https://github.com/daffainfo/match-replace-burp

Useful "Match and Replace" burpsuite rules

bugbounty burpsuite hacktoberfest pentest

Last synced: 28 Jan 2026

https://github.com/kac89/vulnrepo

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, issues import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, methodologies and much more!

angular bugbounty burpsuite cve cwe end-to-end-encryption mitre-attack nessus nmap openvas pci-dss pentesting security security-team security-tool trivy vulnerability-assessment vulnerability-management vulnerability-report vulnerability-research

Last synced: 03 Apr 2025

https://github.com/puliczek/cve-2022-0337-poc-google-chrome-microsoft-edge-opera

🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

bugbounty bugbounty-writeups bugbountytips cve cve-2022-0337 cybersecurity exploit hacking payload pentest pentesting red-team security security-writeups writeups

Last synced: 27 Jan 2026

https://github.com/sdushantha/dora

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

apikeys bugbounty bugcrowd ethical-hacking exploits hackerone infosec python regex

Last synced: 06 Apr 2025

https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera

🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

bugbounty bugbounty-writeups bugbountytips cve cve-2022-0337 cybersecurity exploit hacking payload pentest pentesting red-team security security-writeups writeups

Last synced: 02 Apr 2025

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,312 Cross Site Scripting (XSS) 2,111 Others 1,678 Go 1,219 Java 889 Uncategorized 733 Shell 700 JavaScript 675 C 521 Weapons 501 C# # 439 Remote Code Execution (RCE) 429 C++ 410 Android 356 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183