Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/pikpikcu/XRCross

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

bugbounty bugbounty-tool check-subdomains cors cors-scanner lfi rce recon scanners sqli ssrf subdomain-enumeration takeover-subdomain xss-scanner xss-vulnerability

Last synced: 12 Jul 2025

https://github.com/disclose/resources

Tools, data, and contact lists relevant to The disclose.io Project.

bug-bounty bugbounty certs infosec security vulnerability-disclosure

Last synced: 17 Jan 2026

https://github.com/yeswehack/pwn-machine

PwnMachine is a self hosting solution based on docker aiming to provide an easy to use pwning station for bug hunters.

bugbounty hacking pentest tools

Last synced: 24 Dec 2025

https://github.com/reconness/reconness

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

bugbounty pentesting platform recon redteam tools vulnerable-targets

Last synced: 17 Jan 2026

https://github.com/d4rckh/vaf

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

bruteforce bug-bounty bugbounty burpsuite fuzzer fuzzing hacking hacking-tools nim penetration-testing pentest-tool recon security-tools vaf web xss

Last synced: 09 Apr 2025

https://github.com/MayankPandey01/Jira-Lens

Fast and customizable vulnerability scanner For JIRA written in Python

bugbounty jira jira-rest-api python3 scanner security security-tools vulnerability-scanners

Last synced: 12 Jul 2025

https://github.com/teknogeek/ssrf-sheriff

A simple SSRF-testing sheriff written in Go

bugbounty go ssrf

Last synced: 02 Apr 2025

https://github.com/ameenmaali/urldedupe

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

bugbounty cpp hacking infosec penetration-testing url-parser

Last synced: 11 Jul 2025

https://github.com/tegal1337/0l4bs

Cross-site scripting labs for web application security enthusiasts

bugbounty labs xss xss-exploitation xss-vulnerability

Last synced: 09 Apr 2025

https://github.com/pdelteil/BugBountyReportTemplates

List of reporting templates I have used since I started doing BBH.

bugbounty bugcrowd hackerone intigriti reports templates

Last synced: 11 Jul 2025

https://github.com/EdOverflow/megplus

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

bugbounty infosec recon reconnaissance security

Last synced: 10 May 2025

https://github.com/random-robbie/bugbounty-scans

aquatone results for sites with bug bountys

bugbounty scan

Last synced: 26 Jan 2026

https://github.com/RapidDNS/Afuzz

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

bugbounty fuzzing pentest pentest-tool pentesting security-tools

Last synced: 12 Jul 2025

https://github.com/edoverflow/megplus

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

bugbounty infosec recon reconnaissance security

Last synced: 02 Apr 2025

https://github.com/sudosammy/knary

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support

bugbounty burpsuite canary ctf-tools discord discord-bot dns-canary microsoft-teams offensive-security penetration-testing pentesting pushover-notifications security-tools slackbot

Last synced: 10 Mar 2026

https://github.com/rajanagori/nightingale

Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment. It comes preconfigured with all essential tools and utilities required for efficient Vulnerability Assessment and Penetration Testing (VAPT), streamlining the setup process for security professionals.

bugbounty cybersecurity docker-image hacking hacking-tools htb nightingale osint owasp penetration-testing pentest-tool pentesting platform-independent vulnerabilities

Last synced: 20 Feb 2026

https://github.com/ameenmaali/qsfuzz

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

bugbounty fuzz infosec security vulnerability-detection

Last synced: 02 Apr 2025

https://github.com/JoshuaMart/AutoRecon

Simple shell script for automated domain recognition with some tools

automated bugbounty domain-discovery recon reconnaissance

Last synced: 07 Apr 2025

https://github.com/MindPatch/lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity

Last synced: 02 Apr 2025

https://github.com/mindpatch/lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity

Last synced: 06 Apr 2025

https://github.com/offciercia/tips-solidity-code-auditors

Gaining the most elusive of tips. Add your input and let's collect them all!

audit bug-bounty bugbounty smart-contracts solidity web3

Last synced: 07 Apr 2025

https://github.com/projectdiscovery/dnsprobe

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

bugbounty dns dns-utils dnsprobe retryabledns security subdomain

Last synced: 06 Apr 2025

https://github.com/blackhatethicalhacking/terminatorz

TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.

bugbounty bugbounty-tool hacking offensive-security penetration-testing pentesting redteam

Last synced: 06 Apr 2025

https://github.com/firefart/hijagger

Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration

bugbounty golang hacking npm pypi security security-tools

Last synced: 07 Apr 2025

https://github.com/six2dez/dorks_hunter

Simple Google Dorks search tool

bugbounty dorks google hacking offensive osint pentest recon

Last synced: 07 Apr 2025

https://github.com/edoardottt/missing-cve-nuclei-templates

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

automation bug-bounty bug-hunting bugbounty bugbounty-tool bugbountytips cve cve-scanning hacking nuclei nuclei-engine nuclei-templates penetration-testing pentesting projectdiscovery security security-tools vulnerability-detection vulnerability-scanners

Last synced: 09 Apr 2025

https://github.com/ThreatUnknown/jsubfinder

jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).

bugbounty pentesting proxy security security-tools

Last synced: 19 Apr 2025

https://github.com/si9int/cc.py

Extracting URLs of a specific target based on the results of "commoncrawl.org"

bugbounty osint pentesting

Last synced: 01 Apr 2025

https://github.com/Micro0x00/Arsenal

Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty

bug-bounty bugbounty hacking infosec osint penetration-testing pentesting recon reconnaissance security-tools shell

Last synced: 20 Apr 2025

https://github.com/edoverflow/contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.

bugbounty infosec osint security

Last synced: 06 Apr 2025

https://github.com/EdOverflow/contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.

bugbounty infosec osint security

Last synced: 12 Jul 2025

https://github.com/BountyStrike/Bountystrike-sh

Poor (rich?) man's bug bounty pipeline https://dubell.io

bugbounty bugbounty-platform

Last synced: 12 Jul 2025

https://github.com/FleexSecurity/fleex

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

bug-bounty bugbounty digitalocean distributed-computing distributed-systems hacking hacking-tool hacktoberfest linode

Last synced: 11 Jul 2025

https://github.com/sw33tLie/fleex

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

bug-bounty bugbounty digitalocean distributed-computing distributed-systems hacking hacking-tool hacktoberfest linode

Last synced: 05 Apr 2025

https://github.com/BitTheByte/Monitorizer

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

bugbounty bugcrowd hackerone subdomain-enumeration subfinder

Last synced: 11 Jul 2025

https://github.com/devploit/XORpass

Encoder to bypass WAF filters using XOR operations.

bugbounty pentesting php waf-bypass websec xor

Last synced: 30 Apr 2025

https://github.com/daffainfo/all-about-apikey

Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)

api apikey bugbounty hacktoberfest pentest

Last synced: 27 Jan 2026

https://github.com/mlcsec/headi

Customisable and automated HTTP header injection

bugbounty golang header-injection

Last synced: 25 Dec 2025

https://github.com/cc1a2b/JShunter

JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for developers and security researchers.

bugbounty bugbounty-tool bugbountytips hacker javascript javascript-tools pentest pentest-tool pentesting

Last synced: 31 Oct 2025

https://github.com/d3mondev/burp-vps-proxy

This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.

bugbounty burp-extensions burpsuite pentesting proxy socks5

Last synced: 08 Sep 2025

https://github.com/blackhatethicalhacking/nucleimonst3r

Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.

bugbounty bugbounty-tool hacking hacking-tool infosec infosectools redteam vulnerability-scanners

Last synced: 07 Apr 2025

https://github.com/ghostvectoracademy/dllhijackhunter

Automated DLL Hijacking Discovery, Validation, and Confirmation. Turning local misconfigurations into weaponized, confirmed attack paths.

bug-bounty bugbounty bugbounty-tool cybersecurity cybersecurity-tools dll-hijack dll-hijacking dll-hooking dll-injection dll-sideloading pentesting privilege-escalation red-team red-team-tools vulnerability-scanners

Last synced: 02 Apr 2026

https://github.com/zzzteph/probable_subdomains

Subdomains analysis and generation tool. Reveal the hidden!

bugbounty bugbounty-tool wordlist

Last synced: 11 Jul 2025

https://github.com/vflame6/leaker

Passive leak enumeration tool.

bugbounty hacking leak-detection leaks osint reconnaissance

Last synced: 01 Apr 2026

https://github.com/gwen001/bb-datas

Tools and datas related to Bug Bounty.

bugbounty pentesting security

Last synced: 09 May 2025

https://github.com/Sh1Yo/request_smuggler

Http request smuggling vulnerability scanner

bugbounty request-smuggling rust scanner security web

Last synced: 11 Apr 2025

https://github.com/blackhatethicalhacking/secretopt1c

SecretOpt1c is a Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!

bugbounty hacking infosec reconnaissance secrets-detection

Last synced: 09 Apr 2025

https://github.com/Josue87/AnalyticsRelationships

Get related domains / subdomains by looking at Google Analytics IDs

bugbounty osint subdomains

Last synced: 11 Jul 2025

https://github.com/Impact-I/x8-Burp

Hidden parameters discovery suite

api-testing bugbounty content-discovery parameter-discovery recon

Last synced: 12 Jul 2025

https://github.com/ArturSS7/TukTuk

Tool for catching and logging different types of requests.

bugbounty go golang pentest security summer-of-hack

Last synced: 10 May 2025

https://github.com/codingo/bbr

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

bug-bounty bug-bounty-hunters bugbounty bugbounty-tool reporting reporting-tool security-tools

Last synced: 27 Aug 2025

https://github.com/ameenmaali/wordlistgen

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths

bugbounty content-discovery hacking infosec wordlists

Last synced: 11 Jul 2025

https://github.com/codingo/crithit

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

bugbounty enumeration hacking hacking-tool infosec offensive-security penetration-testing pentest-tools pentesting security security-audit security-tools security-vulnerability web-application-security

Last synced: 19 Jun 2025

https://github.com/riza/linx

Reveals invisible links within JavaScript files

bugbounty recon

Last synced: 16 Feb 2026

https://github.com/escape-technologies/graphinder

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

bugbounty finder graphql osint reconnaissance security spider subdomain-enumeration subdomain-scanner

Last synced: 06 Apr 2025

https://github.com/Sachin-v3rma/Astra

Astra is a tool to find URLs and secrets inside a webpage/files

bugbounty hacking infosec pentesting security

Last synced: 12 Jul 2025

https://github.com/pdelteil/BugBountyHuntingScripts

I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.

bbrf bugbounty

Last synced: 12 Jul 2025

https://github.com/InfoSecWarrior/Offensive-Payloads

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

bugbounty payloads pentest pentesting security vulnerability-assessment wordlists

Last synced: 27 Sep 2025

https://github.com/nerrorsec/Google-Dorker

Automate dorking while doing bug bounty or other stuffs.

bug-bounty bugbounty github-dorking google-dorking infosec osint pentesting security shodan-dorks

Last synced: 30 Apr 2025

https://github.com/stevemcilwain/quiver

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

bugbounty hacking hacking-tools kali kali-linux penetration-testing pentesting zsh zsh-plugin

Last synced: 03 Apr 2025

https://github.com/harleo/asnip

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

asn bugbounty discovery ip mapping organization osint pentesting reconnaissance target

Last synced: 12 Jan 2026

https://github.com/putsi/privatecollaborator

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

bugbounty burp burpsuite burpsuitepro collaborator penetration-testing penetration-testing-tools

Last synced: 12 May 2025

https://github.com/cosad3s/postleaks

Search for sensitive data in Postman public library.

bugbounty leaks osint postman

Last synced: 16 May 2025

https://github.com/Static-Flow/gofingerprint

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

bugbounty bugbounty-tool golang hacking hacking-tool

Last synced: 03 Apr 2025

https://github.com/gwen001/offsectools_www

A vast collection of security tools and resources curated by the community.

bugbounty cybersecurity pentesting security-tools tools

Last synced: 16 Jul 2025

https://github.com/shivamrai2003/reconky-automated_bash_script

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

automated-testing bash-script bugbounty bugbounty-tool bugbounty-tools enumeration exploitation hacking hacking-code nmap osint penetration-testing pentesting-tools recon recon-tools reconnaissance

Last synced: 08 May 2025

https://github.com/iamsarvagyaa/AndroidSecNotes

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

adb android androidsecurity bugbounty hacking notes pentesting security

Last synced: 11 Jul 2025

https://github.com/harleo/knockknock

A simple reverse whois lookup tool which returns a list of domains owned by people or companies

bugbounty domains infosec organization osint owned pentesting reconnaissance reverse whois

Last synced: 14 Jan 2026

https://github.com/random-robbie/jira-scan

CVE-2017-9506 - SSRF

bugbounty jira ssrf

Last synced: 12 May 2025

https://github.com/ryandamour/ssrfuzz

SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities

bugbounty security ssrf

Last synced: 20 Feb 2026

https://github.com/sickcodes/no-sandbox

No Sandbox - Applications That Run Chromium and Chrome Without The Sandbox. TL;DR exploits in these browser based applications are already sandboxed escaped: https://no-sandbox.io/

0day bug bugbounty chrome chromium exploit rce research

Last synced: 24 Mar 2025

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,312 Cross Site Scripting (XSS) 2,111 Others 1,678 Go 1,219 Java 889 Uncategorized 733 Shell 700 JavaScript 675 C 521 Weapons 501 C# # 439 Remote Code Execution (RCE) 429 C++ 410 Android 356 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183