Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/daffainfo/oneliner-bugbounty

A collection oneliner scripts for bug bounty

bugbounty hacktoberfest pentest

Last synced: 14 Feb 2026

https://github.com/dhn/udon

A simple tool that helps to find assets/domains based on the Google Analytics ID.

bugbounty domain osint recon reconnaissance subdomain

Last synced: 12 Mar 2026

https://github.com/iknowjason/edge

Whois for the Cloud: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.

bugbounty pentesting pentesting-tools redteam-tools

Last synced: 12 Jan 2026

https://github.com/Hrishikesh7665/Android-Pentesting-Checklist

Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skills with essential tools and user-friendly guides. Elevate Android security seamlessly!

android android-app android-penetration-testing-checklist android-pentesting-checklist bug-bounty bugbounty checklist cybersecurity frida magisk objection penetration-testing pentesting red-teaming vulnerability-assessment vulnerability-checklist

Last synced: 08 Apr 2025

https://github.com/shiblisec/Rekon

The project contains multiple shell scripts for automating the tasks during recon.

automation bash bugbounty hacking hacking-tools reconnaissance rekon

Last synced: 10 Mar 2025

https://github.com/shubhampathak/autosetup

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

autoinstall autosetup bash bugbounty debian infosec kali-linux linux post-installation postinstall recon reconnaissance script security shell ubuntu ubuntu-installation

Last synced: 12 Jul 2025

https://github.com/shiblisec/rekon

The project contains multiple shell scripts for automating the tasks during recon.

automation bash bugbounty hacking hacking-tools reconnaissance rekon

Last synced: 10 Apr 2025

https://github.com/daffainfo/Oneliner-Bugbounty

A collection oneliner scripts for bug bounty

bugbounty hacktoberfest pentest

Last synced: 21 Jul 2025

https://github.com/ihebski/XSS-Payloads

Collection of XSS Payloads for fun and profit

bugbounty bughunter javascript payloads pentesting xss-exploitation xss-payloads

Last synced: 28 Sep 2025

https://github.com/Shivangx01b/CorsMe

Cross Origin Resource Sharing MisConfiguration Scanner

application bugbounty bugbounty-tool golang offensive-security scanner web

Last synced: 02 Apr 2025

https://github.com/puliczek/cve-2021-21123-poc-google-chrome

🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...

bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups

Last synced: 15 Oct 2025

https://github.com/r0x4r/d4rkxss

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

bugbounty bughunter bughunting ethical-hacking hacking javascript xss-exploitation xss-filter xss-vulnerability

Last synced: 22 Aug 2025

https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...

bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups

Last synced: 02 Apr 2025

https://github.com/EasyRecon/Hunt3r

Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework

bugbounty reconnaissance subdomains

Last synced: 10 May 2025

https://github.com/edoverflow/proof-of-concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

bugbounty infosec poc proof-of-concept security

Last synced: 13 May 2025

https://github.com/EdOverflow/proof-of-concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

bugbounty infosec poc proof-of-concept security

Last synced: 04 May 2025

https://github.com/michaelstott/crlf-injection-scanner

Command line tool for testing CRLF injection on a list of domains.

bugbounty cli crlf fuzzer fuzzing security-vulnerability

Last synced: 14 Apr 2025

https://github.com/R0X4R/D4rkXSS

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

bugbounty bughunter bughunting ethical-hacking hacking javascript xss-exploitation xss-filter xss-vulnerability

Last synced: 11 Jul 2025

https://github.com/oliverwiegers/pentest_lab

Local penetration testing lab using docker-compose.

bug-bounty bugbounty docker docker-compose penetration-testing pentest

Last synced: 22 Apr 2025

https://github.com/yevh/vulnplanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 02 Jul 2025

https://github.com/kh4sh3i/smartrecon

smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter

bug-bounty-automation bugbounty dnsgen eyewitness feroxbuster hackerone hacking httprobe httpx massdns penetration-testing pentest pentest-scripts recon reconnaissance redteam shuffledns sqlmap subfinder tools

Last synced: 30 Apr 2026

https://github.com/xer0times/SQLi-Query-Tampering

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

bug-bounty bugbounty bughunting burp-extensions burp-plugin burpsuite burpsuite-pro evasion payload-generator pentesting pentesting-tools sqli sqlinjection

Last synced: 07 Sep 2025

https://github.com/gwen001/dataextractor

A Burp Suite extension to extract datas from source code while browsing.

bugbounty burpsuite pentesting private python secrets security-tools

Last synced: 20 Aug 2025

https://github.com/al-sultani/prokzee

A cross-platform desktop application for HTTP/HTTPS traffic interception and analysis, built with Go. Features modern UI, traffic manipulation tools, request resending, fuzzing capabilities, and AI-powered analysis.

bug-bounty bugbounty go hacking network-analysis open-source security security-audit wails

Last synced: 09 Mar 2026

https://github.com/yevh/VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 04 Sep 2025

https://github.com/RossGeerlings/webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

attack-surface bugbounty bugbounty-tool cybersecurity footprinting information-gathering infosec pentest-scripts pentest-tools pentesting pentesting-tools recon reconnaissance security security-tools

Last synced: 12 Jul 2025

https://github.com/ehrishirajsharma/swiftness

A note-taking macOS app for penetration-testers.

bugbounty macos security-tools vulnerability-management

Last synced: 27 Jul 2025

https://github.com/m0nad/dns-discovery

DNS-Discovery is a multithreaded subdomain bruteforcer.

bugbounty c dns multithreading network network-analysis security security-tools

Last synced: 12 Apr 2025

https://github.com/azathothas/toolpacks

📦 Largest Collection of Multi-Platform (Android|Linux|Windows) Pre-Compiled (+ UPXed) Static Binaries (incl. Build Scripts) :: https://bin.ajam.dev

aarch64 android arm64 binary bug-bounty bugbounty executable golang linux musl pentest-tool pre-compiled rust static static-binary statically-linked tools upx windows x86-64

Last synced: 05 Apr 2025

https://github.com/IamLucif3r/Bug-Hunting

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

bug bug-bounty bug-bounty-hunters bug-bounty-reconnaissance bug-bounty-tips bug-hunting bug-reporting bugbounty bugreport methodologies

Last synced: 11 May 2025

https://github.com/ksharinarayanan/SourceWolf

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

automation broken-link-hijacking bugbounty fuzzing osint reconnaissance wordlist

Last synced: 20 Apr 2025

https://github.com/j3ssie/goverview

goverview - Get an overview of the list of URLs

browser bugbounty chromedp favicon favicon-generator infosec recon screenshot security

Last synced: 23 Jul 2025

https://github.com/belane/CloudHunter

AWS, Azure, Alibaba and Google bucket scanner

alibaba aws azure bucket bugbounty fuzzer google-cloud security-tools

Last synced: 06 Apr 2025

https://github.com/belane/cloudhunter

AWS, Azure, Alibaba and Google bucket scanner

alibaba aws azure bucket bugbounty fuzzer google-cloud security-tools

Last synced: 17 Oct 2025

https://github.com/MichaelStott/CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

bugbounty cli crlf fuzzer fuzzing security-vulnerability

Last synced: 13 Mar 2025

https://github.com/0xTeles/jsleak

a Go code to detect leaks in JS files via regex patterns

bugbounty golang scanner security

Last synced: 11 Jul 2025

https://github.com/noraj/bb-legal-fr

Quelques conseils autour des obligations légales, fiscales et juridique pour la pratique du Bug Bounty en France

bug-bounty bugbounty fiscal juridical legal

Last synced: 19 Feb 2026

https://github.com/Anof-cyber/ParaForge

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

bug-bounty bugbounty burp-extensions burpsuite cybersecurity pentesting pentesting-tools python

Last synced: 13 May 2025

https://github.com/anof-cyber/paraforge

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

bug-bounty bugbounty burp-extensions burpsuite cybersecurity pentesting pentesting-tools python

Last synced: 07 Apr 2025

https://github.com/blackhatethicalhacking/XSSRocket

XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.

bugbounty cybersecurity hacking infosec offensive penetration-testing pentesting xss xss-attacks xss-detection xss-exploitation xss-scanner xss-vulnerability

Last synced: 18 Jul 2025

https://github.com/pikpikcu/nodesub

Nodesub is a command-line tool for finding subdomains in bug bounty programs

bugbounty recon subdomains

Last synced: 20 Jan 2026

https://github.com/rotemreiss/uddup

Urls de-duplication tool for better recon.

bugbounty recon reconnaissance url url-parsing

Last synced: 12 Jul 2025

https://github.com/blackhatethicalhacking/xssrocket

XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.

bugbounty cybersecurity hacking infosec offensive penetration-testing pentesting xss xss-attacks xss-detection xss-exploitation xss-scanner xss-vulnerability

Last synced: 14 Jul 2025

https://github.com/roys/cewler

CeWLeR - Custom Word List generator Redefined. CeWL alternative in Python, based on the Scrapy framework.

bugbounty crawler reconnaissance spider

Last synced: 05 Apr 2026

https://github.com/joshkar/X-Recon

A utility for detecting webpage inputs and conducting XSS scans.

bugbounty bughunting hunt xss xss-scanner xssscan

Last synced: 20 Apr 2025

https://github.com/p0dalirius/ldap2json

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

active-directory analysis bugbounty export json ldap pentesting

Last synced: 05 Apr 2025

https://github.com/aydinnyunus/PassDetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

bash bugbounty bugbounty-tool bugbountytips golang hacking kali kali-linux kali-linux-hacking linux red-team security security-tools shell shell-script zsh

Last synced: 06 Apr 2025

https://github.com/SKVNDR/FastDork

⚡Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...

bugbounty bugcrowd chrome cybersecurity dork extension fastdork google hackerone intigriti pentest-tool

Last synced: 11 Jul 2025

https://github.com/gwen001/keyhacks.sh

Automation of tokens/api keys testing.

bash bugbounty key pentesting secrets security-tools shell token

Last synced: 09 May 2025

https://github.com/0xdekster/deksterecon

Web Application recon automation

automation bugbounty recon security-tools whitehat-tools

Last synced: 12 Jul 2025

https://github.com/0xAwali/Blind-SSRF

Nuclei Templates to reproduce Cracking the lens's Research

blindssrf bugbounty nuclei nuclei-templates ssrf web-security

Last synced: 11 Jul 2025

https://github.com/blackhatethicalhacking/ssrfpwned

Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

bugbounty hacking redteam ssrf ssrf-tool

Last synced: 04 Jul 2025

https://github.com/Escape-Technologies/graphinder

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

bugbounty finder graphql osint reconnaissance security spider subdomain-enumeration subdomain-scanner

Last synced: 31 Mar 2025

https://github.com/aydinnyunus/passdetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

bash bugbounty bugbounty-tool bugbountytips golang hacking kali kali-linux kali-linux-hacking linux red-team security security-tools shell shell-script zsh

Last synced: 04 Aug 2025

https://github.com/DonatoReis/Secbuild

An automation tool to install the most popular tools for bug bounty or pentesting.

automation blueteam bugbounty hacker installer pentest pentesting recon reconnaissance redteam

Last synced: 21 Jul 2025

https://github.com/jcsec-security/solidity-security-course-resources

Course material about common vulnerabilities, security and audits of Solidity smart contracts that I use during my lectures

audit beginner bug bugbounty contract ethereum evm security smart smart-contracts smartcontract solidity vulnerabilities

Last synced: 07 Apr 2025

https://github.com/ghsec/ghsec-jaeles-signatures

Signatures for jaeles scanner by @j3ssie

bugbounty security

Last synced: 16 Jan 2026

https://github.com/victoni/Bug-Bounty-Scripts

The scripts I write to help me on my bug bounty hunting

bug-bounty bugbounty hacking

Last synced: 27 Sep 2025

https://github.com/lissy93/bug-bounties

⚔️ A compiled list of companies who have active programs for responsible disclosure

bugbounty security

Last synced: 05 Apr 2025

https://github.com/hahwul/regexpassive

🔭 Collection of regexp pattern for security passive scanning

bugbounty collection hacking passive-scan passive-vulnerability-scanner patterns regex regexp security

Last synced: 09 Feb 2026

https://github.com/Anof-cyber/Pentest-Mapper

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

appsec bugbounty burp burp-extensions burp-plugin burpsuite burpsuite-extender burpsuite-tools infosec pentesting

Last synced: 13 May 2025

https://github.com/kacakb/jsfinder

Fetches JavaScript files quickly and comprehensively.

bugbounty hacking hacking-tool infosec pentesting recon

Last synced: 17 Jan 2026

https://github.com/anof-cyber/pentest-mapper

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

appsec bugbounty burp burp-extensions burp-plugin burpsuite burpsuite-extender burpsuite-tools infosec pentesting

Last synced: 23 Feb 2026

https://github.com/mr-rizwan-syed/chomtesh

CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, making it a valuable asset for bug bounty hunters and penetration testers.

bug-bounty bugbounty enumeration information-gathering nmap penetration-testing-framework penetration-testing-tools pentesting recon reconnaissance scanner subdomain

Last synced: 22 Feb 2026

https://github.com/BitTheByte/Eagle

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

bugbounty bugcrowd cve ftp hackerone hacking python ssrf takeover xss

Last synced: 02 Apr 2025

https://github.com/hahwul/mzap

⚡️ Multiple target ZAP Scanning

bugbounty dast hacking security zaproxy zaproxy-automation

Last synced: 28 Feb 2026

https://github.com/hahwul/hack-pet

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

bugbounty bugbountytips command-line-manager go golang hacking pet snippets tool

Last synced: 27 Jan 2026

https://github.com/eslam3kl/crtfinder

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

bugbounty crt penetration-testing python

Last synced: 07 Apr 2025

https://github.com/r0x4r/bhedak

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

bash-script bugbounty python-regex python3 regex sed

Last synced: 20 Aug 2025

https://github.com/random-robbie/AWS-Scanner

Scans a list of websites for Cloudfront or S3 Buckets

aws-s3 aws-scanner bugbounty s3-bucket vunerable-devices

Last synced: 11 Jul 2025

https://github.com/random-robbie/aws-scanner

Scans a list of websites for Cloudfront or S3 Buckets

aws-s3 aws-scanner bugbounty s3-bucket vunerable-devices

Last synced: 08 Oct 2025

https://github.com/Fadavvi/Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

bug-bounty bugbounty recon reconnaissance red-team red-teaming subdomain subdomain-brute subdomain-bruteforcing subdomain-enumeration subdomain-finder web-recon web-reconnaissance

Last synced: 12 Jul 2025

https://github.com/rishuranjanofficial/JWTweak

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

application-security appsec authentication authorization automation bugbounty jwt jwt-algorithm jwt-algorithm-confusion-attack jwt-tokens pentesting python security-enthusiasts vulnerability-assessment

Last synced: 11 Jul 2025

https://github.com/s7safe/android-h1

移动安全漏洞挖掘专家SKILL,基于 HackerOne 真实报告的移动安全漏洞挖掘知识库,提供 Android 和 iOS 应用的漏洞挖掘手法、技术细节和代码模式分析。

android android-app bug-bounty bugbounty hackerone skill

Last synced: 11 Jun 2026

https://github.com/R0X4R/bhedak

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

bash-script bugbounty python-regex python3 regex sed

Last synced: 12 Jul 2025

https://github.com/osamahamad/payout-targets-data

Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.

bugbounty bugbounty-tool recon reconnaissance security-automation security-tools

Last synced: 01 Apr 2026

https://github.com/gwen001/related-domains

Find related domains of a given domain.

bugbounty dns domains pentesting python security-tools

Last synced: 09 May 2025

https://github.com/kostas-pa/LFITester

LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.

bugbounty crawler cybersecurity enumeration exploitation fuzzing hacking lfi lfi-detection lfi-exploitation lfi-vulnerability penetration-testing penetration-testing-tools pentest-tool pentesting python web-hacking webhacking

Last synced: 12 Jul 2025

https://github.com/thehlopster/hfuzz

Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.

bugbounty fuzz fuzzing hacking pentesting security web-fuzzing wordlist

Last synced: 21 Apr 2025

https://github.com/htrgouvea/spellbook

Framework for rapid development of offensive security tools

bugbounty ctf exploit framework offensive-security pentest perl security security-tools

Last synced: 03 Sep 2025

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,312 Cross Site Scripting (XSS) 2,111 Others 1,678 Go 1,219 Java 889 Uncategorized 733 Shell 700 JavaScript 675 C 521 Weapons 501 C# # 439 Remote Code Execution (RCE) 429 C++ 410 Android 356 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183