Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/jcsec-security/cosmwasm-security-spotlight

Posts and labs to learn CosmWasm smart contract security vulnerabilities and audit

audit blockchain bug bugbounty contract cosmos cosmossdk cosmwasm ctf dapp defi hacking rust security smart smartcontract vulnerabilities

Last synced: 26 Oct 2025

https://github.com/proditis/mini-tools

A collection of mini tools and snippets for various purposes

bugbounty csp cybersecurity dns hacking sni snippets

Last synced: 14 Apr 2025

https://github.com/robotshell/orhound

ORHound is a tool written in Python whose main function is to find possible Open Redirects on a target using Google Dorks

bugbounty dork google hacking infosec pentesting python

Last synced: 17 Oct 2025

https://github.com/sammakumbe/burp-idor

A powerful Python tool for identifying Insecure Direct Object Reference (IDOR) vulnerabilities in Burp Suite traffic exports.

ai bugbounty burp burp-suite hacking heuristics hugging-face huggingface idor python qa security testing yaml

Last synced: 04 May 2026

https://github.com/cyfare/cyfare-reconner

Advanced Link Reconnaissance Extension For Firefox

advance ai bugbounty extension firefox link recon urls

Last synced: 14 Mar 2026

https://github.com/dubs3c/assetnote

Push notifications for passive DNS data

bugbounty domains osint

Last synced: 10 Mar 2025

https://github.com/acuciureanu/png-payload-injector

CLI tool for embedding XSS payloads in PNG files.

bugbounty bugbounty-tool bugbountyhunting security-automation

Last synced: 21 Jul 2025

https://github.com/archethic-foundation/bug-bounty

Archethic Community Bug Bounty Program

archethic blockchain bugbounty mainnet

Last synced: 07 Feb 2026

https://github.com/zebbern/dorkingwordlists

🧾 | Google Dorks for automation and manual search a list containing my most used dorks in bug bounty and pentesting!

bugbounty dorking dorking-list dorks exploit googe-dorking google google-hacking google-search google-sheets hacking osint osint-list pentest pentesting search-engine searching-algorithms wordlist worlists

Last synced: 31 Jan 2026

https://github.com/z3n70/CVE-2021-41277

simple program for exploit metabase

bugbounty cybersecurity exploit metabase ruby

Last synced: 10 Mar 2025

https://github.com/ropwareJB/jwtfuzz

Library for fuzzing & attacking JSON Web Tokens (JWTs). Bindings for other languages included.

bug-bounty bug-bounty-tools bugbounty fuzz fuzzing hacking hacking-tool jwt jwt-token pentesting pentesting-tools security

Last synced: 10 Mar 2025

https://github.com/qbraid/community

Where qBraid users discuss, report bugs and submit feature requests.

bugbounty bugs discussion feature-requests

Last synced: 02 Jan 2026

https://github.com/d3mondev/cidrex

A command-line utility for expanding CIDR ranges with support for IPv6.

bugbounty cidr cidr-range ipv4 ipv6

Last synced: 14 Feb 2026

https://github.com/CasperGN/GoHead

Get interesting http headers, internal IPs, possible endpoints from target(s) and search JS files for juicy info

bugbounty headers http http-requests probe

Last synced: 11 Jul 2025

https://github.com/4lch3mis7/xml-hydra

XML-Hydra is a tool to bruteforce user passwords via public facing XML-RPC interface in a Wordpress application.

amplification bruteforce bugbounty golang password password-attack pentesting-tools vapt wordpress xml-rpc

Last synced: 13 Mar 2026

https://github.com/opcod3r/godan

Shodan tool subdomains with rotation keys.. 🎩

bugbounty bugbounty-tool golang pentest recon security shodan subdomains

Last synced: 18 Jun 2025

https://github.com/root-tanishq/pscrap

multi processed parameter scrapper

bugbounty hacking pentesting python scrapping security web

Last synced: 14 Apr 2025

https://github.com/simpuar/gitlab-cve-scanner

Python tool to detect GitLab version, check CVEs for it and generate report

bugbounty cve-search fingerprint gitlab penetration-testing-tools vulnerability-detection

Last synced: 13 Apr 2025

https://github.com/zebbern/gui-dorking

🕵️‍♂️ | Powerful tool for Google Dorking, Web Scraping, and Archive Searching. Designed for speed and efficiency with a Gui. Perfect for OSINT researchers

automation bugbounty bugbounty-tool dorking dorks gathering-data google-hacking gui hacker history-search osint osint-tool pentest python tool toolkit urls

Last synced: 14 Apr 2025

https://github.com/edivangalindo/slack-test

A little tool to fastly test if Slack tokens are valid

bugbounty bugbounty-tool infosec leaked slack

Last synced: 25 Jan 2026

https://github.com/rix4uni/jscrawler

Fetches javascript file from a list of URLS or subdomains.

bugbounty hacking javascript pentesting recon reconnaissance urls

Last synced: 18 Apr 2026

https://github.com/shricodev/reconi

This repository contains my shell script for automating recon.

automation bash-script bugbounty bugbounty-tool linux reconnaissance

Last synced: 09 Apr 2025

https://github.com/l0wk3y-iaan/hunting-with-l0wk3y

This repository documents my path from cybersecurity enthusiast to a skilled bug bounty hunter. Here, I share the tools, resources, techniques, and real-world insights I've gathered along the way, aimed at uncovering vulnerabilities and improving application security.

bounty bug-bounty bugbounty cheatsheet enumeration hacking methodology penetration-testing pentest redteam security vulnerability web-application web-penetration-testing

Last synced: 13 Sep 2025

https://github.com/Sharpforce/cybersecurity

GitHub for my GitBook : https://sharpforce.gitbook.io/cybersecurity/

bugbounty challenge cybersecurity owasp pentest training vulnerability web

Last synced: 28 Sep 2025

https://github.com/ElSicarius/Hacks

toolset for various purposes.

bugbounty bugbounty-tool hacking hacking-tools

Last synced: 10 Mar 2025

https://github.com/hahwul/buildpack-zap-daemon

zap(zed attack proxy) daemon mode buildpack of heroku

bugbounty hacking heroku-buildpack security zap

Last synced: 19 Apr 2025

https://github.com/wfinn/ucors

tool that scans for CORS bypasses

bugbounty bypass cors pentesting vulnerability-scanners

Last synced: 12 Jan 2026

https://github.com/mathis2001/wappassivescan

Passive Vulnerability Scanner working with Wappalyzer API and MITRE CVE search functionnality.

bugbounty bugbounty-tool cve mitre passive-vulnerability-scanner pentest pentest-tool pentesting pentesting-tools wappalyzer

Last synced: 08 Jun 2026

https://github.com/mathis2001/Reflection

Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)

bugbounty parameters pentest reflected

Last synced: 10 Mar 2025

https://github.com/xalgord/source-scraper

Scrape Source Code of sensitive files like js, jsp, aspx, json and php using curl.

bugbounty curl scraper sensitive-data-exposure

Last synced: 03 Jul 2025

https://github.com/mathis2001/reflection

Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)

bugbounty parameters pentest reflected

Last synced: 23 Apr 2025

https://github.com/n0kovo/random-agent

Simply output a random user-agent. Use it with tools that don't have a --random-agent flag. Like `random-agent` or $(random-agent)

appsec bug-bounty bug-bounty-tools bugbounty bugbounty-tool bugbountytools fuzzer fuzzing infosec infosectools pentesting pentesting-tools redteam-tools web-app-security webfuzzer

Last synced: 04 Feb 2026

https://github.com/pvnotpv/url-tree

Tool to generate a tree from a list of urls with color for each nodes.

bugbounty endpoint-discovery mitmproxy-addons pentesting pentesting-tools recon reconnaissance tree urls

Last synced: 16 Mar 2025

https://github.com/pvnotpv/bbrsmend.sh

Fetches the latest bugbounty programs on major platforms from kleoz's bbradar.io and sends notification every N hours, also a notification when a new program is released.

bugbounty bugbounty-program pentesting pentesting-tools reconnaissance

Last synced: 16 Mar 2025

https://github.com/codeb0ss/cve-2023-20073-

Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]

0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router

Last synced: 10 Sep 2025

https://github.com/markgacoka/r3c0n

A tool for performing reconnaissance on web targets in Python

bugbounty cybersecurity library python recon reconnaissance reconnaissance-framework

Last synced: 05 Jul 2025

https://github.com/ibrahimsql/gobypass403

GoBypass403: Most powerful 403 Forbidden bypass tool built in Go. Breaks through WAF protection using 300+ advanced techniques including header manipulation, path traversal, and unicode normalization. Used by security researchers worldwide.

access-bypass access-control bugbounty ethical-hacking-tools golang http-headers http-security path-traversal penetration-testing security security-scanner security-tools web-pentesting web-security web-vulnerability

Last synced: 18 Jun 2025

https://github.com/edivangalindo/circle-test

A little tool to fastly test if CircleCI tokens are valid

bugbounty bugbounty-tool circleci infosec leaked-secrets redteam

Last synced: 12 Jan 2026

https://github.com/jeninsutradhar/bug-bounty-command-arsenal

A comprehensive collection of 100 essential commands for ethical hacking and bug bounty hunting. This arsenal covers various aspects of security testing, including domain enumeration, vulnerability scanning, and more.

bug-bounty bug-bounty-tools bugbounty command-line ethical-hacking linux

Last synced: 21 Feb 2026

https://github.com/geeknik/scada-scanner

A high-performance, asynchronous SCADA/ICS scanner

bug-bounty bugbounty ics infosec scada scanner security

Last synced: 28 Apr 2025

https://github.com/ravro-ir/ravro_dcrpt

ravro_dcrpt - Decrypt secret report files ravro

bugbounty golang golang-examples openssl ravro vulnerabilities

Last synced: 12 Jan 2026

https://github.com/demon1a/hogger

Simple Tool Written In Python3 Works On Scraping User's Github Repositories And Pass Them Into trufflehog To Scan Them Against Possible Data Leaks.

automation bugbounty bugbounty-tool github hacking-tool leaks python3 trufflehog

Last synced: 02 Apr 2025

https://github.com/edivangalindo/dwlr

dwlr is a fast downloader written in go

bugbounty bugbounty-tool downloader infosec recon

Last synced: 25 Jan 2026

https://github.com/claunch3r/cf-finder

A utility that determines whether an IP address belongs to Cloudflare

bugbounty cli cloudflare cybersecurity http pentest-tool pentesting

Last synced: 23 Feb 2026

https://github.com/edivangalindo/gistz

An easy way to dump gists

bugbounty osint red-team secrets security

Last synced: 25 Jan 2026

https://github.com/shriyanss/vhost-master

Command line utility to hunt for Virtual Hosts

bugbounty bughunting cybersecurity infosec webappsecurity

Last synced: 18 Jan 2026

https://github.com/ant4g0nist/chronometry

Chronometry, a transparent and cryptographically verifiable proof-of-hack signature store

bugbounty chronometry golang hacking proof-of-hack

Last synced: 15 Mar 2025

https://github.com/luddekn/crtsh-list

Grabbing the results from a crt.sh search

bug-bounty bugbounty crt crt-sh crtsh enumeration python python3 tool web web-enumeration

Last synced: 22 Aug 2025

https://github.com/mathis2001/lightraversal

LighTraversal is a tool designed to find basic directory traversal vulnerabilities

bugbounty lfi path-traversal pentest

Last synced: 15 Jun 2025

https://github.com/zebbern/regex-crawler

Regex Web Crawler that searches on custom regexes meanwhile crawling each site to find the information your looking for!

bug-bounty bugbounty crawler information-gathering information-retrieval osint osint-tool pentest python regex regex-engine regex-match regex-pattern regex-tool toolkit tools website

Last synced: 14 Apr 2025

https://github.com/SecShiv/ffuf-outputter

A cleaner way to save my ffuf output - consider combining it with ffuf easily.

automation bugbounty bugbounty-tool bughunter cybersecurity directoryfuzzer ffuf fuzzer hacking output python3 tools tools-and-automation

Last synced: 01 May 2025

https://github.com/h3xploit0x1/scopewatcher

Find BugBounty Programs From HackerOne - BugCrowd - YesWeHack - Intigriti.

bugbounty bugbounty-tool ethical-hacking tools

Last synced: 28 Feb 2026

https://github.com/hunthubspace/exploit-tracker

A script designed to automatically discover new exploits and save results to a file or integrate with your Discord server. Also search for exploits related to specific CVEs of your choice.

bugbounty cve ethical-hacking exploit penetration-testing-tools web

Last synced: 15 Oct 2025

https://github.com/harsh-katiyar/scripthound

A simple Python utility to search for Nmap script files (or any files) in a given directory. Displays results in a clean tabular format.

bugbounty cybersecurity infosec nmap osint pentesting recon redteam

Last synced: 01 Sep 2025

https://github.com/rix4uni/favinfo

favinfo scrapes favicon in HTML code and many other different ways.

bugbounty favicon favicon-generator favicon-hash favicon-hash-generator favicon-recon recon recon-tool reconnaissance

Last synced: 05 Jun 2026

https://github.com/jordyv/reconstore

Reconstore is a tool for saving and querying your recon data

bugbounty recon reconnaissance

Last synced: 16 Jan 2026

https://github.com/aviksaikat/bug-bounty-essentials

All the tools you need for webapp pentesting & bug bouty hunting

bug-bounties bug-bounty-tools bugbounty bugbounty-tool linux tools

Last synced: 18 Mar 2025

https://github.com/mrnazu/tryhackme-ctf-s

Capture the Flag (CTF) is a cybersecurity competition that is used as a test of security skills.

bugbounty burpsuite csrf ctf-writeups idor openredirect rce recon sqlinjection tryhackme webhacking xss-vulnerability xxe-injection

Last synced: 26 Apr 2026

https://github.com/lord3ver/gctsubdomains

Discover subdomains in Certificate Transparency logs using Google's Transparency Report

bugbounty go osint penetration-testing pentest recon subdomain subdomain-enumeration

Last synced: 12 Jan 2026

https://github.com/pocdork/gitdomain

Discover endpoints using companies GitHub Repositories name

bugbounty bugbounty-tool hacking infosec

Last synced: 12 Jul 2025

https://github.com/tigthor/hacktoolkit

Simplified Tool for Global Hackers. From Information Gathering to Exploitation and maintaining access

automation bugbounty hacking pentest pentest-tool

Last synced: 16 Mar 2025

https://github.com/bruston/sonar

Subdomain enumeration via the JSON API provided by https://sonar.omnisint.io/ which uses the Rapid7 dataset.

bugbounty infosec

Last synced: 24 Jan 2026

https://github.com/n0kovo/dnsplz

A simple Bash script that resolves a list of domains from stdin to IP addresses and prints them to stdout

bug-bounty bugbounty dns dns-enum dns-enumeration dns-lookup dns-lookups dns-reconnaissance dns-requests dns-resolver

Last synced: 04 Feb 2026

https://github.com/mathis2001/gitdiscloser

Python recon tool for Github information disclosure research

bugbounty github pentesting recon

Last synced: 15 May 2026

https://github.com/mathis2001/GitDiscloser

Python recon tool for Github information disclosure research

bugbounty github pentesting recon

Last synced: 10 Mar 2025

https://github.com/hunthubspace/cve-2024-3105-poc

A PoC Exploit for CVE-2024-3105 - The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress Remote Code Execution (RCE)

bugbounty cve cve-2024-3105 ethical-hacking exploit penetration-testing web

Last synced: 28 Jan 2026

https://github.com/i5nipe/nicloud

Brute force public AWS, GCP, and DigitalOcean cloud services.

bugbounty bugbounty-tool infosec

Last synced: 17 Jan 2026

https://github.com/proditis/BugBounty-Journal

The journal of a unix geek taking its first steps into the BugBounty world...

bugbounty funny journal

Last synced: 10 Mar 2025

https://github.com/bassammaged/lazyGitleaks

Do you interested in finding secrets? Are you depending on gitleaks tool? Do you usually perform large scan scales against different repositories? No worries. lazyGitleaks comes to automate the scan and use a custom .toml template to find the juicy secrets living in repositories

bug-hunting bugbounty penetration-testing-tools secrets-scan security-tools version-control

Last synced: 10 Mar 2025

https://github.com/muhammadwaseem29/cve-2025-1661

HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion (LFI)

bugbounty cve-2025-1661 cyber-security exploit

Last synced: 11 Jan 2026

https://github.com/mrofisr/wordlist

Wordlist Collection for Security

bruteforce bugbounty database hacking wordlist

Last synced: 14 Sep 2025

https://github.com/rtfmkiesel/drivebyte

A blazingly fast, cross-os cli tool to discover and take automated screenshots of websites

bugbounty chrome chromium discovery golang

Last synced: 14 Apr 2025

https://github.com/dewebdes/wide-bounty

AI-Driven Recon & Bug Bounty Toolkit

ai bugbounty dns hunt mass narrow prompt recon search tools wide

Last synced: 14 Oct 2025

https://github.com/Proviesec/nlp-website-string-miner-for-fuzzing

Find all keywords for your subdomain or folder search

bug-bounty bugbounty cybersecurity fuzzing security security-tools

Last synced: 10 Mar 2025

https://github.com/yogsec/cybersecurity-vulnerability-cheatsheet

CyberSecurity-Vulnerability-CheatSheet is a comprehensive guide for bug bounty hunters, ethical hackers, and developers. It covers 100+ web application vulnerabilities, including authentication, cryptography, business logic flaws, and DoS, with actionable insights, tools, and examples to enhance security assessments.

bug-bounty-tips bugbounty bugbounty-cheatsheet bugbounty-tips bugs-cheatsheet cheetsheet cheetsheets cybersecurity-cheatsheet hackers hackers-cheatsheet hacking hacking-cheatsheet hacking-tips hacking-tool hacking-tools hacking-vulnerabilities vlunerability-cheatsheet

Last synced: 05 Mar 2026

https://github.com/pwnb0y/BugBounty-Scripts

Quick scripts to make life easier of a Hacker 😎

bash-script bugbounty vps-setup

Last synced: 10 Mar 2025

https://github.com/hunthubspace/ssm-subscopemongo

SubScopeMongo is a Python-based command-line tool that helps you manage domains and subdomains in workspaces using an MongoDB database.

automation bugbounty bugbounty-tool cybersecurity database ethical-hacking mongodb penetration-testing python

Last synced: 14 Feb 2026

https://github.com/dubs3c/kollab

Partner in crime

bugbounty hacking-tool

Last synced: 26 Jan 2026

https://github.com/ieozfr/wordpress-sqli-scanner

EN: Automated WordPress SQL Injection vulnerability scanner and database dumper using Google Dorks, threading, proxy support, and sqlmap integration. TR: Google Dorklar, çoklu tarama ve proxy desteği ile WordPress SQL Injection zaafiyetlerini tespit eden ve veritabanı bilgilerini otomatik çeken Python aracı.

automation bugbounty ethical-hacking open-source pentest python sql-injection sqlmap vulnerability-scanner web-hacking web-security wordpress

Last synced: 14 Feb 2026

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,313 Cross Site Scripting (XSS) 2,115 Others 1,677 Go 1,218 Java 888 Uncategorized 729 Shell 700 JavaScript 675 C 520 Weapons 499 C# # 439 Remote Code Execution (RCE) 431 C++ 410 Android 355 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183