Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/incogbyte/lazyorigin

Find Origin IP Behind WAFs

bugbounty bugbounty-tool golang infosec pentesting

Last synced: 04 Jul 2025

https://github.com/gigachad80/mailansh

OSINT tool to extract contributor's email from GitHub/ Tea / Lab & Bitbucket repos

bitbucket bugbounty contributors email gigachad80 gitea github gitlab mail osint repo repos repository

Last synced: 13 Sep 2025

https://github.com/h3xploit0x1/url-gatherer

Simple Bash Script To Gather URL From Target. Useful For BugBounty.

bugbounty ethical-hacking hacking pentesting tool

Last synced: 20 Jun 2026

https://github.com/hoshigakikisame/hostprobe

Host Probe is a Python script that simplifies host discovery using ICMP ping. It enables users to determine the status of a list of IP addresses or domain names, helping identify hosts that are online (UP) or offline (DOWN).

bugbounty cybersecurity prober

Last synced: 16 May 2026

https://github.com/ichbinbork/JS_lookup

Tool that helps javascript source code analysis processes

bugbounty codereview websecurity

Last synced: 10 Mar 2025

https://github.com/sysevil/rusho

subdomain tool cli for shodan by Rust lang

bugbounty hacking hacking-tool recon reconnaissance rust rust-lang subdomain-enumeration

Last synced: 03 Apr 2025

https://github.com/demon1a/github-subdomains

Github-subdomains fork that supports custom timeout for the Github API

bugbounty github-subdomains recon reconnaissance

Last synced: 25 Aug 2025

https://github.com/xprnvd/ipgr

ipgr (short for "IP grep") is a command-line program that extracts IP addresses from stdin/file, with filters available for v4, v6, Public, Private IP address.

bugbounty bugbounty-tool cli-app grep-like

Last synced: 20 Jul 2025

https://github.com/amitlttwo/url-grabber-scanner

A powerful tool for cybersecurity professionals to automate URL, endpoint, JavaScript file, and parameter extraction from sources like Common Crawl, AlienVault OTX, URLScan.io, SecurityTrails.

amitlt2 bugbounty bugbountytips cybersecurity golang hacking pentesting python3 scanner url-fuzzer

Last synced: 19 Apr 2026

https://github.com/hunthubspace/bb-bugbountybash

This repository contains a collection of custom Bash functions designed to streamline and enhance the bug bounty hunting process.

automation bash-scripting bugbounty penetration-testing penetration-testing-tools

Last synced: 31 Jan 2026

https://github.com/SecShiv/JSurlextractor

A simple bash script to extract more urls from js endpoints

bugbounty endpoints extractor javascript jsextractor

Last synced: 18 Sep 2025

https://github.com/johnsaigle/hacking-toolkit

A collection of hacking utilities. Useful for CTFs and bug bounties.

bugbounty ctf-tools hacking penetration-testing

Last synced: 19 Apr 2026

https://github.com/mathis2001/EzComments

EzComments is a tool allowing you to get all html and js comments of each url given to him

bugbounty comments pentest recon

Last synced: 10 Mar 2025

https://github.com/unsecured-company/gitrip

Tool to download exposed GIT repository, written in Golang.

bugbounty git offensive-security penetration-testing pentesting security

Last synced: 02 May 2026

https://github.com/ero-hack/bypassxss

A curated collection of advanced XSS bypass techniques, including WAF evasions, framework-specific payloads, and real-world bug bounty cases.

bugbounty bypass dork erohack xss xss-attacks xss-bypass xss-dorks

Last synced: 08 Feb 2026

https://github.com/dxsk/dotenv-sec

Pentest environment launcher: one CLI for tmux sessions, MITM proxy, isolated Chromium, and Exegol integration. Security-hardened Docker images with CI/Trivy scanning.

automation bugbounty chromium cli docker dotenv exegol mitmproxy offensive-security pentesting security-tools tmux

Last synced: 20 Jun 2026

https://github.com/cbrnrd/lacewing

🦗Your neighborhood bug bounty assistant

bug bugbounty bugcrowd hackerone ruby rubygems

Last synced: 29 Jul 2025

https://github.com/siuxsa/url_filter_pro

Save time by avoiding repeated testing of the same functionality.

bugbounty linux penetration-testing-tools pythontools

Last synced: 18 Apr 2026

https://github.com/l0wk3y-iaan/portswigger-academy-tracker

This script dynamically tracks your PortSwigger Academy progress and generates a markdown table for you.

academy bugbounty penetration-testing pentesting portswigger security security-tools tools web-penetration-testing web-security

Last synced: 02 Mar 2026

https://github.com/macmod/forever

A simple tool that generates SSH command-line arguments to forward local addresses to multiple remote targets.

bugbounty pentest port-forwarding redteam ssh tools

Last synced: 26 Mar 2025

https://github.com/gigachad80/checklist

The only bug hunting checklist you need with 13 comprehensive phases & 400+ specific test cases organized by category

bug-hunting bug-hunting-checklist bugbounty bugbountytips checklist checklists ethical-hacking pentesting readme reconnaissance web-application-security

Last synced: 12 Feb 2026

https://github.com/hunthubspace/reconvps

This repository provides a comprehensive guide to setting up a virtual private server (VPS) optimized for the reconnaissance phase of bug bounty hunting.

automation bash-script bugbounty cybersecurity ethical-hacking penetration-testing redteam

Last synced: 04 May 2026

https://github.com/rtfmkiesel/geopipe

A pipeline tool to filter domains by server location

bugbounty golang maxmind

Last synced: 21 Mar 2025

https://github.com/arshadkazmi42/npmdc-poc

NPM Dependency Confusion - PoC

bugbounty confusion dependency infosec npm poc

Last synced: 27 Apr 2026

https://github.com/muhammadwaseem29/cve-2025-29927-poc

Authorization Bypass in Next.js Middleware

bugbounty cve-2025-29927 cyber-security nextjs npm

Last synced: 04 May 2026

https://github.com/siuxsa/github_dork_analyzer

Create your own dork file and provide it as a .txt file. Generate the dork links, then check them one by one or open five links at a time in batches.

bug bugbounty css dorking-tool githubdork githubrecon html javascript tools

Last synced: 13 Apr 2026

https://github.com/Security-Cert/Raccolta-Bug-Bounty

Raccolta di writeup di bug bounty di alta qualità: copre varie vulnerabilità di sicurezza in diversi contesti e fornisce dettagli sui processi di scoperta e sfruttamento dei bug. La sezione è curata da SecurityCert e i suoi collaboratori interni ed esterni.

bugbounty bugbounty-writeups bugbountytips writeups

Last synced: 10 Mar 2025

https://github.com/muhammadwaseem29/intercom-exploit

Identity Verification is not setup on the Intercom widget, allowing an attacker to impersonate a user and access their chat history. reference:

bugbounty cyber-security hacking

Last synced: 01 Apr 2025

https://github.com/wesleya0101/enumerador-de-subdominios

Este é um script simples para enumerar subdomínios de um domínio-alvo usando uma wordlist. Ele realiza consultas DNS para identificar subdomínios válidos e exibe seus respectivos endereços IP.

brute bug bugbounty enumerador pentest pentesting subdomain subdomi subdominios

Last synced: 18 Mar 2025

https://github.com/muhammadwaseem29/cve-2025-31131

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

bugbounty bugbountytips cve-2025-31131 cyber-security

Last synced: 10 Apr 2025

https://github.com/l0n3m4n/huntools

huntools toolkit manager (linux)

bugbounty toolkit-manager web-pentesting

Last synced: 09 Mar 2026

https://github.com/wesleya0101/pip-boy-bug-hunter

Pip-Boy Bug Hunter é uma ferramenta avançada de automação para Bug Bounty, inspirada no visual do Pip-Boy. Executa coleta de subdomínios, enumeração de URLs, fingerprinting de tecnologias, varredura de portas e testes automáticos de XSS, SQLi e LFI, gerando um relatório detalhado ao final.

bugbounty ferramentas recon reconhecimento reconnaissance tool tools

Last synced: 26 Oct 2025

https://github.com/shingareom/pentestingtools

This repository contains a collection of tools designed for automating penetration testing, while also being valuable for manual testing. Leveraging these tools can enhance both the efficiency and effectiveness of your security assessments.

bugbounty pentesting-tools webpentest

Last synced: 19 Mar 2026

https://github.com/kiran-kumar-k3/vulnerability-payload-lists

A curated repository of categorized payloads for testing and exploiting common web vulnerabilities in ethical hacking and penetration testing.

bugbounty command-injection payload-lists payloads sql sqli-payloads vulnerability-testing xss xss-payloads xxe

Last synced: 02 Feb 2026

https://github.com/y-mo4n1ngst3r/evillan

A tool for create encoded payloads and test them on targets

bugbounty bugbounty-tools cybersecurity hacking-tool offensive-security pentesting

Last synced: 21 Jun 2025

https://github.com/rix4uni/nucleihubquery

A bash script that extracts `shodan-query, google-query, censys-query, fofa-query, hunter-query, zoomeye-query` in nucleihub-templates.

bug-bounty bugbounty bugbountytips censys fofa google hacking hunter infosec nuclei nuclei-templates nucleihub-templates osint pentesting recon reconnaissance security security-tools shodan zoomeye

Last synced: 08 Apr 2025

https://github.com/livepwn/liveport

Scan ports which are live and you can give range b/w 1-1024 ports.

bugbounty hacking portscanner portscanner-py tool vulndev

Last synced: 17 Mar 2025

https://github.com/prvvv/submapper

A subdomain enumeration tool designed to find WAF's and 404 pages for takeover and enumeration

404 404-page amazon bug-bounty bugbounty cloudflare python3 subdomain-enumeration subdomain-scanner subdomain-takeover waf-detection

Last synced: 19 May 2026

https://github.com/uwuzone/mass-exec

concurrently run "scripts" and "tools" in aws lambda

aws bugbounty jokes security

Last synced: 11 Apr 2026

https://github.com/GabrielCS0/security-trails

This is a tool to automate the search for subdomains on the website securitytrails.com

bugbounty pentesting python recon subdomains

Last synced: 10 Mar 2025

https://github.com/mathis2001/lightssticheck

LightSSTICheck is a tool designed to find basic SSTI vulnerabilities

bugbounty pentest ssti

Last synced: 11 May 2026

https://github.com/matador-og/huntbot

Autonomous offensive security pipeline — bug bounty, pentesting, red teaming. Install and let AI agents hunt.

ai-agents bug-bounty bugbounty offensive-security pentesting red-team security-automation vulnerability-scanner

Last synced: 03 Jun 2026

https://github.com/lvmalware/cspider

A fast webcrawler/spider written in C

bugbounty c content-discovery webcrawler webspider

Last synced: 30 Oct 2025

https://github.com/zebbern/secfiles

Files i use for penetration tests, security assessments & bug bounty

bug-bounty bugbounty pentest pentesting security security-assessments

Last synced: 11 Jul 2025

https://github.com/yellowie/toolpack

<h1 align="center">[ Tool Pack ]</h1><h4 align="center">[ Simple tool for Building Package, Encrypt, Upload package to public ]</h4><p align="center"><a href="https://github.com/djunekz"><img src="https://img.shields.io/static/v1?style=for-the-badge&logo=github&label=AUTHOR&message=DJUNEKZ&color=blue"></a><a href="https://github.com/djunekz/too

binary bugbounty feature-selection gis grid-unit landslide landslide-susceptibility-mapping league-of-legends linux lsm machine-learning mapping mod pre-compiled qgis rust static x86-64

Last synced: 20 Jan 2026

https://github.com/hoshigakikisame/nwp

Eliminating common domain wildcard instances, by matching similar DNS answer from the corresponding parent.

bugbounty dns dns-lookup hacking recon subdomain

Last synced: 30 Jun 2025

https://github.com/sudosuraj/Dorks

List of Google Dorks for sites that have responsible disclosure program / bug bounty program

bounty bug bugbounty dork dorks google googledorks sudosuraj

Last synced: 10 Mar 2025

https://github.com/samnguyen96/vulnerabilityscanner

Modular vulnerability scanner for web applications. Detect SQL injection, XSS, command injection, and more. Secure your site easily! 🛡️🌐

bugbounty enumeration java-kotlin-vulnerability-detection kotlin kotlin-test masscan network nmap pentesting portscanner postgresql recon ruby scanning tcp vulnerability vulnerability-detection whitebox-testing

Last synced: 04 Jul 2025

https://github.com/dylan-sutton-chavez/bug-bounties

Security research and responsible disclosure reports with reproducible PoCs.

bugbounty redteam security

Last synced: 23 May 2026

https://github.com/jhaxce/origindive

A powerful security analysis tool for discovering real origin server IPs hidden behind CDN/WAF services through both passive reconnaissance and active scanning.

asn bruteforce bugbounty cloudflare golang header origin-ip origindive originfind originipfinder proxy real-ip recon security-tools user-agent waf-bypass

Last synced: 13 Jan 2026

https://github.com/leonardo1101/DIY-Recon

DIY Recon is an automated tool to discovering as many assets related to a target by using the tools pre-defined by the researcher.

automation bugbounty domain-discovery reconnaissance

Last synced: 10 Mar 2025

https://github.com/secwatch92/argusscope

ArgusScope is a modular CLI tool for domain and subdomain enumeration, leveraging Python and MongoDB. Inspired by the all-seeing Argus, it offers pre-auth detection, passive and active discovery, and structured data storage. Ideal for penetration testers and red teamers in lab environments.

argusscope automation bugbounty cli-tool cybersecurity domain-enumeration ethical-hacking infosec mongo osint penetration-testing pentesting python recon subdomain-enumeration

Last synced: 17 Apr 2026

https://github.com/samir897/rust_projects

Every projects made in native rust. This will include some command line interface (CLI) cybersecurity tool that is made by myself.

bugbounty cybersecurity kali rust rustlang subdomain-enumeration

Last synced: 04 Apr 2026

https://github.com/BalaElangovan/Web-App-Security-Automation-Tool

This repository hosts a powerful web app security automation tool developed in Python and Bash scripting. The tool automates essential tasks in web application security testing and reconnaissance, significantly reducing manual effort and time required for these critical processes.

automated-testing bugbounty penetration-testing reconnaissance web-application-security

Last synced: 10 Mar 2025

https://github.com/fakhrifnnn/dir-fuzz

DirFuzz is a powerful directory brute-forcing tool for web servers, designed to discover hidden files and directories using customizable wordlists and various HTTP request options. Perfect for security researchers and web developers! 🔍

awesome bugbounty burpsuite fuzz-tool paper-list pentest python research-paper security testing web-directory web-directory-bruteforcer web-directory-search wordlist

Last synced: 23 Apr 2025

https://github.com/rix4uni/ipfinder

IP Finder tool, ipfinder collects ip address from different sources like Shodan, Zoomeye, Viewdns, dig command, etc.

bug-bounty bugbounty bugbountytips dig hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools shodan threat-intelligence viewdns zoomeye

Last synced: 16 Dec 2025

https://github.com/emrekybs/leaks

bash script to check data leakage on websites

bugbounty discovery leask reconnaissance webpentesting

Last synced: 12 Mar 2025

https://github.com/zwanski2019/zwanski-xss-hunter-v2

A professional-grade web security scanner with an interactive Streamlit UI. Covers XSS (reflected, stored, DOM, blind), CORS misconfigurations, security header auditing, password reset ATO testing, and AI-powered analysis via OpenRouter. Not a toy scanner

bugbounty hackerone xss-attacks xss-vulnerability zwanski

Last synced: 12 Jun 2026

https://github.com/ajay1196/awesome-hacker-search-engines

🔍 Discover a curated list of powerful search engines for penetration testing, vulnerability assessments, and OSINT research.

awesome awesome-readme bugbounty cve cyber domain exploit hacker hacking hacking-tools hacktoberfest osint-tool osint-tools redteam redteaming search-engine security wifi-network

Last synced: 02 Nov 2025

https://github.com/secshiv/jsurlextractor

A simple bash script to extract more urls from js endpoints

bugbounty endpoints extractor javascript jsextractor

Last synced: 16 May 2026

https://github.com/harryhaxor/zigstrike

ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions

2025 binder bugbounty crypter cybersecurity evasion evasion-techniques hacking hacking-tool hacktoberfest hacktoberfest-accepted malware newtools obfuscator ransomware shellcode tools windows

Last synced: 18 Apr 2026

https://github.com/yogsec/osint-tools

The OSINT Framework is a powerful collection of tools and methods designed for open-source intelligence gathering. This framework covers a wide range of categories to help security researchers, investigators, and analysts uncover crucial information effectively.

bugbounty bugbountytips bugbountytools cybersecurity cybersecurity-education hackerone hacking-tools kali-linux open-source-intelligence osint osint-framework osint-kali osint-resources osint-tool osint-tool-list osint-toolkit osint-tools osint-tools-list osinttools yogsec

Last synced: 03 Jan 2026

https://github.com/demon1a/wizsub.sh

Bash script that automates the process of using subwiz to enumerate as much subdomains as it can

automation bash bugbounty bugbountytools recon security

Last synced: 02 Apr 2025

https://github.com/farinap5/headerparsing

Web Header Dump For Parsing

bugbounty header header-dump pentesting webpwn

Last synced: 21 Jun 2025

https://github.com/yogsec/alive

Alive is a fast and concurrent URL checker that identifies live domains returning HTTP 200 OK status. It supports single URLs and bulk lists, bypasses WAF protections using random user agents, and offers optional saving of results.

200ok alive assetfinder bugbounty bugbounty-tools cybersecurity-tool ethical-hacking-tool ethical-hacking-tools http-response http-response-codes http-response-ok http-response-status-codes kali-linux kali-linux-tools osint subfinder yogsec

Last synced: 16 Mar 2025

https://github.com/palanioffcl/CTFation

I made this for my personal use to automate things like enumeration and all other stuffs to reduce time in recon and helps to claim first blood. ⛳ 😀

automation bash-script bugbounty ctf hacking linux penetration-testing pentesting

Last synced: 10 Mar 2025

https://github.com/rix4uni/gosqli

gosqli is a fast and simple tool for detecting blind SQL injection vulnerabilities. It supports scanning URLs with custom payloads, parallel requests, and response time-based verification.

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools sql-injection sqli threat-intelligence

Last synced: 29 Oct 2025

https://github.com/githubokkk/byakugan-finder

**Byakugan Finder** 👁️ is a fast and efficient **admin panel scanner** that helps penetration testers discover hidden login pages on websites. Inspired by the **Byakugan** from *Naruto*, it uses **multithreading** for speed, supports **custom wordlists**, and saves results automatically. ⚡ Perfect for ethical hacking and security testing! 🚀

admin-panel-finder admin-panel-finder-of-any-website automation bugbounty cyber-security cybersecurity ethical-hacking pentesting python security web-security webscraping

Last synced: 09 Apr 2025

https://github.com/r1ickr/azure-blob-storage

This repository contains tools and scripts for working with Azure Blob Storage, focusing on tasks like managing containers, uploading and downloading files, setting access policies, and automating storage operations in Microsoft Azure environments.

angular azure-functions blob blob-storage bugbounty cloud-storage dropbox encryption onedrive parquet reconnaissance s3 scp webdav

Last synced: 20 May 2026

https://github.com/muthu-d-anonysm/npm2guard

Open-source tool to scan GitHub organizations for vulnerable NPM packages compromised in the September 2025 supply chain attack. Automatically analyzes nested dependency files in all repositories to help startups, freelancers, and dev teams manage supply chain risks without dedicated security experts.

bugbounty bugbounty-tool cyberattack cybersecurity devsecops npm npm-module npm-package npmjs security security-audit security-tools supply-chain

Last synced: 15 May 2026

https://github.com/bhattjayd/react-native-vulnerability-scanner

react-native-vulnerability-scanner – A Python tool to analyze React Native APKs for vulnerable npm dependencies by scanning modules.json. It checks packages using Snyk's vulnerability database and provides a detailed security report. 🔍 Find vulnerable dependencies in React Native apps easily!

apk-analysis bugbounty cybersecurity cybersecurity-tools ethical-hacking mobile-security pentesting react-native react-native-security security snyk snyk-scan vulnerability-scanner

Last synced: 06 May 2026

https://github.com/kishwordulal1234/phantomxss

💀 Advanced Multi-Vector XSS Scanner | Automated crawling + payload testing | Reflected/Stored/DOM XSS detection | JSON reports | WAF evasion | Cookie support | 80+ modern payloads | Enterprise-ready security tool

advanced-security bugbounty perl vulnerability-scanner xss xss-detection xss-exploitation xss-payload-list xss-payloads xss-scanner xss-vulnerability xsspayload

Last synced: 15 Sep 2025

https://github.com/Trinitok/cve_repo_query

Queries public repos that contain links to other repos with CVE exploits and returns them

bugbounty security-automation

Last synced: 10 Mar 2025

https://github.com/bl4ckstack/dnx

DNX - Domain Explorer A fast Perl tool for subdomain discovery and reconnaissance. Uses passive/active techniques to find and validate subdomains for security testing.

bugbounty cli ctf cybersecurity domain-scanning information-gathering network-security osint passive-recon pentesting perl reconnaissance security-tools subdomain-enumeration

Last synced: 01 Jun 2026

https://github.com/muhammadwaseem29/backupfinder

BackupFinder discovers backup files on web servers by generating intelligent patterns.

backupfinder bug bugbounty bugcrowd ffuf hackerone wordlist-generator yeswehack

Last synced: 03 Sep 2025

https://github.com/cak/foot

Foot is a library that fetches a list of URLs and silly walks through each site to gather information.

bugbounty crawler scraping

Last synced: 22 May 2026

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,313 Cross Site Scripting (XSS) 2,115 Others 1,677 Go 1,218 Java 888 Uncategorized 729 Shell 700 JavaScript 675 C 520 Weapons 499 C# # 439 Remote Code Execution (RCE) 431 C++ 410 Android 355 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183