Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/krishpranav/sniff

A Simple Golang Tool That Automates OSINT For Threat Intelligence And Mapping Your Attack Surface.

attack attack-defense attack-surface attack-surfaces bugbounty go golang recon reconnaissance scanner security web-security

Last synced: 14 Apr 2025

https://github.com/0xdln1/getlevels

Tool for sorting different Level of subdomains form 1...N

bugbounty getlevels infosec python subdomain-enumeration subdomainlist subdomains

Last synced: 12 Jan 2026

https://github.com/0xsyr0/infoscraper

Python implementation of two famous JavaScript payloads for Bug Bounty.

bugbounty offensive-security penetration-testing pentesting python scraper

Last synced: 03 Aug 2025

https://github.com/machine1337/jsscanner

An Efficent tool to find juicy secrets in javascript source code. Automate Your Javascript hunting using this tool.

bugbounty bugbounty-tool hackerone hacking javascript-recon jsscanner machine1337 reconn

Last synced: 25 Apr 2025

https://github.com/c-f/lel

Visualization layer and helper for relevant IT related documentation and operation

bugbounty documentation-tool golang graph lel logger react redteam-infrastructure

Last synced: 11 Jul 2025

https://github.com/mathis2001/sp00fy

Simple python script to check for email spoofing on a given domain.

bugbounty dmarc email phishing spoofing

Last synced: 19 Jul 2025

https://github.com/mathis2001/Sp00fy

Simple python script to check for email spoofing on a given domain.

bugbounty dmarc email phishing spoofing

Last synced: 10 Mar 2025

https://github.com/machine1337/JSScanner

An Efficent tool to find juicy secrets in javascript source code. Automate Your Javascript hunting using this tool.

bugbounty bugbounty-tool hackerone hacking javascript-recon jsscanner machine1337 reconn

Last synced: 10 Mar 2025

https://github.com/indiancybertroops/Web-See

Web-See is Tool For Checkout Status Of Urls in Mass Its For Bug Bounty Hunters And Black Hat Hackers It Will Save Your Valuable Time Script is Designed By Indian Cyber Troops

200 202 301 302 400 404 500 bugbounty bugbountyrecon defacing domain-checker ict icttools indiancybertroops indianhacker status-checker web-see webstatus

Last synced: 10 Mar 2025

https://github.com/1hehaq/oty

Oty is a fast, customizable, CLI tool designed to streamline your Bug Bounty and Pentesting workflows. Powered by a simple yet flexible YAML based DSL, Oty allows you to integrate your tools into it

automation bugbounty developer devops pentest security

Last synced: 26 Jan 2026

https://github.com/0ksecurity/portfolio

This is my portfolio showcasing the vulnerabilities I have discovered during my one-year journey as a bug hunter.

bugbounty contest evm fuelvm immunefi solidity sway

Last synced: 18 Jun 2025

https://github.com/umair9747/seize

A Command-line Utility written in Go for generating images of your CLI output using stdin

automation bugbounty cli command-line command-line-tool cybersecurity golang hacking linux programming

Last synced: 07 May 2025

https://github.com/0xpugal/pd-recon

A bash script which uses Project Discovery tools for bug bounty reconnaissance.

bugbounty projectdiscovery recon

Last synced: 15 Apr 2025

https://github.com/tkmru/xss_dict

xss dictionary for Google 日本語入力

bugbounty bugbountytips xss-detection

Last synced: 04 Feb 2026

https://github.com/rix4uni/unew

A tool combined of 2 commands features in 1 sort and tee for adding new lines to files, skipping duplicates

bug-bounty bugbounty bugbountytips duplicates hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence

Last synced: 15 Apr 2025

https://github.com/nsonaniya2010/sanfinder

It finds Subject Alternative Names for a given list of domains

bug-bounty bug-hunting bugbounty infosec madeinindia security security-tools

Last synced: 14 Apr 2025

https://github.com/sa7mon/h1rss

An RSS feed generator for HackerOne Hacktivity

bugbounty golang hackerone rss

Last synced: 19 Oct 2025

https://github.com/hunthubspace/cve-2024-0757-exploit

A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)

bugbounty cve ethical-hacking exploit penetration-testing web

Last synced: 13 Apr 2025

https://github.com/javeleyqaq/drozer-tester

Bash script for automated testing of the drozer component used in penetration testing. drozer组件自动化测试脚本

android android-component bugbounty cybersecurity droze pentesting

Last synced: 13 Apr 2025

https://github.com/IamLucif3r/Recon-Plus

A Unified Reconnaissance Tool for Pentesting

bugbounty bugbounty-tool bughunting hacking-tool recon recon-tools reconnaissance

Last synced: 10 Mar 2025

https://github.com/machine1337/host-injector

A small to find Host Header Injection vulnerabilities in a websites

bugbounty hacking hostheader injection kali-linux machine1337 pentesting webhacking

Last synced: 25 Apr 2025

https://github.com/melbadry9/domain_reg

Check domain availability for registration

bugbounty domain-registration recon

Last synced: 12 Jul 2025

https://github.com/edoverflow/bounty-pls

A Chrome extension that spices up those #togetherwehitharder tweets.

bugbounty hackerone

Last synced: 23 Apr 2025

https://github.com/Zarcolio/1pfuscat0r

A tool to automatically generate alternative IP representations, a rewritten version of IPFuscator

bugbounty ctf hacking ip-address obfuscation obfuscator

Last synced: 12 Jul 2025

https://github.com/cryonayes/GoFilter

A tool to filter URLs by parameter count or size

bugbounty bugbounty-tool golang

Last synced: 11 Jul 2025

https://github.com/literallyethical/r3conwhal3

r3conwhale aims to develop a multifunctional recon chain for web applications, intelligently interpreting collected data, and optimizing performance and resource consumption through a concurrency-based approach.

automation-framework bug-bounty-tools bugbounty dns fuzzing osint pentest pentest-tool recon reconnaissance scanner security security-tools subdomain-enumeration subdomain-scanner

Last synced: 15 Dec 2025

https://github.com/DevanshRaghav75/bugbounty-dorks

Google dorks for bug bounty hunting

bugbounty google-dorks security

Last synced: 10 Mar 2025

https://github.com/QSoloX/whoisyou

Take a list of domains and output the hostname and ip.

bugbounty golang hacking hacking-tools infosec

Last synced: 11 Jul 2025

https://github.com/davemolk/dorking

advanced searching for bing, brave, duck duck go, and yahoo

bug-bounty bugbounty dorking go golang infosec osint pentesting pentesting-tools recon research search search-engine security

Last synced: 14 Jul 2025

https://github.com/proditis/orunmila

a simple tool to refine and produce lists for your bugbounty and pen-test engagements

bugbounty dirbuster ffuf pen-test-tools pen-testing penetration-testing pentest-tool pentesting

Last synced: 06 Oct 2025

https://github.com/tarunkoyalwar/nestle

Match and Extract Nested groups (ex: graphql) using regex with Nestle

automation bugbounty bugbounty-tool go graphql javascript-recon javascript-regex recon regex

Last synced: 11 Apr 2025

https://github.com/Iamstanlee/bee

Bee Recon Framework

bugbounty infosec pentesting-tools

Last synced: 12 Jul 2025

https://github.com/rix4uni/techfinder

A high-performance technology detection tool built with Go, leveraging the projectdiscovery wappalyzergo library to identify web technologies and frameworks.

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools technology threat-intelligence

Last synced: 19 Jun 2026

https://github.com/serhatcck/hidden_fuzzer

Hidden Fuzzer is a URL fuzzing tool designed to uncover hidden paths and resources on web applications. It features multithreading, customizable HTTP headers, and request parameters for optimized performance.

bugbounty bugbounty-tool fuzzing pentest-tool security-tools url-fuzzer webpentest

Last synced: 14 Jan 2026

https://github.com/mamad4ever/bug-bounty-tools

A list of resources for those interested in getting started in bug bounties

bug-bounty bug-bounty-tools bugbounty cybersecurity hunter pentest-tool

Last synced: 27 Mar 2026

https://github.com/faiqu3/100DaysOfHacking

This repository contains all the information shared during my 100 days of hacking challenge.

bugbounty cybersecurity hacking

Last synced: 10 Mar 2025

https://github.com/zha0gongz1/html-absorber

一款可批量提取url或本地html文件中注释、属性及标签内容的工具

bash-script bugbounty golang hack hacktool html infosec redteam

Last synced: 04 Mar 2026

https://github.com/random-robbie/selenium-abuser

Abuse Open Selenium Gird or Node to get access to metadata endpoint.

bugbounty hacker iam-credentials iam-role selenium selenium-grid selenium-python

Last synced: 03 Oct 2025

https://github.com/rix4uni/msarjun

Mass-scale hidden parameter discovery using Arjun. A high-performance wrapper that parallelizes Arjun for efficient parameter discovery across multiple targets.

api-fuzzer api-fuzzing api-testing arjun bug-bounty bugbounty bugbountytips content-discovery hacking infosec osint osint-tool parameter-discovery penetration-testing pentest-tool pentesting recon reconnaissance security security-tools

Last synced: 07 Apr 2026

https://github.com/shazsyed/FavHunt

Favicon based recon for faster fingerprinting of web services

bugbounty fingerprinting hacking recon reconaissance webservices

Last synced: 11 Jul 2025

https://github.com/xcalts/scopez

Scopez verifies connectivity to target servers, reveals CDN presence, and provides detailed target insights like reachability and RDAP.

bugbounty cdn curl penetration-testing ping rdap reconnaissance scope

Last synced: 10 Jun 2025

https://github.com/topscoder/lurk-sonar

Download source code of all projects in a SonarQube instance. #bugbounty #opsec #infosec #sonarqube

bug-bounty bugbounty bugbounty-tool bugbountyautomation infosec sonarqube

Last synced: 02 Mar 2025

https://github.com/rodnt/submon

Python script to monitor subs from crt.sh | The script focuses on monitoring for new subdomains of a given domain using the crt.sh public API, which can be a component of bug bounty hunting

bugbounty monitor monitoring-tool python subdomain-enumeration subdomains

Last synced: 22 Jul 2025

https://github.com/dsecuredcom/archive-finder

Find archives for a given hostlist.

bugbounty it-security pentest pentesting redteam

Last synced: 09 Mar 2026

https://github.com/topscoder/subgomain

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

bugbounty bugbounty-tool domain-takeover infosec infosectools security security-tools subdomain-takeover

Last synced: 04 Jul 2025

https://github.com/machine1337/cors_scanner

Fast CORS Misconfiguration Scanner

bugbounty cors hacking misconfiguration pentesting

Last synced: 25 Apr 2025

https://github.com/rix4uni/portmap

portmap is a fast portscan tool, uses shodan public data for port scan used internetdb.shodan.io and api.shodan.io/shodan/host

bug-bounty bugbounty bugbountytips hacking infosec internetdb osint osint-resources penetration-testing pentest-tool pentesting port-enumeration portscanner recon reconnaissance scan-ports security security-tools shodan threat-intelligence

Last synced: 28 Aug 2025

https://github.com/Revenant40/2tearsinabucket

Enumerate s3 buckets for a specific target.

bugbounty enumeration go golang s3-bucket

Last synced: 02 Apr 2025

https://github.com/jaydhulia/go-url-fuzz

URL Fuzzer in Go - Find hidden directories!

bugbounty fuzzing go

Last synced: 22 Jun 2025

https://github.com/abaykan/Labs

Repositori ini berisi file-file vulnerable terhadap bug tertentu yang saya jadikan demo pada artikel yang saya tulis di abaykan.com

bug bug-bounty bugbounty bugs command-injection hack hacking lab labs lfi local-file-inclusion writeup xss

Last synced: 10 Mar 2025

https://github.com/TargetPackage/api-key-impact

A list of different types of API keys and how to prove impact for bug bounty programs.

api api-key api-keys bug-bounty bugbounty impact

Last synced: 07 Sep 2025

https://github.com/rix4uni/linkinspector

linkinspector is a fast command-line tool for inspecting URLs and retrieving HTTP status codes, content lengths, and content types. It supports filtering and matching responses, and can process URLs from stdin or files.

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence

Last synced: 17 Feb 2026

https://github.com/Imran407704/multi-urls

This is a simple bash script for getting passive urls from a gau, gauplus, waybackurls from a multiple urls list.

automation bugbounty bugbounty-tool infosectools

Last synced: 10 Mar 2025

https://github.com/edivangalindo/gh-test

A little tool to fastly test if Github tokens are valid

bugbounty bugbounty-tool infosec redteam token-leaked

Last synced: 14 Jan 2026

https://github.com/demon1a/bounties-uwu

Chrome extension uses the HackerOne API to reveal hidden rewarded bounties on HackerOne

bugbounty hackerone javascript security tools

Last synced: 14 Oct 2025

https://github.com/haccer/xmail

Go tool that detects which email addresses have domains which are able to be registered

account-takeover bug-bounty bugbounty cyber email go golang infosec osint pentesting redteam redteam-tools security

Last synced: 14 Mar 2026

https://github.com/mathis2001/subpwnable

Are your (sub)domains pwnable ? SubPwnable is a simple Python tool designed to helps you answer this question.

bugbounty cname pentest subdomain-takeover

Last synced: 13 Jun 2025

https://github.com/ezhil56x/bugbounty

Basic tool for Information Gathering 🚀

bugbounty cybersecurity cybersecurity-projects

Last synced: 28 Feb 2025

https://github.com/0xpugal/hacktheweb

Things to do while Hacking/Hunting in Web Applications

bugbounty bugbountytips hack recon subdomain-enumeration vulnerability web webappsec websecurity

Last synced: 19 Mar 2026

https://github.com/jcsec-security/cosmwasm-security-spotlight

Posts and labs to learn CosmWasm smart contract security vulnerabilities and audit

audit blockchain bug bugbounty contract cosmos cosmossdk cosmwasm ctf dapp defi hacking rust security smart smartcontract vulnerabilities

Last synced: 26 Oct 2025

https://github.com/4m3rr0r/subrecongemini

SubreconGemini is a fast, lightweight, and focused subdomain discovery tool. It leverages a hybrid approach by combining AI-powered suggestions from Google's Gemini, traditional wordlist brute-forcing, and certificate transparency log analysis to uncover live subdomains.

bugbounty gemini osint recon subdomain subdomain-enumeration subdomain-finder

Last synced: 10 Aug 2025

https://github.com/darkstarbdx/xssblitz

XSSblitz ⚡ is a blazing-fast 🚀 and modern 🖥️ XSS vulnerability scanner 🔍, designed to help you effortlessly uncover 🕵️‍♂️ and exploit XSS vulnerabilities 💥 with ease.

bugbounty cross-site-scripting ethical-hacking security-testing security-tools tools vulnerability-exploitation vulnerability-scanner xss xss-detection xss-exploitation xss-vulnerability

Last synced: 03 Aug 2025

https://github.com/proditis/mini-tools

A collection of mini tools and snippets for various purposes

bugbounty csp cybersecurity dns hacking sni snippets

Last synced: 14 Apr 2025

https://github.com/thelikes/wzrd

run scripts to ease exec of common tools

bugbounty hacking pentest recon

Last synced: 24 Dec 2025

https://github.com/tradmod/security-audits

TradMod's Security Reviews Portfolio, Audits and Bug Report Findings

audits blockchainsecurity bugbounty cybersecurity securityresearch

Last synced: 01 Jul 2025

https://github.com/rodnt/bffuf

Burp bridge to FFUF

bugbounty bugs burp ffuf fuzzing pentest portswigger

Last synced: 30 Jan 2026

https://github.com/jsmoreira02/hazard

Hazard is a dictionary brute-force attack, constructed using the Rust language for the most sensitive network protocols and services, including FTP, SSH, PostgreSQL, MySQL, and Samba (SMB networking protocol). Its design prioritizes ease of use and a clean interface, making it suitable for use in Capture the Flag (CTF) or Pentest Services.

brute-force bugbounty ctf-challenges cybersecurity-tool dictionary-attack hacking-tool network-security rust

Last synced: 12 May 2025

https://github.com/indiancybertroops/Phanto-M

Phanto-M is Tool Designed To Enumeration of Subdomain Fastly This is Based On Open Source Api And We Used Multiple APi in Tool

bugbounty bugbounty-tool hacking indian indiancybertroops indianhacker instagram phanto-m phanto-m-ict phantom subdomain subdomain-enumeration subdomain-finder subdomain-scanner subdomainlist topindianhacker

Last synced: 10 Mar 2025

https://github.com/z3n70/CVE-2021-43798

Simple program for exploit grafana

bugbounty cybersecurity exploit grafana pentesting

Last synced: 10 Mar 2025

https://github.com/bountyhacking/Payloads_Tool_box

At this repo you can find any tools, tricks or templates for general penetration testing assesment

bounty bounty-hunting-tools bug bugbounty burpsuite curl fuzzing payload payloads pentesting sqli sqlmap tty xss

Last synced: 10 Mar 2025

https://github.com/mr-rizwan-syed/JOD-ALPHA

Automated and Modular Shell Script to Automate Security Vulnerability Scans

bugbounty redteam-tools wapt

Last synced: 10 Mar 2025

https://github.com/geeknik/jwt-scanner

A tool for detecting JWT algorithm confusion vulnerabilities in web applications

bugbounty confusion infosec jwt scanner security

Last synced: 23 Jun 2025

https://github.com/martinpsdev/curl-mcp

MCP server that translates natural language instructions into curl commands, supporting both English and Spanish

bugbounty command-line curl cybersecurity infosec mcp penetration-testing recon

Last synced: 13 Apr 2026

https://github.com/codedsprit/gocrt

☘️ Find subdomain using http://crt.sh in terminal.

bugbounty golang subdomain-enumeration

Last synced: 20 Jun 2025

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,312 Cross Site Scripting (XSS) 2,115 Others 1,678 Go 1,219 Java 889 Uncategorized 731 Shell 700 JavaScript 675 C 520 Weapons 499 C# # 439 Remote Code Execution (RCE) 431 C++ 410 Android 355 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183