Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/Zarcolio/wwwordlist

Wwwordlist is a wordlist generator for pentesters and bug bounty hunters. It extracts words from HTML, URLs, JS/HTTP/input variables, quoted texts in the text and mail files in order to generate wordlists.

bruteforce bugbounty ctf hacking infosec penetration-testing pentest pentesting python3 wordlist wordlist-generator wordlists

Last synced: 11 Jul 2025

https://github.com/tigthor/neural-network-hacking

Hacking the Singularity. Deep learning hacking. Weaponizing AI in Offensive security

ai automation bug-hunting bugbounty hacking machine-learning neural-network neural-networks vulnerability-scanner

Last synced: 15 Apr 2025

https://github.com/i5nipe/nipejs

Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

bug-bounty bugbounty bugbounty-tool infosec penetration-testing-tools pentesting

Last synced: 14 Jan 2026

https://github.com/jcsec-security/CosmWasm-audit-roadmap

Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities

audit blockchain bug bugbounty contract cosmos cosmossdk cosmwasm dapp defi hacking roadmap rust security smart smartcontract vulnerabilities

Last synced: 27 Aug 2025

https://github.com/BugBountyResources/targets

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

bugbounty cybersecurity information infosec recon reconnaissance security security-tools

Last synced: 11 Jul 2025

https://github.com/joker-reincarnated/toxic-md

Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot configurations, this bot has you covered.

bugbounty bugs whatsapp-bot

Last synced: 22 Aug 2025

https://github.com/samogod/bugradar

Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.

automation bounty bug bug-bounty bugbounty bugbounty-tool bugcrowd hackerone osint recon recontool security security-automation security-tools

Last synced: 11 Jul 2025

https://github.com/pwnedshell/Bugs-feed

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

bugbounty cve hacking python scrapping vulnerabilities

Last synced: 11 Jul 2025

https://github.com/dwisiswant0/wadl-dumper

Dump all available paths and/or endpoints on WADL file.

bugbounty bugbounty-tool bugbountytips go golang wadl xml xml-parser

Last synced: 05 Oct 2025

https://github.com/jordanpotti/offensiveclouddistribution

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

bugbounty recon redteam scanning security

Last synced: 05 Oct 2025

https://github.com/taythebot/cdn-ranges

Tool to download IPv4 and IPv6 ranges of CDN providers for bug bounties

bugbounty cdn ip

Last synced: 12 Mar 2026

https://github.com/edoverflow/bug-bounty-responses

A collection of response templates for invalid bug bounty reports.

bugbounty infosec security template

Last synced: 24 Feb 2025

https://github.com/si9int/Acamar

A Python3 based single-file subdomain enumerator

bugbounty pentesting subdomain

Last synced: 19 Jul 2025

https://github.com/r0x4r/agnee

Find sensitive information using dorks from different search-engines.

bugbounty bugbountytips bugbountytool dorking search-engine

Last synced: 05 Apr 2025

https://github.com/kljunowsky/CVE-2022-41040-POC

CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server

bug-bounty bugbounty cve-2022-41040 exploit hacking microsoft microsoft-exchange poc proof-of-concept security ssrf

Last synced: 12 Jul 2025

https://github.com/swisscom/bugbounty

Swisscom Vulnerability Disclosure Policy & Bug Bounty Programme

bugbounty

Last synced: 28 Jan 2026

https://github.com/tarunkoyalwar/talosplus

Talosplus is a fast and robust template based Intelligent automation framework primarily developed for Bug Bounty Automation

automation automation-framework bash bashscripting bugbounty go golang infosec linux recon shell template-engine

Last synced: 17 Mar 2025

https://github.com/gwen001/vhost-brute

A PHP tool to brute force vhost configured on a server.

bugbounty pentesting php security-tools subdomain vhost

Last synced: 09 May 2025

https://github.com/hahwul/s3reverse

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

aws bugbounty s3 security utility

Last synced: 14 Jun 2025

https://github.com/InfoSecWarrior/Offensive-Pentesting-Scripts

Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work more efficient and effective.

automation bash-script bugbounty gotools nmap-scripts pentesting subdomain-enumeration subdomain-wordlist

Last synced: 11 Apr 2025

https://github.com/dub-flow/subsnipe

SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.

bugbounty ethical-hacking penetration-testing

Last synced: 09 Apr 2025

https://github.com/dhn/spk

spk aka spritzgebaeck: A small OSINT/Recon tool to find CIDRs that belong to a specific organization.

asn bugbounty cidr enumeration golang osint recon reconnaissance

Last synced: 12 Mar 2026

https://github.com/anof-cyber/mobsecco

Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins

android apk bug-bounty bugbounty cordova cybersecurity mobile-security penetration-testing pentesting pentesting-tools python

Last synced: 28 Oct 2025

https://github.com/chopicalqui/KaliIntelligenceSuite

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

bugbounty data-mining intelligence-gathering kali-linux kali-linux-tools osint penetration-testing penetration-testing-framework

Last synced: 12 Jul 2025

https://github.com/m8sec/taser

Python resource library for creating security related tooling

bugbounty hacking pentesting python3 security

Last synced: 10 May 2025

https://github.com/R0X4R/Pinaak

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

bash-script bugbounty fastscanner find-vulnerabilities nuclei sqlinjection vulnerabilities vulnerability-scanners xss-vulnerability

Last synced: 12 Jul 2025

https://github.com/a3h1nt/subcert

Subcert is a subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

bugbounty certificate-transparency infosec osint-tool pentesting-tools python3 subdomain-enumeration

Last synced: 22 Mar 2025

https://github.com/p0dalirius/cve-2021-43008-adminerread

Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

adminer bugbounty cve cve-2021-43008 exploit file hacking pentest read tool vulnerability

Last synced: 03 Sep 2025

https://github.com/l34r00t/mainRecon

mainRecon is an automated reconnaissance docker image for bugbounty hunter write in bash script.

automation bash-script bugbounty docker docker-image mainrecon subdomains telegram-bot telegram-webhook

Last synced: 10 Mar 2025

https://github.com/dwisiswant0/hinject

Host Header Injection Checker

bugbounty go golang penetration-testing

Last synced: 24 Mar 2025

https://github.com/Azathothas/Arsenal

Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties

bug-bounty bugbounty hacking recon recon-tools security security-tools tools

Last synced: 16 Feb 2026

https://github.com/az0mb13/frida_setup

One-click installer for Frida and Burp certs for SSL Pinning bypass

adb android bug-bounty bugbounty frida hacking-tools pentesting pentesting-tools reconnaissance

Last synced: 13 Apr 2025

https://github.com/riza/wb

Quickly fetches files from Wayback Machine.

bugbounty waybackmachine

Last synced: 16 Feb 2026

https://github.com/dotnetrussell/minerinthemiddle

This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads

bug-bounty bugbounty hacking hacking-tool info-sec information-security infosec infosectools injection miner monero penetration-testing penetration-testing-tools python red-team

Last synced: 24 Oct 2025

https://github.com/un4gi/dirtywords

A targeted word list generation tool

bugbounty content-discovery enumeration golang pentesting web

Last synced: 11 Jul 2025

https://github.com/BugHunterID/BugHunterID

Para pencari bug / celah kemanan bisa bergabung.

bounty bug bugbounty bughunterid hackerone indonesia security

Last synced: 10 Mar 2025

https://github.com/blackhatethicalhacking/fetchmeurls

A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)

bugbounty bugbountytool recon reconnaissance

Last synced: 16 Mar 2025

https://github.com/rix4uni/scope

An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)

bug-bounty bugbounty bugbountytips bugcrowd hackenproof hackerone hacking infosec intigriti osint osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools vrp yeswehack

Last synced: 06 Mar 2026

https://github.com/anof-cyber/pycript-websocket

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket

bugbounty burp-extensions burpsuite infosec penetration-testing pentesting websocket

Last synced: 10 Apr 2025

https://github.com/p0dalirius/lfidump

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

bugbounty dump file inclusion local pentesting

Last synced: 04 Aug 2025

https://github.com/antoinet/swiss-bugbounty-programs

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

bug-bounty bugbounty security switzerland vulnerability-management

Last synced: 27 Jan 2026

https://github.com/0xpugal/knoxsser

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

bugbounty knoxss xss

Last synced: 22 Jun 2025

https://github.com/gwen001/bugbountytips

Webapp to search tips on Twitter through #bugbountytips

bugbounty bugbountytips hashtag pentesting php security twitter

Last synced: 09 May 2025

https://github.com/gnebbia/halive

A fast http and https prober, to check which URLs are alive

alive-hosts asynchronous asyncio bugbounty http https probe probe-requests prober reconnaissance requests

Last synced: 28 Feb 2026

https://github.com/edoverflow/legal-bug-bounty

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

bugbounty infosec legal security

Last synced: 05 Feb 2026

https://github.com/tintinweb/bugbounty-companion

A BugBounty companion that checks out high-reward yielding bug bounty code-bases from Immunefi/code4rena 🙌 (use at own risk)

bugbounty code4rena immunefi smart-contracts

Last synced: 26 Apr 2025

https://github.com/gwen001/github-regexp

Basically a regexp over a GitHub search.

bugbounty github go golang pentesting private regexp secrets security-tools

Last synced: 21 Jul 2025

https://github.com/typeerror/bookmarks

Reclaim control of your Burp Suite Repeater tabs with this powerful extension

appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro

Last synced: 14 Apr 2025

https://github.com/ethicalhackingplayground/dnsresolver

A Lightning-Fast DNS Resolver written in Rust 🦀

bugbounty dns http-prober resolver

Last synced: 04 Oct 2025

https://github.com/blackhatethicalhacking/scopehunter

ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.

bugbounty hacking infosec kali-linux penetration-testing pentesting

Last synced: 08 Oct 2025

https://github.com/itsignacioportal/hacker-scoper

CLI tool for filtering URLs/IPs with automatically-updated Bug Bounty program scope rules.

bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools shell tool websec websecurity

Last synced: 15 Jun 2026

https://github.com/TypeError/Bookmarks

Reclaim control of your Burp Suite Repeater tabs with this powerful extension

appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro

Last synced: 12 Mar 2025

https://github.com/blackhatethicalhacking/ScopeHunter

ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.

bugbounty hacking infosec kali-linux penetration-testing pentesting

Last synced: 10 Mar 2025

https://github.com/yeswehack/YesWeBurp

YesWeHack Api Extension for Burp

bugbounty burp-extensions hacking pentest tools

Last synced: 19 Apr 2025

https://github.com/p0dalirius/ldapconsole

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

active-directory bugbounty ldap pentesting search

Last synced: 03 Apr 2025

https://github.com/demon1a/discord-recon

Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server

automation bugbounty bugbounty-tool discord discord-recon hacking hackingtools nuclei python3 recon reconnaissance wayback-machine

Last synced: 02 Apr 2025

https://github.com/elfarsaouiomar/monitor-new-subdomain

MNS is a security and reconnaissance tool for monitoring new subdomains

bugbounty monitoring python3 recon subdomains

Last synced: 11 Jul 2025

https://github.com/InitRoot/BurpSQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

bugbounty burpsuite-extender sql-truncation

Last synced: 02 Apr 2025

https://github.com/codingo/dooked

DNS and Target HTTP History Local Storage and Search

bounties bug bugbounty bugbounty-tool infosec reconnaissance security security-tools

Last synced: 23 Apr 2025

https://github.com/gbrls/kurl

HTTP Requests for security researchers

bugbounty security-tools

Last synced: 02 Aug 2025

https://github.com/jimen0/differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

bugbounty cloudrun go golang serverless url

Last synced: 22 Mar 2025

https://github.com/theunknownsoul/htb-certified-bug-bounty-hunter-exam-cheetsheet

All cheetsheets with main information from HTB CBBH role path in one place.

bugbounty cheetsheet htb security

Last synced: 14 Apr 2025

https://github.com/nullt3r/rapiddns

Rapidly enumerate subdomains and domains using rapiddns.io.

bugbounty bugbountytips domain-discovery enumeration scanner subdomains-enumeration

Last synced: 12 Jul 2025

https://github.com/dsopas/rfd-checker

RFD Checker - security CLI tool to test Reflected File Download issues

bugbounty golang infosec pentest rfd security

Last synced: 11 Jul 2025

https://github.com/ghsec/BBProfiles

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.

bugbounty burpsuite scanner

Last synced: 13 Mar 2025

https://github.com/Zarcolio/grepaddr

Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.

bugbounty command-line ctf ctf-tools e-mail extract grep-like hacking ip-addresses ipv4 ipv6 mac-address pentesting python python3 recon reconnaissance urls

Last synced: 07 Apr 2025

https://github.com/rix4uni/medium-writeups

This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance reconnaissance-bugbounty-writeups security security-tools threat-intelligence

Last synced: 15 Apr 2025

https://github.com/hahwul/gitls

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

bugbounty butbountytips cli-tool fetcher git github security security-tools tool whitebox-testing

Last synced: 04 Jul 2025

https://github.com/EdOverflow/smith

Simple wrapper for meg that sieves through meg's output for you.

bugbounty security security-tools

Last synced: 27 Sep 2025

https://github.com/kabilan1290/grapX

grapX will iterate through the URLs and grep the endpoints with all possible extensions.

automation bugbounty bugbounty-tool bugbountytips cybersecurity opensource python python-script security-automation security-vulnerability

Last synced: 12 Jul 2025

https://github.com/ysf/anewer

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

bugbounty cli rust stdin stdout tool uniq

Last synced: 12 Jul 2025

https://github.com/htrgouvea/nozaki

HTTP fuzzer engine security oriented

api bugbounty fuzzer fuzzing graphql http nozaki perl research rest restfull security

Last synced: 09 Apr 2025

https://github.com/z3dc0ps/0x0p1n3r

0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover

bugbounty enumeration enumerations subdomain subdomain-enumeration subdomain-scanner vulnerability

Last synced: 11 Jul 2025

https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213

https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8

bugbounty infosec zeroday

Last synced: 12 Jul 2025

https://github.com/nikhil1232/Bucket-Flaws

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

application-security aws-s3 bucket bug-bounty bugbounty s3 s3-bucket s3-buckets security-misconfiguration wapt

Last synced: 12 Jul 2025

https://github.com/yogsec/onelinerbounty

OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to streamline your workflow and uncover more vulnerabilities. #BugBounty #Cybersecurity #HackTips #SecurityResearch #OneLinerBugBounty #OneLinerBounty

bug bugbounty bugbountytips burp-extensions burpsuite cyber-security cybersecurity cybersecurity-tools cybersecuritytips ethicalhacking hacker hackerone hackers hacking hacking-tools nmap onelinerbugbounty osint owasp

Last synced: 07 Mar 2026

https://github.com/dwisiswant0/bounty-targets-alert

It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.

bugbounty bugbountytips bugcrowd federacy hackenproof hackerone intigriti vdp vrp yeswehack

Last synced: 24 Mar 2025

https://github.com/robotshell/dorkscraper

DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.

bugbounty googledorks pentesting python tool

Last synced: 11 Jun 2025

https://github.com/Adversis/PandorasBox

Security tool to quickly audit Public Box files and folders.

bugbounty cloud-security penetration-testing security-tools

Last synced: 07 May 2025

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,312 Cross Site Scripting (XSS) 2,115 Others 1,678 Go 1,219 Java 889 Uncategorized 731 Shell 700 JavaScript 675 C 520 Weapons 499 C# # 439 Remote Code Execution (RCE) 431 C++ 410 Android 355 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183