Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/azathothas/arsenal

Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties

bug-bounty bugbounty hacking recon recon-tools security security-tools tools

Last synced: 12 May 2025

https://github.com/themarkib/google-acquisitions

Most of the Google Acquisitions for Bug Bounty Hunter.

bugbounty ethical-hacking googlevrp penetration-testing

Last synced: 08 Jan 2026

https://github.com/Josue87/roboxtractor

Extract endpoints marked as disallow in robots files to generate wordlists.

bug-bounty bugbounty enumeration fuzzing hacking wordlist

Last synced: 11 Jul 2025

https://github.com/jcsec-security/cosmwasm-audit-roadmap

Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities

audit blockchain bug bugbounty contract cosmos cosmossdk cosmwasm dapp defi hacking roadmap rust security smart smartcontract vulnerabilities

Last synced: 08 Jul 2025

https://github.com/terjanq/same-origin-xss

Same Origin XSS challenge

bugbounty ctf javascript

Last synced: 05 May 2025

https://github.com/Sh1Yo/rate-limit-checker

Check whether the domain has a rate limit enabled.

bugbounty go golang

Last synced: 11 Jul 2025

https://github.com/wfinn/redirex

tool that generates bypasses for open redirects

bugbounty bypass pentesting

Last synced: 12 Jan 2026

https://github.com/cosad3s/hfinder

Help recon of hostnames from specific ASN or CIDR, thanks to Robtex and BGP.HE

asn bugbounty cidr network osint recon

Last synced: 07 Apr 2025

https://github.com/nu11pointer/fuzzlists

A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc

bruteforce bugbounty cybersecurity dictionaries infosec pentesting wordlists

Last synced: 05 Apr 2025

https://github.com/gwen001/bxss

Alternative to XSS Hunter for blind XSS.

bugbounty pentesting php security-tools xss xsshunter

Last synced: 09 May 2025

https://github.com/Aju100/VulWebaju

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

bugbounty hacking hacktoberfest owasp-top-10 penetration-testing pentesting

Last synced: 12 Jul 2025

https://github.com/vsec7/xkeys

Extract Sensitive Keys, Secret, Token Or Interested thing from source

bugbounty hacking osint pentest pentest-tool

Last synced: 19 Jan 2026

https://github.com/C-Sto/GoGitDumper

Dump exposed HTTP .git fast

bugbounty git pentesting

Last synced: 11 Jul 2025

https://github.com/DreyAnd/DeadDNS

DNS hijacking via dead records automation tool

bugbounty bugbounty-tool bugbountytips bughunting

Last synced: 12 Jul 2025

https://github.com/bassammaged/awsEnum

Enumerate AWS cloud resources based on provided credential

aws bug bugbounty enumeration penetration-testing security-audit security-tools

Last synced: 10 Mar 2025

https://github.com/xchopath/pathprober

Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once

bugbounty pentest pentest-scripts pentest-tools python python3 redteam redteam-tools webscanner

Last synced: 12 Jul 2025

https://github.com/mzfr/takeover

A tool for testing subdomain takeover possibilities at a mass scale.

bugbounty subdomain-takeover takeover

Last synced: 15 Mar 2025

https://github.com/d3ext/go-recon

External recon toolkit

bugbounty go-recon golang hacking recon toolkit

Last synced: 10 Apr 2025

https://github.com/rudsarkar/crlf-injector

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

bugbounty crlf-injection python toolshacking

Last synced: 12 May 2025

https://github.com/ko2sec/apkizer

apkizer is a mass downloader for android applications for all available versions.

android-application apk apkpure bugbounty recon reconnaissance

Last synced: 12 Jul 2025

https://github.com/rudSarkar/crlf-injector

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

bugbounty crlf-injection python toolshacking

Last synced: 20 Apr 2025

https://github.com/andripwn/PayloadsAll

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

allpayload bugbounty bugcrowd bughunter hackerone payloads pentest python rce researchers securityresearchers sql vulnerability vulnerabilityanalysis xsss

Last synced: 10 Mar 2025

https://github.com/pikpikcu/js-finding

JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various extraction methods and provides additional options for file download and wordlists creation.

bugbounty recon

Last synced: 20 Jan 2026

https://github.com/mrofisr/gf-patterns

A collection of useful grep patterns and tools by Tomnomnom for extracting specific values from text.

bugbounty grep security

Last synced: 29 Jan 2026

https://github.com/BLACK-SCORP10/url-status-checker

Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded output, and easy CLI usage, it's a handy solution for monitoring web service performance.

automation bug-bounty bugbounty bugbounty-tools bugbountyautomation bulk easy-to-use httpx infosys python status-codes statuscode

Last synced: 18 Jul 2025

https://github.com/yogsec/OneLinerBounty

OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to streamline your workflow and uncover more vulnerabilities. #BugBounty #Cybersecurity #HackTips #SecurityResearch #OneLinerBugBounty #OneLinerBounty

bug bugbounty bugbountytips burp-extensions burpsuite cyber-security cybersecurity cybersecurity-tools cybersecuritytips ethicalhacking hacker hackerone hackers hacking hacking-tools nmap onelinerbugbounty osint owasp

Last synced: 01 Apr 2025

https://github.com/blackhatethicalhacking/openrediwrecked

A powerful and sophisticated tool for detecting and exploiting open redirect vulnerabilities using the sed utility and a selected list of carefully crafted payloads with encoding techniques.

bugbounty hacking infosec openredirect-scanner penetration-testing pentesting

Last synced: 04 Apr 2025

https://github.com/pkgforge-security/wordlists

[Custom || Automated] Curation & Collection of BugBounty Wordlists

bug-bounty bugbounty content-discovery feroxbuster ffuf fuzzing gobuster vhost wordlist wordlists

Last synced: 16 Mar 2026

https://github.com/thelikes/owncraft

offensive notes & resources

bugbounty hacking pentest pwn

Last synced: 13 Mar 2026

https://github.com/rix4uni/xssrecon

XSSRecon automates the process of testing URL parameters for reflection of a test payload rix4uni and further checks how special characters are handled (allowed, blocked, or converted).

bug-bounty bugbounty bugbountytips hacking infosec masshuntxss osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools vulnerability xss xss-automation xssrecon

Last synced: 04 Mar 2026

https://github.com/m8sec/subwalker

Simultaneously execute various subdomain enumeration tools and aggregate results.

bugbounty recon subdomain-enumeration

Last synced: 21 Aug 2025

https://github.com/r0x4r/scvault

Custom scripts for directory fuzzing, subdomain enumeration, and more.

automation bash-script bug-bounty bug-bounty-hunters bugbounty directory-busting ffuf fuzzing infosec interlace

Last synced: 02 Sep 2025

https://github.com/R0X4R/scvault

Custom scripts for directory fuzzing, subdomain enumeration, and more.

automation bash-script bug-bounty bug-bounty-hunters bugbounty directory-busting ffuf fuzzing infosec interlace

Last synced: 12 Jul 2025

https://github.com/R0X4R/ssrf-tool

An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.

bugbounty bugbounty-tool bugbountytips go ssrf ssrf-tool tools

Last synced: 11 Jul 2025

https://github.com/DotNetRussell/Ensemble

A Bug Bounty Platform that allows hunters to issue commands over a geo-distributed cluster. The ideal user is someone who is attempting to scan multiple bug bounty programs simultaneously, on a recurring basis.

blueteam bug-bounty bug-bounty-hunting bug-bounty-recon bug-bounty-tools bugbounty hacking red-team red-team-tools red-teaming redteam

Last synced: 10 Mar 2025

https://github.com/thelikes/gwdomains

sub domain wild card filtering tool

bugbounty hacking infosec

Last synced: 16 Mar 2026

https://github.com/h0tak88r/nuclei_templates

Collection of templates from various resources

bugbounty cybersecurity nuclei-tamplates

Last synced: 16 Feb 2026

https://github.com/dotnetrussell/ensemble

A Bug Bounty Platform that allows hunters to issue commands over a geo-distributed cluster. The ideal user is someone who is attempting to scan multiple bug bounty programs simultaneously, on a recurring basis.

blueteam bug-bounty bug-bounty-hunting bug-bounty-recon bug-bounty-tools bugbounty hacking red-team red-team-tools red-teaming redteam

Last synced: 11 Jul 2025

https://github.com/e1abrador/Burp-Encode-IP

Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.

bugbounty bugbounty-tool bugbountytips bypass open-redirect red-team red-team-tools ssrf

Last synced: 13 May 2025

https://github.com/theporgs/exegol-resources

Hacking resources for the Exegol project

active-directory bugbounty hacking pentesting

Last synced: 07 Mar 2026

https://github.com/melbadry9/sslenum

Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)

bugbounty reconnaissance rust rust-lang ssl-certificate

Last synced: 19 Jul 2025

https://github.com/hahwul/ras-fuzzer

RAS(RAndom Subdomain) Fuzzer

bugbounty fuzzer fuzzing hacking security subdomain tools

Last synced: 06 Jul 2025

https://github.com/robotshell/dorkScraper

DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.

bugbounty googledorks pentesting python tool

Last synced: 12 Jul 2025

https://github.com/melbadry9/SSLEnum

Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)

bugbounty reconnaissance rust rust-lang ssl-certificate

Last synced: 11 Jul 2025

https://github.com/jonaslejon/lolcrawler

Headless web crawler for bugbounty and penetration-testing/redteaming

bugbounty crawler docker penetration-testing penetration-testing-tools redteam redteam-tools redteaming

Last synced: 12 Jul 2025

https://github.com/HexNio/ssl_pinning_remover

An Android SSL Pinning Remover tool for Security research and Bug Bounty

android bug-bounty bugbounty bugbounty-tool help-wanted python3 security-automation security-tools ssl-pinning

Last synced: 11 Jul 2025

https://github.com/p0dalirius/robotstester

This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.

bugbounty crawler pentesting python robots tool

Last synced: 21 Aug 2025

https://github.com/random-robbie/kube-scan

Kubernetes Scanner

bugbounty kubernetes

Last synced: 21 Apr 2025

https://github.com/paulveillard/cybersecurity-bug-bounty

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Bug Bounty in Cybersecurity.

bounty bug bug-bounty-automation bug-bounty-tools bugbounty

Last synced: 27 Jun 2025

https://github.com/edoardottt/malicious-rmqr-codes

Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

bug-bounty bugbounty malicious-payloads offensive-security payload-generator payloads qr-code qrcode qrcodes red-team red-team-tools redteam redteam-tools redteaming rmqr rmqrcode security security-tools web-security

Last synced: 21 Mar 2025

https://github.com/rix4uni/uforall

uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl

alienvault bugbounty commoncrawl crawler osint recon reconnaissance urlscan wayback

Last synced: 15 Apr 2025

https://github.com/mathis2001/webhackurls

Simple python OSINT tool for urls recon thanks to the waybackmachine.

bugbounty osint pentesting recon wayback-machine webarchive

Last synced: 27 Apr 2025

https://github.com/BountyStrike/Emissary

Send notifications on different channels such as Slack, Telegram, Discord etc.

bugbounty golang notification

Last synced: 10 May 2025

https://github.com/tarunkoyalwar/sandman

A Target Tracking , NoteTaking , CheckLists and Data Management GUI App for Bug Hunter's and Pentesters.

bugbounty checklist-application cybersecurity fyneapp golang infosectools notes-app redteam-tools

Last synced: 14 Jan 2026

https://github.com/dreamer1eh/ultimate_bughunter_tools

Ultimate Package Of 50 Bug Bounty Hunting Tools

bug-bounty bugbounty infosec security security-tools

Last synced: 12 Jul 2025

https://github.com/Dc4ts/ChangeTower

ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go

bugbounty bugbounty-tool golang red-team webscanner

Last synced: 11 Jul 2025

https://github.com/cqsd/daily-commonspeak2

commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists

bugbounty content-discovery security

Last synced: 11 Jul 2025

https://github.com/melbadry9/ScanApi

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

bugbounty recon s3-bucket-scanner subdomains-enumeration

Last synced: 11 Jul 2025

https://github.com/WuliRuler/AutorizePro

🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.

ai authorization bounty-hunters bounty-hunting-tools broken-access-control bugbounty burp-extensions burpsuite idor idor-vulnerability llm pentest-tool pentesting sdlc-tools security-tools unauthorized unauthorized-access-tool vulnerability-detection

Last synced: 01 Apr 2025

https://github.com/acuciureanu/ppfang

A tool which helps identifying client-side prototype polluting libraries

bugbounty bugbounty-tool bugbountytips chromium cspp prototype-pollution security security-tools vulnerability-scanners

Last synced: 09 Apr 2025

https://github.com/melbadry9/scanapi

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

bugbounty recon s3-bucket-scanner subdomains-enumeration

Last synced: 13 Jul 2025

https://github.com/brosck/bugbountytricks

「🐞」Bug Bounty Tricks

bounty bug bugbounty security tips tricks

Last synced: 21 Jan 2026

https://github.com/blackhatethicalhacking/sql-injection-pwn

A 1 Liner SQL Injection Attack using SQLMAP and various parameters that helps quickly check for a vulnerabilities during Bug Bounty

bugbounty hacking penetration-testing pentesting redteam sqlinjection

Last synced: 04 Apr 2025

https://github.com/TGPrado/DI.WE.H

Repositório com conteúdo sobre web hacking em português

bug-bounty bugbounty ethical-hacking hacking webhacking

Last synced: 10 Mar 2025

https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn

An AIO Tool to check for Vulnerable Amazon S3 Buckets as part of Bug Bounty, the uniqueness of this tool is that it can take a file full of buckets, and check all of them with various attack scenarios if they are vulnerable

bugbounty hacking penetration-testing pentest-tool pentesting redteam s3-bucket

Last synced: 04 Apr 2025

https://github.com/jailbreakme-xyz/jailbreak

jailbreakme.xyz is an open-source decentralized app (dApp) where users are challenged to try and jailbreak pre-existing LLMs in order to find weaknesses and be rewarded. 🏆

ai bugbounty cryptocurrency cybersecurity prompt-engineering prompt-injection solana solana-program

Last synced: 30 Oct 2025

https://github.com/muhammadwaseem29/cve-2025-53770

Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770)

bugbounty cve-2025-53770 sharepoint sharepoint-exploit

Last synced: 11 Feb 2026

https://github.com/abuvanth/kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool

automation aws aws-s3 bucket-misconfiguration-testing bugbounty s3 s3-bucket-finder security-tools storage

Last synced: 14 Jan 2026

https://github.com/typeerror/crystalball

An enchanting 🔮 web screenshot tool for capturing and sharing web content effortlessly

bugbounty enumeration infosec security web-screenshot

Last synced: 14 Apr 2025

https://github.com/xalgord/my-methodologies

Tools and methods that I personally use for Recon and Exploitations

bug-bounty bugbounty penetration-testing pentesting recon xss

Last synced: 27 Feb 2026

https://github.com/gigachad80/grep-backurls

Automated way to extract juicy info with subfinder and waybackurls

bug-bounty bug-bounty-tools bugbounty grep subdomain-enumeration subfinder wayback-machine waybackurls

Last synced: 13 Sep 2025

https://github.com/bountymachine/about

A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!

automation bountymachine bugbounty infosec presentation slides

Last synced: 13 May 2025

Bug Bounty Awesome Lists
awesome-hacker-search-engines 564 awesome-bugbounty-tools 407 Awesome-Bugbounty-Writeups 604 WebHackersWeapons 431 awesome-mobile-security 246 awesome-vulnerable-apps 97 awesome-hacking-lists 11,757 MobileHackersWeapons 73 netlas-cookbook 229 awesome-mcp-security 119 awesome-cicd-attacks 88 awesome-bbht 80 awesome-cybersec 302 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-reference 102 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,312 Cross Site Scripting (XSS) 2,115 Others 1,678 Go 1,219 Java 889 Uncategorized 731 Shell 700 JavaScript 675 C 520 Weapons 499 C# # 439 Remote Code Execution (RCE) 431 C++ 410 Android 355 TypeScript 333 Subdomain Takeover 316 HTML 280 PHP 235 PowerShell 230 Explore 183