Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security, penetration-testing, pentesting, pentest,
- Aliases: bug-bounty,
- Last updated: 2026-06-19 00:04:40 UTC
- JSON Representation
https://github.com/halilkirazkaya/arsenal-ng
The classic launcher, evolved. Fast, Go-based command library equipped with 150+ cybersecurity cheat-sheets. Just install and start hacking.
arsenal bugbounty cheatsheets cli-command-launcher golang hacking infosec penetration-testing red-team
Last synced: 27 Feb 2026
https://github.com/rascal999/maxos
Pentest focused NixOS config
bugbounty docker-images firefox-bookmarks hacking hacking-tool jupyter jupyter-notebook linux nix nixos nixos-config operating-system osint pentest pentesting redteam resources security
Last synced: 27 Sep 2025
https://github.com/umutcamliyurt/subhunter
A fast subdomain takeover tool
bug-bounty bug-bounty-tools bugbounty go golang infosec penetration-testing pentesting security-tools subdomain-takeover takeover-subdomain
Last synced: 14 May 2025
https://github.com/hahwul/backbomb
💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
appsec bugbounty docker docker-image environment golang hacking pentest security tools
Last synced: 01 Oct 2025
https://github.com/zishanadthandar/burptoggle
Burp Suite Proxy Toggler Lite Add-on for Mozilla Firefox.
bugbounty bugbounty-tool burp-extensions burpsuite burpsuite-tools firefox firefox-addon firefox-extension firefox-extensions firefox-webextension hacking hacking-tool hackingtool opensource
Last synced: 12 Jul 2025
https://github.com/r0x4r/snetra
A Python based scanner uses shodan-internetdb to scan the IP.
bugbounty penetration-testing penetration-testing-tools python3 shodan
Last synced: 28 Jul 2025
https://github.com/0xpugal/bounty.sh
simple bash script to earn bounties
bash bugbounty recon reconnaissance shell
Last synced: 15 Apr 2025
https://github.com/sidxparab/subdomain-enumeration-guide
This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.
bugbounty pentesting recon reconnaissance subdomain-enumeration
Last synced: 13 Feb 2026
https://github.com/sidxparab/Subdomain-Enumeration-Guide
This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.
bugbounty pentesting recon reconnaissance subdomain-enumeration
Last synced: 11 Jul 2025
https://github.com/gwen001/csp-analyzer
Analyze Content-Security-Policy header of a given URL.
bugbounty content-security-policy csp pentesting python security-tools
Last synced: 24 Oct 2025
https://github.com/rix4uni/cvemapping
This repo Gathers all available cve exploits from github.⚠️ Be careful Malware.
bug-bounty bugbounty bugbountytips cve exploits hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence
Last synced: 15 Apr 2025
https://github.com/mathis2001/paramfirstcheck
ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, RCE and Open redirect
bugbounty parameters pentest top25
Last synced: 27 Apr 2025
https://github.com/Sajibekanti/Bug_Bounty_List
Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.
Last synced: 11 Jul 2025
https://github.com/melbadry9/whoenum
Mass querying whois records
bugbounty enumeration recon whois
Last synced: 13 Jul 2025
https://github.com/blackhatethicalhacking/bf_active_sub
Subdomain Bruteforce - Bounty Quick Code
bruteforce bugbounty hacking kali-linux penetration-testing pentesting reconnaissance subdomain-enumeration
Last synced: 04 Apr 2025
https://github.com/Damian89/simple-oob-scanner
Simple tool to test for SSRF/OOB HTTP Read within the Path of a request
bugbounty penetration-testing pentesting python3
Last synced: 11 Jul 2025
https://github.com/gwen001/favicon-hashtrick
Python script implementing the favicon hash trick to find subdomains.
bugbounty favicon pentesting python security-tools shodan
Last synced: 09 May 2025
https://github.com/R0X4R/snetra
A Python based scanner uses shodan-internetdb to scan the IP.
bugbounty penetration-testing penetration-testing-tools python3 shodan
Last synced: 12 Jul 2025
https://github.com/shelld3v/flydns
Related subdomains finder
bug-bounty bugbounty hacking infosec network-security osint pentest pentesting recon reconnaissance security subdomains subdomains-discovery
Last synced: 22 Mar 2025
https://github.com/yogsec/social-engineering-tactics
Social Engineering Tactics contains real-world social engineering tactics used for manipulation, persuasion, and deception. Stay aware and stay secure!
bugbounty cyber-security cyber-security-tool cybersecurity cybersecurity-tools ethical-hacking hacking hacking-tools set set-toolkit social-engineering social-engineering-and-phishing-attacks social-engineering-attacks social-engineering-phrases social-engineering-tactics social-engineering-techniques social-engineering-toolkit social-engineering-tools
Last synced: 11 Feb 2026
https://github.com/dr34mhacks/formatify
Formatify is a Burp Suite extension that instantly converts HTTP requests into multiple formats like cURL, Python, PowerShell, and more—saving time and streamlining your workflow. 🚀
bugbounty burp-extensions burpsuite pentest
Last synced: 30 Apr 2026
https://github.com/txuswashere/pentesting
CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...
active-directory audit auditing bugbounty cloudsecurity cyber-security cybersecurity exploiting hacking networksecurity osint pentesting pentesting-tools privilegeescalation purple-team purpleteam resources reversing webpentest webpentesting
Last synced: 18 Feb 2026
https://github.com/BitTheByte/Orkestra
Web-based Android debugger with inspection capabilities using Frida and Jadx as a backbone
android bugbounty bugcrowd debugger decompiler frida hackerone jadx java java-decompiler orkestra
Last synced: 12 Jul 2025
https://github.com/komodoooo/some-things
Scripts, POCs & bullshit
adb-android bugbounty compromised-emails cve-poc cybersec-resources deauthentication-attack dorks network-sniffing scripts shell-shoveling shellcode sqli-scanner ssh-bruteforce ssl-scanner url-crawler utilities xss-payloads youtube-views
Last synced: 24 Apr 2025
https://github.com/melbadry9/WhoEnum
Mass querying whois records
bugbounty enumeration recon whois
Last synced: 12 Jul 2025
https://github.com/BitTheByte/BitTraversal
Burpsuite Plugin to detect Directory Traversal vulnerabilities
bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender java path-traversal traversal web
Last synced: 11 Jul 2025
https://github.com/aldo-moreno-leon/ORtester
Open Redirect scanner - (out of date)
Last synced: 12 Jul 2025
https://github.com/JavierOlmedo/ipdiscover
🔍 A simple tool to obtain long lists of ips from domains using goroutines
bugbounty bughunter domain hacking-tool ip recon
Last synced: 11 Jul 2025
https://github.com/anof-cyber/alphascan
A BurpSuite extension for vulnerability Scanning
application-security appsec bug-bounty bugbounty burp-extensions burpsuite pentesting security security-scanner vulnerability vulnerability-scanners
Last synced: 06 Jul 2025
https://github.com/swanandx/rustywitness
A CLI tool for getting screenshots of URLs using headless chrome
bugbounty cli headless-chrome recon rust web
Last synced: 19 Mar 2025
https://github.com/root4031/clickjack
An efficient tool To Find click jacking vulnerabilities in easiest way with poc
bugbounty clickjacking clickjacking-vulnerability cybersecurity hacking machine1337
Last synced: 09 Oct 2025
https://github.com/ihebski/db
Bugbounty utility to store list of enumerated subdomains into an sqlite3 db [one liner style / Pipe and save]
bugbounty database mini-utility sqlite3 subdomain-enumeration
Last synced: 25 Mar 2025
https://github.com/javierolmedo/ipdiscover
🔍 A simple tool to obtain long lists of ips from domains using goroutines
bugbounty bughunter domain hacking-tool ip recon
Last synced: 11 Mar 2026
https://github.com/proditis/bugbounty-cicd
A set of Gitlab pipelines and Github workflows to automate and ease on BugBounty and Penetration Testing engagements
bugbounty bugbounty-pipeline cybersecurity devsecops devsecops-pipeline gitlab gitlab-ci
Last synced: 23 Jul 2025
https://github.com/VincentDS/HackerOne-Notifier
Send notifications if a new program is published on HackerOne using Pushbullet
bugbounty hackerone notifications pushbullet
Last synced: 11 Jul 2025
https://github.com/elniak/bountydork
BountyDork is a comprehensive tool designed for penetration testers and cybersecurity researchers. It integrates various modules for performing attacks, reporting, and managing VPN/proxy settings, making it an indispensable asset for any security professional.
bugbounty dork dorking google penetration-testing proxy pypy python vpn
Last synced: 30 Apr 2025
https://github.com/0xAkashsky/sub-scout
Simple bash Script to automate initial recon using (httpx, puredns, regulator, wayback, katana, aquatone)
bugbounty cybersecurity infosec infosectools security tools
Last synced: 10 Mar 2025
https://github.com/ucybers/bug-bounty-beginner-roadmap
This is a resource for anyone looking to learn bug hunting and provides guidance during the study and learning phase.
bug bug-bounty bugbounty bugbounty-tool bugs cmd cmdline cyber-security cybersecurity cybersecurity-tool guide hacker linux linux-shell powershell roadmap tutorial tutorials windows
Last synced: 10 Apr 2025
https://github.com/ravro-ir/golang_bug_hunting
Live for Go hackers (bug bounty)
bugbounty clickjacking cors golang live livestream ravro recon vulnerability
Last synced: 13 Oct 2025
https://github.com/vah13/BurpCRLFPlugin
Another plugin for CRLF vulnerability detection
bugbounty burp crlf plugin scanner vulnerability-detection
Last synced: 13 Mar 2025
https://github.com/blackhatethicalhacking/bheh-sub-pwner
This bash script tool, will perform advanced subdomain enumeration, save the results, it will then probe the subdomains into urls, save the results in a separate file, it will then resolve all the subdomains into ip addresses and save the results separately.
bugbounty hacking penetration-testing pentesting subdomain-enumeration subdomain-scanner
Last synced: 04 Apr 2025
https://github.com/ritiksahni/ASN-Eagle
A tool to discover ASN of any host and fetch IP ranges.
api asn asn-eagle automation autonomous bugbounty hacking hackingtools reconaissance reconnaissance scanner vulnerability
Last synced: 11 Jul 2025
https://github.com/randomrobbiebf/phpunit-brute
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
bugbounty cve-2017-9841 phpunit
Last synced: 08 Jul 2025
https://github.com/yee-yore/DorkAgent
🤖 LLM-powered agent for automated Google Dorking in bug hunting & pentesting.
agent aiagent bugbounty dorks google-dorking google-hacking hacking llm osint pentest pentesting
Last synced: 26 Apr 2025
https://github.com/machine1337/sqlscan
A small and an efficient tool to find SQL injection vulnerability in a websites.
automation-framework bugbounty bugbounty-tool hacking machine1337 sql sqli sqlinjection
Last synced: 04 Jul 2025
https://github.com/tuxotron/docker-image-generator
Customized docker images generation toolkit
bugbounty docker infosec pentesting
Last synced: 11 Jul 2025
https://github.com/0xbugatti/400ok
When "403 Forbidden" stands between you and your target, 400OK breaks through with 22 bypass techniques and 4,400+ payloads.
403 403-bypass bugbounty evasion htb offsec oscp oswe pentest pentesting-tools waf-bypass
Last synced: 04 Apr 2026
https://github.com/mastomii/nexss
NeXSS is a modern, self-hosted Blind XSS (Cross-Site Scripting) hunter and callback listener built with Next.js. It helps security researchers and penetration testers discover and validate blind XSS vulnerabilities by capturing detailed information when payloads execute on target systems.
bugbounty bughunting cybersecurity javascript xss
Last synced: 16 Jan 2026
https://github.com/mswell/burnrecon
is a tool to automate and organize reconnaissance operations.
bugbounty mongodb pentesting python recon subdomain-enumeration
Last synced: 26 Jun 2025
https://github.com/thelikes/fuzzmost
all manner of wordlists
bugbounty infosec recon wordlist
Last synced: 13 Mar 2026
https://github.com/umair9747/4ofour
A tech enumeration toolkit focused on 404 Not found pages.
bounty bug-bounty bugbounty cybersecurity cybersecurity-tools ethical-hacking infosec linux osint penetration-testing pentesting recon reconnaissance webappsecurity websec websecurity
Last synced: 10 Oct 2025
https://github.com/xNaughty/BugBountyTips
BugBountyTips en Español
bugbounty bypass ciberseguridad hacking infosec payloads penetration-testing pentesting redteam
Last synced: 11 Jul 2025
https://github.com/ItsIgnacioPortal/hacker-scoper
Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity
Last synced: 11 Jul 2025
https://github.com/umair9747/4oFour
A tech enumeration toolkit focused on 404 Not found pages.
bounty bug-bounty bugbounty cybersecurity cybersecurity-tools ethical-hacking infosec linux osint penetration-testing pentesting recon reconnaissance webappsecurity websec websecurity
Last synced: 30 Oct 2025
https://github.com/gwen001/apk-analyzer
Analyze an APK archive.
android apk bugbounty code-analysis mobile mobile-app pentesting python security-tools
Last synced: 09 May 2025
https://github.com/sam5epi0l/beginner-bug-bounty-automation
Many script that can be modified according to your needs for Information Gathering and Asset discovery in Bug Bounty Hunting (Pull requests are welcome!)
amass bash-script beginner-friendly bug-bounty bugbounty hacking hacking-tools nipe penetration-testing recon reconnaissance starter-kit tor tor-network
Last synced: 13 Jul 2025
https://github.com/anof-cyber/pentest-recon
Web application pentesting recon
bugbounty information-extraction pentesting reconnaissance webapplication webpentest
Last synced: 07 Apr 2025
https://github.com/Anof-cyber/pentest-recon
Web application pentesting recon
bugbounty information-extraction pentesting reconnaissance webapplication webpentest
Last synced: 12 Jul 2025
https://github.com/javanxd/raceocat
Make exploiting race conditions in web applications highly efficient and ease-of-use.
bugbounty race-conditions race-detection racer research-and-development
Last synced: 23 Apr 2025
https://github.com/samirettali/bounty-notes
My bug bounty notes
bounty-notes bug-bounty bug-bounty-recon bug-bounty-tips bugbounty bugbountytips hacking
Last synced: 17 Jan 2026
https://github.com/machine1337/clickjack
An efficient tool To Find click jacking vulnerabilities in easiest way with poc
bugbounty clickjacking clickjacking-vulnerability cybersecurity hacking machine1337
Last synced: 25 Apr 2025
https://github.com/adnanekhan/actionstoctou
Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
Last synced: 14 Apr 2025
https://github.com/ravro-ir/log4shell-looker
log4jshell vulnerability scanner for bug bounty
bugbounty bugs java java-8 log4j log4j2 log4shell logger logging secuurity vulnerabilities vulnerability vulnerability-detection vulnerability-scanners
Last synced: 13 Oct 2025
https://github.com/topscoder/fourohme
FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.
401 401-bypass 403 403-bypass bugbounty bugbountytips bugbountytricks cli http http-headers osint recon
Last synced: 05 May 2025
https://github.com/Naategh/dom-red
Small script to check a list of domains against open redirect vulnerability
bugbounty open-redirect python
Last synced: 02 Apr 2025
https://github.com/AdnaneKhan/ActionsCacheBlasting
Proof-of-concept code for research into GitHub Actions Cache poisoning.
Last synced: 29 Oct 2025
https://github.com/adnanekhan/actionscacheblasting
Proof-of-concept code for research into GitHub Actions Cache poisoning.
Last synced: 14 Apr 2025
https://github.com/angelsecurityteam/framedomain
FrameDomain Framework - subdomains enumeration tool for penetration testers
bug-bounty-program bugbounty framedomain-framework framework information-gathering penetration-testing penetration-testing-framework python3 subdomain-bruteforcing subdomain-enumeration subdomain-finder subdomain-scanner
Last synced: 06 May 2025
https://github.com/anof-cyber/web-recon
Web application recon for bug bounty
bugbounty httprobe linkfinder nmap sublist3r waybackurl
Last synced: 08 Oct 2025
https://github.com/AmoloHT/TTWAF
「🧱」Test a list of payloads and see if you can bypass it
application bugbounty bugbounty-tool bypass firewall lfi payload rce rust sqli test waf xss
Last synced: 10 Mar 2025
https://github.com/johnsaigle/scary-strings
Collection of wordlists containing dangerous function calls in many languages
application-security appsec bug-bounty bugbounty go hacking infosec penetration-testing penetration-testing-tools pentesting php rust security security-tools source-code-analysis static-analysis white-box-testing wordlist wordlists
Last synced: 14 Apr 2025
https://github.com/gwen001/extract-endpoints
Extract endpoints from source files.
bugbounty endpoints pentesting php security-tools urls
Last synced: 09 Mar 2026
https://github.com/mrvcoder/bug-hunting-methodologies
this repo contains some public methodologies which I found from internet (google,telegram,discord,writeups etc..)
bounty bug bugbounty bugbounty-methodology hack hunt information-gathering methodology osint recon reconnaissance
Last synced: 02 Feb 2026
https://github.com/humblelad/Needle
Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
bugbounty bugcrowd chrome-extension hackerone intigriti yeswehack
Last synced: 11 Jul 2025
https://github.com/rix4uni/xsschecker
xsschecker tool checking reflected endpoints finding possible xss vulnerable endpoints.
bugbounty masshuntxss recon reconnaissance vulnerability xss xss-automation xsschecker
Last synced: 15 Apr 2025
https://github.com/p0dalirius/robotsvalidator
A python script to check if URLs are allowed or disallowed by a robots.txt file.
allow bugbounty bypass check disallow robots-txt web
Last synced: 03 Sep 2025
https://github.com/nscuro/fdnssearch
Swiftly search FDNS datasets from Rapid7 Open Data
bugbounty dns fdns golang opendata rapid7 subdomains
Last synced: 11 Jul 2025
https://github.com/gwen001/detectify-cves
Find CVEs that don't have a Detectify modules.
bugbounty cve detectify pentesting scanner security-tools
Last synced: 08 Jul 2025
https://github.com/cosad3s/salsa
SALSA 💃⚡ - SALesforce Scanner for Aura (and beyond). Enumeration of vulnerabilities and misconfigurations against Salesforce endpoint.
bugbounty hacking salesforce security
Last synced: 14 Jul 2025
https://github.com/ImAyrix/er
😁 Easy Regex
bug-bounty bugbounty cli golang regex
Last synced: 10 Mar 2025
https://github.com/incogbyte/laravel-phpunit-rce-masscaner
Masscanner for Laravel phpunit RCE CVE-2017-9841
Last synced: 10 Apr 2025
https://github.com/aufzayed/digit
Extract endpoints from specific Git repository for fuzzing
bugbounty bugbounty-tool bugbountytips cybersecurity hacking hacking-tool hacking-tools infosec pentest pentest-scripts pentest-tool pentesting pentesting-tools recon
Last synced: 11 Jul 2025
https://github.com/d3mondev/crossjoin
Generate a cross join, also known as a Cartesian product, from the lines of the specified files. This process is useful for creating fuzzing payloads.
bug-bounty bugbounty bugbounty-tool bugbounty-tools cartesian-product cross-join crossjoin fuzzer fuzzing hacking hacking-tool penetration-testing penetration-testing-tools permutation
Last synced: 03 May 2025
https://github.com/si9int/gDork
A Mozilla Firefox extension which allows quick access to your google-dorking result
bugbounty dorking reconnaissance
Last synced: 11 Jul 2025
https://github.com/sec-it/BFAC-Burp-Extension
Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)
backup-files bugbounty burp-extensions burpsuite pentest recon
Last synced: 11 Jul 2025
https://github.com/machine1337/hackguard
FAST WEB APPLICATION VULNERABILITY SCANNER written in python3
bugbounty cybersecurity hacking machine1337 penetration sql-injection vulnerability-detection vulnerability-scanners web-application-fr web-application-scan web-scanning
Last synced: 25 Apr 2025
https://github.com/Bhagavan-Bollina/BugBounty-Dorks
Highly recommended dorks for bug bounty
bug-bounty-dorks bugbounty dorks recon
Last synced: 11 Jul 2025
https://github.com/thelikes/fuzznav
parse ffuf & map endpoints to wordlists
bugbounty directory-fuzzing discovered-endpoints ffuf hacking multiple-wordlists offensive-security pentesting
Last synced: 14 Dec 2025
https://github.com/mrvcoder/cloud_data
Get some useful data from Clouds for your targets
apex-domains bug-bounty bugbounty cloud cname domain ipv4 osint osint-tool recon reconnaissance subdomain subdomain-enumeration subdomain-finder subdomain-scanner
Last synced: 10 Apr 2025
https://github.com/Proviesec/Proviesec-Bug-Bounty-Dorking-Site-PBBDS
This page should help you with the recon for security issues.
Last synced: 10 Mar 2025
https://github.com/mrcl0wnlab/simplereconsubdomain
This is very basic automated recon script tool.
bugbounty hacking hacking-tool python recon
Last synced: 01 Aug 2025
https://github.com/p0dalirius/crawlersuseragents
Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
bugbounty crawler crawlers pentest request tool user-agent web
Last synced: 03 Sep 2025
https://github.com/kunshdeep2812/reco
Recon tool for pen-tester's
bugbounty cidr-range hacking pentester recon reconnaissance scanner screenshots subdomain vhost vhost-finder web-security websocket
Last synced: 10 Mar 2025
