Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security, penetration-testing, pentesting, pentest,
- Aliases: bug-bounty,
- Last updated: 2026-06-19 00:04:40 UTC
- JSON Representation
https://github.com/spoofimei/ssb
ssb=simple subdomain bruteforcer
anonymous-credentials attack-surface bruteforce-password-cracker bugbounty dns enumeration file-discovery ftp hacking hacking-tool http-methods pentesting python3 rpcbind service-discovery smb smb2 ssh-bruteforce subdomain-scanner telnet-hacking
Last synced: 20 Mar 2025
https://github.com/machine1337/reverse-shells
This tool will help in generating reverse shells easily for all types of OS.
bugbounty fastest-shells hacking machine1337 onelinershells pentesting phpshell phpshells quickshells reverse-shell windows-shells
Last synced: 25 Apr 2025
https://github.com/aw-junaid/kali-linux
A guide to using Kali Linux tools for web penetration testing, ethical hacking, forensics, and bug bounty. Covers setup, key tools, methodologies, and best practices. Optimized for security professionals.
bugbounty ethical-hacking exploitation forensics hacking-tools kali-linux nmap osint-tool penetrationtesting phishing python3 social-engineering ssh ssl wifi-hacking wireshark
Last synced: 27 Oct 2025
https://github.com/roys/norske-bug-bounty-program
List over kjente norske bug bounty-program 🇳🇴
Last synced: 05 Apr 2026
https://github.com/alexfrancow/isoc
:bar_chart: Deploy an "illegal" SOC to manage vulnerabilities on your city servers in minutes.
blue-team bugbounty bugbounty-tool cybersecurity docker docker-compose elasticsearch elk kibana mongodb openvas python3 red-team security-operations siem vulnerability-detection w3af zabbix
Last synced: 09 Jul 2025
https://github.com/blackhatethicalhacking/blackhatethicalhacking
Who We Are
bugbounty courses hacking hacking-tools offensive-security pentesting redteam socialengineering
Last synced: 09 Apr 2025
https://github.com/zishanadthandar/writeups
CTF and Bug Bounty Hunting WriteUps.
activedirectory activedirectorysecurity bufferoverflow bugbounty bugbounty-writeups capture-the-flag ctf ctf-challenges ctf-tools ctf-writeups cybersecurity ethical-hacking ethicalhacking linux pentesting pentesting-tool pentesting-tools privilegeescalation webexploitation windows
Last synced: 12 Jul 2025
https://github.com/varppi/ssb
ssb=simple subdomain bruteforcer
anonymous-credentials attack-surface bruteforce-password-cracker bugbounty dns enumeration file-discovery ftp hacking hacking-tool http-methods pentesting python3 rpcbind service-discovery smb smb2 ssh-bruteforce subdomain-scanner telnet-hacking
Last synced: 23 Aug 2025
https://github.com/manuelberrueta/urlyzer
urlyzer is a URL parsing analysis tool.
application-security applicationsecurity appsec appsec-tools blueteam blueteam-tools bugbounty dfir offensivesecurity pentesting redteam redteam-tools redteaming security security-automation security-tools url url-parsing urls web-security
Last synced: 23 Jun 2025
https://github.com/0ss/byp4ss3r
tool to bypass 403/401 pages ( helpful for bug hunting)
Last synced: 12 Jul 2025
https://github.com/MindPatch/pmg
Extract parameters/paths from urls
bugbounty bugbounty-tool bughunting python regex security
Last synced: 11 Jul 2025
https://github.com/pdelteil/HackerOneAPIClient
This project is a bash client to use HackerOne's API.
bugbounty bugbountyhunting hackerone
Last synced: 03 May 2025
https://github.com/machine1337/fast-scan
An Advanced tool to scan hundreds of IP's in Seconds for CVE's, Open Ports And Web Technologies.
bugbounty cve-scanning hacking ipscanner kali-linux machine1337 portscanner serverinfo webscanner
Last synced: 02 Jul 2025
https://github.com/ElSicarius/findalllinks
A tool to extract all the urls and paths found in the content of a page (js sources included)
bugbounty extension javascript linkfinder
Last synced: 11 Jul 2025
https://github.com/koukyosyumei/zkfuzz
ZK Circuit Fuzzer
bugbounty circom fuzzing zero-knowledge
Last synced: 18 Jun 2025
https://github.com/6mile/gimmepatz
Personal Access Token (PAT) recon tool for bug bounty hunters, pentesters & red teams
bug-bounty-tools bugbounty penetration-testing penetration-testing-tools redteam redteam-tools
Last synced: 07 Oct 2025
https://github.com/rodolfomarianocy/asnpepper
ASNPepper - Recon in ASN - Extracting CIDR's - Fast and efficient scanning
asn bgp bugbounty hacking information-gathering pentest pentesting reconnaissance tips tricks
Last synced: 13 May 2025
https://github.com/mordavid/externalattacker-mcp
A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.
bug-bounty bugbounty bugbounty-tool dnsx externalattacker gobuster httpx mcp mcp-server nuclei nuclei-templates projectdiscovery tlsx
Last synced: 13 Apr 2025
https://github.com/stackoverflowexcept1on/how-to-hack-github-actions
How to hack Github Actions if you're smart enough ($500 bug bounty)
bugbounty cpp20 hackerone-reports hacking
Last synced: 06 Jun 2026
https://github.com/rix4uni/resolvers
List of Fresh DNS resolvers updates every 1 hour
bug-bounty bugbounty bugbountytips dns hacking infosec network osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance resolver resolvers security security-tools threat-intelligence
Last synced: 07 Feb 2026
https://github.com/whomrx666/xbughunting
This is a tool for bug hunters
bugbounty bughunter bughunting hacking hacking-tool information-gathering information-gathering-tools kali-linux linux termux xbughunting
Last synced: 27 Apr 2025
https://github.com/lekssays/kibanarec
A Tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations for Bug Bounty.
bugbounty kibana recon reconnaissance
Last synced: 25 Apr 2025
https://github.com/pkgforge-security/Wordlists
[Custom || Automated] Curation & Collection of BugBounty Wordlists
bug-bounty bugbounty content-discovery feroxbuster ffuf fuzzing gobuster vhost wordlist wordlists
Last synced: 29 Sep 2025
https://github.com/mindpatch/pmg
Extract parameters/paths from urls
bugbounty bugbounty-tool bughunting python regex security
Last synced: 12 Jul 2025
https://github.com/3nock/ote-templates
Community curated list of templates for the OSINT template engine.
attack-surfaces bugbounty fingerprinting osint recon security templates
Last synced: 09 Feb 2026
https://github.com/mathis2001/cert4recon
Simple passive Python Recon tool for subdomains enumeration with crt.sh
bugbounty crt-sh information-gathering osint recon subdomain-enumeration
Last synced: 27 Apr 2025
https://github.com/leakix/leakixclient-python
Python Client to LeakIX API
attack-surface-management bounty bugbounty hacktoberfest infosec leakix osint python redteam security vulnerability
Last synced: 20 Jun 2025
https://github.com/gwen001/gitgrep
Webapp to perform regexp search over GitHub search.
bugbounty git github pentesting php private regexp secrets security-tools
Last synced: 09 May 2025
https://github.com/rix4uni/subdog
subdog is a subdomain enumeration tools, this tool collect number of different sources to create a list of root subdomains
bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools subdomain subdomain-enumeration threat-intelligence wayback-machine
Last synced: 15 Apr 2025
https://github.com/Lekssays/kibanarec
A Tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations for Bug Bounty.
bugbounty kibana recon reconnaissance
Last synced: 10 Mar 2025
https://github.com/hueristiq/hqurlscann3r
A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes
bugbounty bypass-403 go golang
Last synced: 10 Apr 2025
https://github.com/exploitworks/desyncdiver
A tool for detecting HTTP Request Smuggling vulnerabilities
bash-script bugbounty ctf-tools cybersecurity desynchronization hacking-tool http-desync http-request-smuggling http-security penetration-testing pentesting protocol protocol-attack request-smuggling security-testing vulnerability-scanners web-application-security web-security
Last synced: 12 Apr 2025
https://github.com/macmod/namescraper
A Selenium scraper for public domain search tools.
bug-bounty bugbounty dns dnsrecon domain osint pentest reconnaissance scraper security security-tools securitytrails selenium subdomain subdomain-enumeration viewdns whoisxmlapi
Last synced: 12 Jul 2025
https://github.com/r3k4t/onionnux
Onionnux is a onionsite(DEEPNET/DARKNET) tool.It can help to idenitfy onionsite is active or onionsite server name.
bugbounty forensics-investigations onion-routing python-pyfiglet python-requests security-analysis security-audit security-research socks5-proxy software-engineering website-vulnerability
Last synced: 22 Aug 2025
https://github.com/demon1a/zzl
Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges
bugbounty hacking recon reconnaissance zzl
Last synced: 02 Apr 2025
https://github.com/machine1337/open-redirector
A small and efficient tool to find open redirect vulnerabilities.
bugbounty hacking machine1337 openredirect-scanner vulnerabilities
Last synced: 28 Aug 2025
https://github.com/zpettry/boxer
Boxer: A fast directory bruteforce tool written in Python with concurrency.
bruteforce bugbounty directory hacking hacking-tool penetration-testing pentesting python
Last synced: 25 Apr 2025
https://github.com/topscoder/nuclei-zero-day
This repository contains random Nuclei templates I've created. Most of them based on recent security issues and exploits.
bugbounty infosec nuclei nuclei-templates security
Last synced: 06 Mar 2026
https://github.com/h33tlit/Parameter-Reflect-Finder
Parameter-Reflect-Finder is a python based tool that helps you find reflected parameters which can have potential XSS or Open redirection vulnerabilities.
bug-bounty bugbounty open-redirect open-redirect-detection parameter-search reflector scanner scraper xss xss-detection xss-scanner
Last synced: 12 Jul 2025
https://github.com/j3ssie/str-replace
Simple tools to handle string and generate subdomain permutations
bugbounty hacking infosec pentesting permutations recon subdomain
Last synced: 08 Mar 2026
https://github.com/gwen001/gitpillage
Extract data from a .git directory.
bugbounty endpoints git github pentesting python secrets security-tools urls
Last synced: 09 Oct 2025
https://github.com/umair9747/archer
A tool to check for response status codes with ease
bounty bounty-hunting-tools bug-bounty bugbounty bugbounty-tool bugbountytips ethical-hacking hacking hacktoberfest linux penetration-test penetration-testing penetration-testing-framework penetration-testing-tools pentest pentesting recon reconnaissance webapp webapp-security
Last synced: 15 May 2025
https://github.com/random-robbie/yahoo-bug-bounty
List of hosts from yahoo.com
bugbounty recon yahoo yahoo-bug-bounty
Last synced: 13 Feb 2026
https://github.com/AdnaneKhan/ActionsTOCTOU
Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
Last synced: 28 Sep 2025
https://github.com/ehsaanqazi/Bug-Bounty
Resources and Guides for Web Application Vulnerabilities
bugbounty cybersecurity information-security webapplicationsecurity
Last synced: 11 Jul 2025
https://github.com/mrvcoder/getasn
🌐 Get Some Useful Info From Domain/IP/ASN 🔥
asn-lookup bgpview bugbounty cdn cdn-check cidr cli domain information-gathering osint recon reconnaissance
Last synced: 10 Apr 2025
https://github.com/momenbasel/pyrobots
a tool that gets all paths at robots.txt and opens it in the browser.
bugbounty penetration-testing pentesting python python3 robots-txt
Last synced: 28 Oct 2025
https://github.com/random-robbie/s3-listable
S3 Buckets that will let you list all files inside them
aws aws-s3 bugbounty s3-bucket s3-storage
Last synced: 21 Apr 2025
https://github.com/cosad3s/njsdump
Dump paths & pages from Next.js Manifest
bugbounty nextjs recon security
Last synced: 14 Oct 2025
https://github.com/0xpugal/bugbounty_profile
Automate bug bounty recon using bash alias
bash bash-alias bash-profile bugbounty recon reconnaissance
Last synced: 05 Oct 2025
https://github.com/mathis2001/ParamChanger
ParamChanger is a tool allowing you to replace the parameters of a list of urls by a payload entered as an argument
Last synced: 10 Mar 2025
https://github.com/robotshell/robotscraper
RobotScraper is a simple tool written in Python to check each of the paths found in the robots.txt file and what HTTP response code they return.
bounty-hunting-tools bugbounty hacking infosec python robots scraper tool
Last synced: 09 Nov 2025
https://github.com/rix4uni/socialfinder
Hunt down social media accounts by username across social networks using httpx
bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence
Last synced: 19 Feb 2026
https://github.com/enenumxela/ps.sh
A bash script that automates the process of service discovery on specified target hosts. The aim of the scripts is reducing scan time, increasing scan efficiency and automating the workflow.
bashscript bashscripting bug-bounty bugbounty bugbounty-tool enumeration masscan naabu netwok-mapping nmap open-port-check open-port-check-script penetration-testing penetration-testing-tools pentesting port-scaning recon reconnaissance service-discovery
Last synced: 10 Apr 2025
https://github.com/mathis2001/paramchanger
ParamChanger is a tool allowing you to replace the parameters of a list of urls by a payload entered as an argument
Last synced: 27 Apr 2025
https://github.com/machine1337/admin-finder
A small tool to find admin panel of the website
admin admin-dashboard adminpanel adminpanelfinder bugbounty hacking machine1337
Last synced: 25 Apr 2025
https://github.com/gwen001/dnsexpire
Test domain expiration dates.
bugbounty dns domains pentesting php python security-tools subdomains
Last synced: 09 May 2025
https://github.com/rix4uni/pyxss
Simple XSS vulnerability checker tool very useful with xsschecker.
bugbounty masshuntxss recon reconnaissance vulnerability xss xss-automation xsschecker xssvalidator
Last synced: 21 Nov 2025
https://github.com/dotnetrussell/shinobishell
An experimental shell that handles file exfiltration, exploit injection and various other obnoxious tasks.
bug-bounty bugbounty hacking hacking-tool info-sec information-security infosec infosectools linux penetration-testing penetration-testing-tools python python3 redteam shell
Last synced: 18 Apr 2026
https://github.com/rix4uni/gitxpose
Discover GitHub repositories and hunt for leaked credentials with style
bugbounty enumeration github-osint github-repository-search github-user-search osint penetration-testing penetration-testing-tools pentesting pentesting-tools recon reconnaissance security
Last synced: 01 Mar 2026
https://github.com/recon-tools/domain-recon-rs
Discover domain names based on SSL certificates.
bugbounty dns reconnaissance rust-lang
Last synced: 16 Jan 2026
https://github.com/0xcrypto/takeover
A script to test for subdomain takeovers from a list of domains
bugbounty hacking subdomain-takeover
Last synced: 14 Jan 2026
https://github.com/terjanq/xss-challenge-solutions
This repository is an interactive collection of my solutions to various XSS challenges.
bugbounty ctf-challenges ctf-writeups javascript xss-challenges
Last synced: 05 May 2025
https://github.com/Traumatism/raycharles
Blind RCE fuzzer
bugbounty command-injection fuzz fuzzer fuzzing hacking injection pwn rce remote-code-execution
Last synced: 10 Mar 2025
https://github.com/rix4uni/tldscan
A high-performance domain scanner that discovers active domains by testing multiple Top-Level Domains (TLDs) for given domain names.
bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence tldfinder tldscanner
Last synced: 20 Apr 2026
https://github.com/SecShiv/TextFilterFuzzer
TextFilterFuzzer For Directory Fuzzing - filter for (e.g, Not Found, 404, Not Accepted)
bugbounty contentdiscovery directory-bruteforce python3
Last synced: 01 May 2025
https://github.com/mathis2001/files-upload
Some useful files for upload features pentesting
bugbounty file-upload pentest pentesting php svg webshell
Last synced: 16 Aug 2025
https://github.com/9oelm/atm
A set of AuToMation scripts for hacking.
automation bugbounty hacking infosec script web-hacking
Last synced: 07 May 2025
https://github.com/chocapikk/cve-2023-51467
Apache OfBiz Auth Bypass Scanner for CVE-2023-51467
apache-ofbiz auth-bypass bugbounty cve-2023-51467 cybersecurity ethical-hacking exploit infosec open-source-security patch-management penetration-testing security-automation security-tools vulnerability-detection vulnerability-scanner
Last synced: 29 Jul 2025
https://github.com/freyxfi/bugrecon
An automated bug hunting tool for comprehensive reconnaissance, including subdomain enumeration, port scanning, vulnerability detection, and report generation.
bugbounty bugbounty-tool bugbountytips bughunting hacktoberfest hacktoberfest-accepted hacktoberfest2024 recon reconnaissance
Last synced: 11 Sep 2025
https://github.com/DEMON1A/Blinder
A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers
automation blinder bugbounty bugbounty-tool python3 ssti tool xss xsshunter
Last synced: 12 Jul 2025
https://github.com/SecShiv/HackBot
A simple hackingbot for terminal usage (Able to learn and adapt from users).
ai bugbounty bugbountytools chatgpt chatgpt4 hacker hacking machine-learning mistral pentest pentesting pentesting-tools python python3 securityresearch securityresearchers simple-project wormgpt
Last synced: 01 May 2025
https://github.com/machine1337/lfiscan
A small and fast bash script to automate LFI vulnerability.
bugbounty hacking lfi lfi-exploitation machine1337 shell
Last synced: 20 Jul 2025
https://github.com/shriyanss/subdomains_wordlist
Subdomains wordlist generted from subdomains of public bug bounty programs
bugbounty cybersecurity osint redteam subdomain-enumeration subdomains wordlist
Last synced: 18 Jan 2026
https://github.com/robotshell/robotScraper
RobotScraper is a simple tool written in Python to check each of the paths found in the robots.txt file and what HTTP response code they return.
bounty-hunting-tools bugbounty hacking infosec python robots scraper tool
Last synced: 12 Jul 2025
https://github.com/demon1a/blinder
A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers
automation blinder bugbounty bugbounty-tool python3 ssti tool xss xsshunter
Last synced: 02 Apr 2025
https://github.com/pkgforge/bincache
📦 The Largest Collection of Pre-Compiled Linux Static Binaries for Soar: The Modern, Bloat-Free Distro-Independent Package Manager
aarch64 binary bug-bounty bugbounty executable hacking linux musl package package-manager pentest-tool pre-compiled soar soarpkgs static static-binary static-linking statically-linked tools x86-64
Last synced: 10 Sep 2025
https://github.com/crypticq/DNS_Enumerator
bugbounty cybersecurity hacking networking pentest-tool pentesting subdomain-enumeration
Last synced: 10 Mar 2025
https://github.com/0xtavian/get_acquisitions.py
Supply a domain to retrieve acquisitions details.
bugbounty bugcrowd hackerone hacking recon reconnaissance
Last synced: 10 Oct 2025
https://github.com/kingcoolvikas/30-Days-Of-Hacking
Hello Guys, Im doing a challenge "30 Days of Hacking". I will learn something everyday and whatever i learn i will post it here for the next 30 Days Continuously.
30dayscodechallenge 30dayshacking bugbounty challenge hacking infosec
Last synced: 10 Mar 2025
https://github.com/root4loot/recrawl
A web crawler written in Go
bugbounty crawler discovery enumeration go golang recon reconnaissance web
Last synced: 11 Oct 2025
https://github.com/fasalmbt/reconme
Recon tool
automation bugbounty recon recontool
Last synced: 11 Jul 2025
https://github.com/Markdown-Bug-Bounty-Recon/Markdown-Bug-Bounty-Recon
A recon Framework for Bug Bounty Hunters that would convert the output of a script into Markdown syntax document, which would help them to make better notes, have everything in one document, or concentrating on one domain.md document.
bug-bounty bugbounty security security-tools
Last synced: 12 Jul 2025
https://github.com/adeadfed/pwnfox-for-chromium
A BurpSuite extension that allows you to use Chromium with PwnFox
bugbounty burpsuite chromium hacking webhacking
Last synced: 09 Apr 2025
https://github.com/meomundep/ton-church
Auto do tasks, farm, open boxes, buy items, bug points, withdraw ton. [FOR SALE]
airdrop airdrop-claim-bot airdrop-farm airdrop-free airdrops-bot airdrops-tools bugbounty dedust gems meomundep nft telegram ton tonchurch tongem
Last synced: 27 Jan 2026
https://github.com/rix4uni/pvreplace
Accept URLs on stdin, replace all query string values with a user-supplied value
bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence
Last synced: 15 Apr 2025
https://github.com/lucasmartinelle/AnotherVulnerableWebApp
bugbounty dvwa php7 security training vulnerabilities vulnerable web
Last synced: 11 Jul 2025
https://github.com/cosad3s/sonarleaks
Digging into private data through Sonarcloud public projects
bugbounty hacking osint sonarqube
Last synced: 10 Oct 2025
https://github.com/darklotuskdb/goscf
Session Cookie Finder
bugbounty go golang hacking-tool infosec kalilinux tool
Last synced: 14 Jan 2026
https://github.com/gwen001/shottheworld
PHP tool that takes screenshots of a given ips/ports combo list and then try to guess the service.
bugbounty ips pentesting php ports security-tools socket
Last synced: 19 Jul 2025
https://github.com/progprnv/scope
SCOPE [Shadow Cache Observation, Poisoning & Evaluation] is a powerful tool designed to help you find and test vulnerabilities in subdomains that might be exposed to cache poisoning attacks. If a website isn't properly handling cache, it could lead to security issues where malicious content gets stored and served to users.
automation bugbounty bugbounty-tool cache-scanner cybersecurity ethical-hacking penetration-testing penetration-testing-tools pentest pentesting scanner vapt vulnerability-detection vulnerability-scanners
Last synced: 17 Jan 2026
https://github.com/austinsonger/penteststack
Penetration Testing Stack
auditing backdoor bugbounty ddos dorking evasion exploitation firewall hacking osint penetration-testing penetration-testing-framework penetration-testing-tools
Last synced: 30 Jan 2026
https://github.com/momenbasel/liffier
tired of manually add dot-dot-slash to your possible path traversal? this short snippet will increment ../ on the URL.
bugbounty python python3 vulnerability-scanners
Last synced: 28 Oct 2025
https://github.com/drdataye/drdir
DrDir is a powerful tool for scanning web paths, identifying directories and files on web servers.
bug bug-bounty bugbounty dirb kali-linux nmap parrot scan scanner termux termux-tool web
Last synced: 03 Feb 2026
