Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/R0X4R/D4rkXSS

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

bugbounty bughunter bughunting ethical-hacking hacking javascript xss-exploitation xss-filter xss-vulnerability

Last synced: 21 Nov 2024

https://github.com/oliverwiegers/pentest_lab

Local penetration testing lab using docker-compose.

bug-bounty bugbounty docker docker-compose penetration-testing pentest

Last synced: 10 Nov 2024

https://github.com/yevh/vulnplanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 28 Jan 2025

https://github.com/EasyRecon/Hunt3r

Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework

bugbounty reconnaissance subdomains

Last synced: 16 Nov 2024

https://github.com/gwen001/dataextractor

A Burp Suite extension to extract datas from source code while browsing.

bugbounty burpsuite pentesting private python secrets security-tools

Last synced: 19 Dec 2024

https://github.com/yevh/VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 31 Dec 2024

https://github.com/RossGeerlings/webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

attack-surface bugbounty bugbounty-tool cybersecurity footprinting information-gathering infosec pentest-scripts pentest-tools pentesting pentesting-tools recon reconnaissance security security-tools

Last synced: 21 Nov 2024

https://github.com/ehrishirajsharma/swiftness

A note-taking macOS app for penetration-testers.

bugbounty macos security-tools vulnerability-management

Last synced: 02 Dec 2024

https://github.com/ihebski/XSS-Payloads

Collection of XSS Payloads for fun and profit

bugbounty bughunter javascript payloads pentesting xss-exploitation xss-payloads

Last synced: 18 Jan 2025

https://github.com/xer0times/SQLi-Query-Tampering

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

bug-bounty bugbounty bughunting burp-extensions burp-plugin burpsuite burpsuite-pro evasion payload-generator pentesting pentesting-tools sqli sqlinjection

Last synced: 02 Jan 2025

https://github.com/m0nad/dns-discovery

DNS-Discovery is a multithreaded subdomain bruteforcer.

bugbounty c dns multithreading network network-analysis security security-tools

Last synced: 15 Nov 2024

https://github.com/ksharinarayanan/SourceWolf

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

automation broken-link-hijacking bugbounty fuzzing osint reconnaissance wordlist

Last synced: 09 Nov 2024

https://github.com/azathothas/toolpacks

📦 Largest Collection of Multi-Platform (Android|Linux|Windows) Pre-Compiled (+ UPXed) Static Binaries (incl. Build Scripts) :: https://bin.ajam.dev

aarch64 android arm64 binary bug-bounty bugbounty executable golang linux musl pentest-tool pre-compiled rust static static-binary statically-linked tools upx windows x86-64

Last synced: 02 Feb 2025

https://github.com/michaelstott/crlf-injection-scanner

Command line tool for testing CRLF injection on a list of domains.

bugbounty cli crlf fuzzer fuzzing security-vulnerability

Last synced: 01 Nov 2024

https://github.com/j3ssie/goverview

goverview - Get an overview of the list of URLs

browser bugbounty chromedp favicon favicon-generator infosec recon screenshot security

Last synced: 03 Jan 2025

https://github.com/MichaelStott/CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

bugbounty cli crlf fuzzer fuzzing security-vulnerability

Last synced: 24 Oct 2024

https://github.com/Anof-cyber/ParaForge

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

bug-bounty bugbounty burp-extensions burpsuite cybersecurity pentesting pentesting-tools python

Last synced: 18 Nov 2024

https://github.com/0xTeles/jsleak

a Go code to detect leaks in JS files via regex patterns

bugbounty golang scanner security

Last synced: 21 Nov 2024

https://github.com/rotemreiss/uddup

Urls de-duplication tool for better recon.

bugbounty recon reconnaissance url url-parsing

Last synced: 21 Nov 2024

https://github.com/anof-cyber/paraforge

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

bug-bounty bugbounty burp-extensions burpsuite cybersecurity pentesting pentesting-tools python

Last synced: 06 Nov 2024

https://github.com/IamLucif3r/Bug-Hunting

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

bug bug-bounty bug-bounty-hunters bug-bounty-reconnaissance bug-bounty-tips bug-hunting bug-reporting bugbounty bugreport methodologies

Last synced: 17 Nov 2024

https://github.com/kh4sh3i/smartrecon

smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter

bug-bounty-automation bugbounty dnsgen eyewitness feroxbuster hackerone hacking httprobe httpx massdns penetration-testing pentest pentest-scripts recon reconnaissance redteam shuffledns sqlmap subfinder tools

Last synced: 07 Nov 2024

https://github.com/noraj/bb-legal-fr

Quelques conseils autour des obligations légales, fiscales et juridique pour la pratique du Bug Bounty en France

bug-bounty bugbounty fiscal juridical legal

Last synced: 28 Dec 2024

https://github.com/blackhatethicalhacking/xssrocket

XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.

bugbounty cybersecurity hacking infosec offensive penetration-testing pentesting xss xss-attacks xss-detection xss-exploitation xss-scanner xss-vulnerability

Last synced: 02 Feb 2025

https://github.com/SKVNDR/FastDork

⚡Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...

bugbounty bugcrowd chrome cybersecurity dork extension fastdork google hackerone intigriti pentest-tool

Last synced: 21 Nov 2024

https://github.com/0xdekster/deksterecon

Web Application recon automation

automation bugbounty recon security-tools whitehat-tools

Last synced: 21 Nov 2024

https://github.com/p0dalirius/ldap2json

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

active-directory analysis bugbounty export json ldap pentesting

Last synced: 03 Feb 2025

https://github.com/0xAwali/Blind-SSRF

Nuclei Templates to reproduce Cracking the lens's Research

blindssrf bugbounty nuclei nuclei-templates ssrf web-security

Last synced: 21 Nov 2024

https://github.com/aydinnyunus/PassDetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

bash bugbounty bugbounty-tool bugbountytips golang hacking kali kali-linux kali-linux-hacking linux red-team security security-tools shell shell-script zsh

Last synced: 05 Nov 2024

https://github.com/aydinnyunus/passdetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

bash bugbounty bugbounty-tool bugbountytips golang hacking kali kali-linux kali-linux-hacking linux red-team security security-tools shell shell-script zsh

Last synced: 22 Dec 2024

https://github.com/blackhatethicalhacking/ssrfpwned

Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

bugbounty hacking redteam ssrf ssrf-tool

Last synced: 03 Feb 2025

https://github.com/Escape-Technologies/graphinder

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

bugbounty finder graphql osint reconnaissance security spider subdomain-enumeration subdomain-scanner

Last synced: 02 Nov 2024

https://github.com/jcsec-security/solidity-security-course-resources

Course material about common vulnerabilities, security and audits of Solidity smart contracts that I use during my lectures

audit beginner bug bugbounty contract ethereum evm security smart smart-contracts smartcontract solidity vulnerabilities

Last synced: 09 Nov 2024

https://github.com/belane/cloudhunter

AWS, Azure, Alibaba and Google bucket scanner

alibaba aws azure bucket bugbounty fuzzer google-cloud security-tools

Last synced: 18 Nov 2024

https://github.com/blackhatethicalhacking/XSSRocket

XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.

bugbounty cybersecurity hacking infosec offensive penetration-testing pentesting xss xss-attacks xss-detection xss-exploitation xss-scanner xss-vulnerability

Last synced: 25 Nov 2024

https://github.com/ghsec/ghsec-jaeles-signatures

Signatures for jaeles scanner by @j3ssie

bugbounty security

Last synced: 21 Nov 2024

https://github.com/sule01u/AutorizePro

🧿 AutorizePro是一款越权检测 Burp 插件,通过增加AI分析模块 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding AI analysis modules, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.

ai authorization bounty-hunters bounty-hunting-tools broken-access-control bugbounty burp-extensions burpsuite llm pentest-tool pentesting sdlc-tools security-tools unauthorized unauthorized-access-tool vulnerability-detection

Last synced: 12 Dec 2024

https://github.com/victoni/Bug-Bounty-Scripts

The scripts I write to help me on my bug bounty hunting

bug-bounty bugbounty hacking

Last synced: 18 Jan 2025

https://github.com/DonatoReis/Secbuild

An automation tool to install the most popular tools for bug bounty or pentesting.

automation blueteam bugbounty hacker installer pentest pentesting recon reconnaissance redteam

Last synced: 28 Nov 2024

https://github.com/hahwul/regexpassive

🔭 Collection of regexp pattern for security passive scanning

bugbounty collection hacking passive-scan passive-vulnerability-scanner patterns regex regexp security

Last synced: 12 Dec 2024

https://github.com/Anof-cyber/Pentest-Mapper

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

appsec bugbounty burp burp-extensions burp-plugin burpsuite burpsuite-extender burpsuite-tools infosec pentesting

Last synced: 18 Nov 2024

https://github.com/anof-cyber/pentest-mapper

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

appsec bugbounty burp burp-extensions burp-plugin burpsuite burpsuite-extender burpsuite-tools infosec pentesting

Last synced: 06 Nov 2024

https://github.com/belane/CloudHunter

AWS, Azure, Alibaba and Google bucket scanner

alibaba aws azure bucket bugbounty fuzzer google-cloud security-tools

Last synced: 05 Nov 2024

https://github.com/BitTheByte/Eagle

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

bugbounty bugcrowd cve ftp hackerone hacking python ssrf takeover xss

Last synced: 03 Nov 2024

https://github.com/lissy93/bug-bounties

⚔️ A compiled list of companies who have active programs for responsible disclosure

bugbounty security

Last synced: 04 Feb 2025

https://github.com/random-robbie/aws-scanner

Scans a list of websites for Cloudfront or S3 Buckets

aws-s3 aws-scanner bugbounty s3-bucket vunerable-devices

Last synced: 09 Nov 2024

https://github.com/eslam3kl/crtfinder

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

bugbounty crt penetration-testing python

Last synced: 06 Nov 2024

https://github.com/r0x4r/bhedak

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

bash-script bugbounty python-regex python3 regex sed

Last synced: 19 Dec 2024

https://github.com/random-robbie/AWS-Scanner

Scans a list of websites for Cloudfront or S3 Buckets

aws-s3 aws-scanner bugbounty s3-bucket vunerable-devices

Last synced: 21 Nov 2024

https://github.com/Fadavvi/Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

bug-bounty bugbounty recon reconnaissance red-team red-teaming subdomain subdomain-brute subdomain-bruteforcing subdomain-enumeration subdomain-finder web-recon web-reconnaissance

Last synced: 21 Nov 2024

https://github.com/hahwul/mzap

⚡️ Multiple target ZAP Scanning

bugbounty dast hacking security zaproxy zaproxy-automation

Last synced: 01 Nov 2024

https://github.com/joshkar/X-Recon

A utility for detecting webpage inputs and conducting XSS scans.

bugbounty bughunting hunt xss xss-scanner xssscan

Last synced: 09 Nov 2024

https://github.com/hahwul/hack-pet

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

bugbounty bugbountytips command-line-manager go golang hacking pet snippets tool

Last synced: 31 Dec 2024

https://github.com/rishuranjanofficial/JWTweak

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

application-security appsec authentication authorization automation bugbounty jwt jwt-algorithm jwt-algorithm-confusion-attack jwt-tokens pentesting python security-enthusiasts vulnerability-assessment

Last synced: 21 Nov 2024

https://github.com/R0X4R/bhedak

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

bash-script bugbounty python-regex python3 regex sed

Last synced: 21 Nov 2024

https://github.com/kostas-pa/LFITester

LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.

bugbounty crawler cybersecurity enumeration exploitation fuzzing hacking lfi lfi-detection lfi-exploitation lfi-vulnerability penetration-testing penetration-testing-tools pentest-tool pentesting python web-hacking webhacking

Last synced: 21 Nov 2024

https://github.com/htrgouvea/spellbook

Framework for rapid development of offensive security tools

bugbounty ctf exploit framework offensive-security pentest perl security security-tools

Last synced: 30 Dec 2024

https://github.com/Zarcolio/wwwordlist

Wwwordlist is a wordlist generator for pentesters and bug bounty hunters. It extracts words from HTML, URLs, JS/HTTP/input variables, quoted texts in the text and mail files in order to generate wordlists.

bruteforce bugbounty ctf hacking infosec penetration-testing pentest pentesting python3 wordlist wordlist-generator wordlists

Last synced: 21 Nov 2024

https://github.com/BugBountyResources/targets

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

bugbounty cybersecurity information infosec recon reconnaissance security security-tools

Last synced: 21 Nov 2024

https://github.com/tigthor/neural-network-hacking

Hacking the Singularity. Deep learning hacking. Weaponizing AI in Offensive security

ai automation bug-hunting bugbounty hacking machine-learning neural-network neural-networks vulnerability-scanner

Last synced: 22 Jan 2025

https://github.com/samogod/bugradar

Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.

automation bounty bug bug-bounty bugbounty bugbounty-tool bugcrowd hackerone osint recon recontool security security-automation security-tools

Last synced: 21 Nov 2024

https://github.com/pwnedshell/Bugs-feed

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

bugbounty cve hacking python scrapping vulnerabilities

Last synced: 21 Nov 2024

https://github.com/si9int/Acamar

A Python3 based single-file subdomain enumerator

bugbounty pentesting subdomain

Last synced: 27 Nov 2024

https://github.com/jordanpotti/offensiveclouddistribution

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

bugbounty recon redteam scanning security

Last synced: 22 Jan 2025

https://github.com/gwen001/related-domains

Find related domains of a given domain.

bugbounty dns domains pentesting python security-tools

Last synced: 09 Nov 2024

https://github.com/gwen001/keyhacks.sh

Automation of tokens/api keys testing.

bash bugbounty key pentesting secrets security-tools shell token

Last synced: 09 Nov 2024

https://github.com/edoverflow/bug-bounty-responses

A collection of response templates for invalid bug bounty reports.

bugbounty infosec security template

Last synced: 06 Jan 2025

https://github.com/dwisiswant0/wadl-dumper

Dump all available paths and/or endpoints on WADL file.

bugbounty bugbounty-tool bugbountytips go golang wadl xml xml-parser

Last synced: 29 Jan 2025

https://github.com/thehlopster/hfuzz

Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.

bugbounty fuzz fuzzing hacking pentesting security web-fuzzing wordlist

Last synced: 09 Nov 2024

https://github.com/kljunowsky/CVE-2022-41040-POC

CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server

bug-bounty bugbounty cve-2022-41040 exploit hacking microsoft microsoft-exchange poc proof-of-concept security ssrf

Last synced: 21 Nov 2024

https://github.com/r0x4r/agnee

Find sensitive information using dorks from different search-engines.

bugbounty bugbountytips bugbountytool dorking search-engine

Last synced: 01 Feb 2025

https://github.com/i5nipe/nipejs

Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

bug-bounty bugbounty bugbounty-tool infosec penetration-testing-tools pentesting

Last synced: 21 Nov 2024

https://github.com/tarunkoyalwar/talosplus

Talosplus is a fast and robust template based Intelligent automation framework primarily developed for Bug Bounty Automation

automation automation-framework bash bashscripting bugbounty go golang infosec linux recon shell template-engine

Last synced: 27 Oct 2024

https://github.com/hahwul/s3reverse

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

aws bugbounty s3 security utility

Last synced: 02 Nov 2024

https://github.com/gwen001/vhost-brute

A PHP tool to brute force vhost configured on a server.

bugbounty pentesting php security-tools subdomain vhost

Last synced: 09 Nov 2024

Bug Bounty Awesome Lists
awesome-hacker-search-engines 504 Awesome-Bugbounty-Writeups 604 awesome-bugbounty-tools 339 WebHackersWeapons 408 awesome-mobile-security 246 awesome-hacking-lists 10,901 awesome-vulnerable-apps 88 MobileHackersWeapons 71 netlas-cookbook 234 awesome-bbht 80 Awesome-OSINT-For-Everything 1,194 awesome-cicd-attacks 82 awesome-cybersec 301 Awesome-HTTPRequestSmuggling 44 awesome-security 57 awesome-oauth-sec 54 awesome-thm-rooms 97
Bug Bounty Categories
Python 3,011 Cross Site Scripting (XSS) 1,914 Others 1,566 Go 1,149 Java 853 Shell 688 JavaScript 630 Uncategorized 538 C 513 Weapons 451 Remote Code Execution (RCE) 446 C# # 428 C++ 388 Subdomain Takeover 316 HTML 259 Android 243 PowerShell 228 PHP 228 Cross Site Request Forgery (CSRF) 187 TypeScript 164