Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/wfinn/ucors

tool that scans for CORS bypasses

bugbounty bypass cors pentesting vulnerability-scanners

Last synced: 04 Aug 2024

https://github.com/theunknownsoul/htb-certified-bug-bounty-hunter-exam-cheetsheet

All cheetsheets with main information from HTB CBBH role path in one place.

bugbounty cheetsheet htb security

Last synced: 08 Nov 2024

https://github.com/hackshiv/ffuf-outputter

A cleaner way to save my ffuf output - consider combining it with ffuf easily.

automation bugbounty bugbounty-tool bughunter cybersecurity directoryfuzzer ffuf fuzzer hacking output python3 tools tools-and-automation

Last synced: 12 Nov 2024

https://github.com/hackerajofficial/server-side-template-injection

A server-side template injection occurs when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.

bug bug-bounty bugbounty bugs hackeraj hackeraj-official hackerajofficial injection

Last synced: 10 Nov 2024

https://github.com/mathis2001/lightraversal

LighTraversal is a tool designed to find basic directory traversal vulnerabilities

bugbounty lfi path-traversal pentest

Last synced: 11 Nov 2024

https://github.com/x00tex/duckscripts

Collection of script i wrote during bug bounty hunting.

android-application apkpure-scraper bugbounty subdomain-enumeration

Last synced: 01 Nov 2024

https://github.com/n0kovo/random-agent

Simply output a random user-agent. Use it with tools that don't have a --random-agent flag. Like `random-agent` or $(random-agent)

appsec bug-bounty bug-bounty-tools bugbounty bugbounty-tool bugbountytools fuzzer fuzzing infosec infosectools pentesting pentesting-tools redteam-tools web-app-security webfuzzer

Last synced: 08 Nov 2024

https://github.com/pocdork/gitdomain

Discover endpoints using companies GitHub Repositories name

bugbounty bugbounty-tool hacking infosec

Last synced: 04 Aug 2024

https://github.com/lord3ver/gctsubdomains

Discover subdomains in Certificate Transparency logs using Google's Transparency Report

bugbounty go osint penetration-testing pentest recon subdomain subdomain-enumeration

Last synced: 04 Aug 2024

https://github.com/mathis2001/wappassivescan

Passive Vulnerability Scanner working with Wappalyzer API and MITRE CVE search functionnality.

bugbounty bugbounty-tool cve mitre passive-vulnerability-scanner pentest pentest-tool pentesting pentesting-tools wappalyzer

Last synced: 11 Nov 2024

https://github.com/bruston/sonar

Subdomain enumeration via the JSON API provided by https://sonar.omnisint.io/ which uses the Rapid7 dataset.

bugbounty infosec

Last synced: 23 Oct 2024

https://github.com/haccer/xmail

Go tool that detects which email addresses have domains which are able to be registered

account-takeover bug-bounty bugbounty cyber email go golang infosec osint pentesting redteam redteam-tools security

Last synced: 11 Nov 2024

https://github.com/shreyaschavhan/bugbountywriteups

This Repository will contain Bug Bounty Write-Up that I read on daily basis!

bounty bounty-hunters bug-bounty bugbounty bugcrowd hackerone hackers payloads synack tools writeups

Last synced: 23 Oct 2024

https://github.com/pwnb0y/BugBounty-Scripts

Quick scripts to make life easier of a Hacker 😎

bash-script bugbounty vps-setup

Last synced: 23 Oct 2024

https://github.com/hellblack55/dobby

This script finds subdomains and URLs, filters them into .js, .json, and sensitive categories, and helps streamline your security assessments and bug hunting.

bash bash-script bug bug-bounty bugbounty bugbounty-tool

Last synced: 09 Oct 2024

https://github.com/markgacoka/r3c0n

A tool for performing reconnaissance on web targets in Python

bugbounty cybersecurity library python recon reconnaissance reconnaissance-framework

Last synced: 04 Aug 2024

https://github.com/arshadkazmi42/is-broken-link-github

Github Links Broken Status Checker

blc broken-links bugbounty github links python script

Last synced: 28 Oct 2024

https://github.com/proditis/bugbounty-journal

The journal of a unix geek taking its first steps into the BugBounty world...

bugbounty funny journal

Last synced: 15 Oct 2024

https://github.com/rundtstykker/subdomain-crawler-application-security-

A simple & lightweight domain crawler that uses a pre-defined wordlist to discover subdomains on specified domain

bugbounty python subdomain

Last synced: 10 Nov 2024

https://github.com/Retr0-45809/autorecon

An automation tool to perform multiple reconnaissance attacks on a domain instantly

bugbounty bugbountyautomation reconnaissance

Last synced: 23 Oct 2024

https://github.com/acuciureanu/png-payload-injector

CLI tool for embedding XSS payloads in PNG files.

bugbounty bugbounty-tool bugbountyhunting security-automation

Last synced: 12 Oct 2024

https://github.com/sa7mon/vulnchest

A collection of vulnerable applications for research purposes

bugbounty cve infosec

Last synced: 12 Nov 2024

https://github.com/0xrobiul/FInstall

It's An Automation Script Which Will Automatically Install Tools For Bug Hunting/Web-Application Penetration Testing!

bugbounty cyber-security hacking penetration-testing pentesting

Last synced: 23 Oct 2024

https://github.com/andreystepanov/pentesterland-writeups

Pentester Land's curated collection of bug bounty writeups in formatted JSON

bugbounty bugbounty-writeups pentesterland pentesting writeups

Last synced: 11 Nov 2024

https://github.com/d3mondev/cidrex

A command-line utility for expanding CIDR ranges with support for IPv6.

bugbounty cidr cidr-range ipv4 ipv6

Last synced: 12 Nov 2024

https://github.com/acuciureanu/wp-plugins-analyzer

A WordPress plugins analyzer which is still work in progress anyway

bugbounty bugbounty-tool wordpress-security-scanner

Last synced: 12 Oct 2024

https://github.com/arshadkazmi42/wbm

Waybackmachine to pull all wayback urls of input domain

bugbounty wayback-machine

Last synced: 28 Oct 2024

https://github.com/mathis2001/Reflection

Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)

bugbounty parameters pentest reflected

Last synced: 23 Oct 2024

https://github.com/subnwa/erc-cli

It is a CLI source that works ergonomically and systematically within the system. These errors are added to the database with customization. In addition, it ensures that the bugs that occur in the system do not create system vulnerabilities.

bit bits bugbounty cargo cli creates db error-handling lang line rust terms

Last synced: 16 Nov 2024

https://github.com/abhinandan-khurana/l337_5ub0v3r

A python tool to check subdomain takeover vulnerability

bugbounty cybersecurity docker pentesting python3

Last synced: 11 Nov 2024

https://github.com/topscoder/aisubs

Leverage the power of AI to find hard to find subdomains.

ai bugbounty bugbounty-tools chatgpt infosec security subdomain subdomain-finder

Last synced: 13 Nov 2024

https://github.com/mathis2001/subpwnable

Are your (sub)domains pwnable ? SubPwnable is a simple Python tool designed to helps you answer this question.

bugbounty cname pentest subdomain-takeover

Last synced: 11 Nov 2024

https://github.com/mathis2001/reflection

Reflected parameters checker for a list of urls. (Beta version needing a lot of improvement)

bugbounty parameters pentest reflected

Last synced: 11 Nov 2024

https://github.com/TargetPackage/api-key-impact

A list of different types of API keys and how to prove impact for bug bounty programs.

api api-key api-keys bug-bounty bugbounty impact

Last synced: 10 Sep 2024

https://github.com/mathis2001/gitdiscloser

Python recon tool for Github information disclosure research

bugbounty github pentesting recon

Last synced: 11 Nov 2024

https://github.com/carloocchiena/subdomain_scanner

A simple script that ping up to 10K most common subdomains in a target website and returns a list of finding.

bugbounty networking scanner vulnerability-scanners

Last synced: 14 Oct 2024

https://github.com/qyfashae/bug_bounty_scripts

My private bug bounty scripts i have written under the years for real time projects within bug bounty hunting and penetration testing(red team).

bug-bounty-tools bugbounty bugbounty-tools exploits exploits-scripts hacking penetration-testing pentesting python-exploits

Last synced: 13 Nov 2024

https://github.com/mathis2001/lightssticheck

LightSSTICheck is a tool designed to find basic SSTI vulnerabilities

bugbounty pentest ssti

Last synced: 11 Nov 2024

https://github.com/cak/foot

Foot is a library that fetches a list of URLs and silly walks through each site to gather information.

bugbounty crawler scraping

Last synced: 14 Nov 2024

https://github.com/arshadkazmi42/npmdc-poc

NPM Dependency Confusion - PoC

bugbounty confusion dependency infosec npm poc

Last synced: 28 Oct 2024

https://github.com/sudosuraj/Dorks

List of Google Dorks for sites that have responsible disclosure program / bug bounty program

bounty bug bugbounty dork dorks google googledorks sudosuraj

Last synced: 23 Oct 2024

https://github.com/prvvv/submapper

A subdomain enumeration tool designed to find WAF's and 404 pages for takeover and enumeration

404 404-page amazon bug-bounty bugbounty cloudflare python3 subdomain-enumeration subdomain-scanner subdomain-takeover waf-detection

Last synced: 13 Nov 2024

https://github.com/codeb0ss/CVE-2023-20073-

Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]

0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router

Last synced: 23 Oct 2024

https://github.com/mathis2001/jsembed

Simple Python tool to embed JavaScript code in different types of files (pdf and svg for now)

bugbounty fileupload javascript pdf pentest svg xss

Last synced: 11 Nov 2024

https://github.com/johnsaigle/hacking-toolkit

A collection of hacking utilities. Useful for CTFs and bug bounties.

bugbounty ctf-tools hacking penetration-testing

Last synced: 16 Nov 2024

https://github.com/cosad3s/njsdump

Dump paths & pages from Next.js Manifest

bugbounty nextjs recon security

Last synced: 29 Oct 2024

https://github.com/ichbinbork/JS_lookup

Tool that helps javascript source code analysis processes

bugbounty codereview websecurity

Last synced: 23 Oct 2024

https://github.com/mathis2001/EzComments

EzComments is a tool allowing you to get all html and js comments of each url given to him

bugbounty comments pentest recon

Last synced: 23 Oct 2024

https://github.com/eagleEggs/bugBounties

Authorized dislosures of bugbounties that have been resolved

bugbounty bugcrowd fitbit penetration-testing security

Last synced: 23 Oct 2024

https://github.com/mrvcoder/bug-hunting-methodologies

this repo contains some public methodologies which I found from internet (google,telegram,discord,writeups etc..)

bounty bug bugbounty bugbounty-methodology hack hunt information-gathering methodology osint recon reconnaissance

Last synced: 06 Nov 2024

https://github.com/palanioffcl/CTFation

I made this for my personal use to automate things like enumeration and all other stuffs to reduce time in recon and helps to claim first blood. ⛳ 😀

automation bash-script bugbounty ctf hacking linux penetration-testing pentesting

Last synced: 23 Oct 2024

https://github.com/mathis2001/ezcomments

EzComments is a tool allowing you to get all html and js comments of each url given to him

bugbounty comments pentest recon

Last synced: 11 Nov 2024

https://github.com/GabrielCS0/security-trails

This is a tool to automate the search for subdomains on the website securitytrails.com

bugbounty pentesting python recon subdomains

Last synced: 23 Oct 2024

https://github.com/eagleeggs/bugbounties

Authorized dislosures of bugbounties that have been resolved

bugbounty bugcrowd fitbit penetration-testing security

Last synced: 11 Nov 2024

https://github.com/h3xploit0x1/url-gatherer

Simple Bash Script To Gather URL From Target. Useful For BugBounty.

bugbounty ethical-hacking hacking pentesting tool

Last synced: 15 Nov 2024

https://github.com/D0N-B0T/scripts

short Scripts i use for bugbounty and others.

bugbounty script

Last synced: 23 Oct 2024

https://github.com/codeb0ss/cve-2023-20073-

Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]

0day bug bugbounty cisco codeb0ss codeboss cve cve-2023-20073 exploit hackerone mass mass-exploit uncodeboss vpn-router

Last synced: 13 Nov 2024

https://github.com/sysevil/rusho

subdomain tool cli for shodan by Rust lang

bugbounty hacking hacking-tool recon reconnaissance rust rust-lang subdomain-enumeration

Last synced: 29 Oct 2024

https://github.com/n0kovo/dnsplz

A simple Bash script that resolves a list of domains from stdin to IP addresses and prints them to stdout

bug-bounty bugbounty dns dns-enum dns-enumeration dns-lookup dns-lookups dns-reconnaissance dns-requests dns-resolver

Last synced: 08 Nov 2024

https://github.com/acuciureanu/log-name-generator

A tool which enhances fuzzing with date-formatted log file names.

bugbounty bugbounty-tool bugbountytips content-discovery fuzzing wordlist wordlist-generator

Last synced: 12 Oct 2024