Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

https://github.com/doyensec/inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

api-documentation-tool bugbounty bugbounty-tool burp-extensions burpsuite graphql graphql-security penetration-testing security-audit security-scanner security-tools

Last synced: 15 Oct 2024

https://github.com/utkusen/urlhunter

a recon tool that allows searching on URLs that are exposed via shortener services

bugbounty intelligence osint recon security

Last synced: 09 Oct 2024

https://github.com/wallarm/gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

api-security bugbounty graphql-security grpc-security owasp rest-security security security-testing security-tools waf web-application-firewall web-application-security

Last synced: 14 Oct 2024

https://github.com/jordanpotti/AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets

bugbounty enumeration penetration-testing s3-bucket

Last synced: 03 Nov 2024

https://github.com/jordanpotti/awsbucketdump

Security Tool to Look For Interesting Files in S3 Buckets

bugbounty enumeration penetration-testing s3-bucket

Last synced: 15 Oct 2024

https://github.com/cyber-guy1/api-securityempire

API Security Project aims to present unique attack & defense methods in API Security field

api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips

Last synced: 15 Oct 2024

https://github.com/m3n0sd0n4ld/GooFuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

bash-script bugbounty discovery fuzzing google-dorks hacking information-disclosure infosec osint penetration-testing pentesting recon reconnaissance red-team subdomain

Last synced: 08 Nov 2024

https://github.com/Ge0rg3/requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

apigateway aws bugbounty bypass hacktoberfest ip networking security security-tools web-security

Last synced: 07 Nov 2024

https://github.com/m3n0sd0n4ld/goofuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

bash-script bugbounty discovery fuzzing google-dorks hacking information-disclosure infosec osint penetration-testing pentesting recon reconnaissance red-team subdomain

Last synced: 15 Oct 2024

https://github.com/gwen001/github-search

A collection of tools to perform searches on GitHub.

bash bugbounty companies employees github keys pentesting php private python secrets security-tools shell

Last synced: 29 Oct 2024

https://github.com/ge0rg3/requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

apigateway aws bugbounty bypass hacktoberfest ip networking security security-tools web-security

Last synced: 15 Oct 2024

https://github.com/Cyber-Guy1/API-SecurityEmpire

API Security Project aims to present unique attack & defense methods in API Security field

api apisecurity bug-bounty bugbounty bugbountytips cybersec cybersecurity information-security infosec penetration-testing tips

Last synced: 08 Aug 2024

https://github.com/xalgord/massive-web-application-penetration-testing-bug-bounty-notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

bug-bounty bugbounty bugbountytips collection ethical-hacking hacking owasp owasp-top-10 resources xalgord

Last synced: 14 Oct 2024

https://github.com/viralmaniar/bigbountyrecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

blue-team bugbounty bugbounty-tool bugbountytips cybersecurity offensive-security osint pentest-tool pentesting purple-team purple-teams recon reconnaissance red-team red-teaming

Last synced: 12 Nov 2024

https://github.com/0xPugal/One-Liners

A collection of one-liners for bug bounty hunting.

bug-bounty bugbounty enumeration onliner-scripts subdomain-enumeration

Last synced: 05 Nov 2024

https://github.com/0xpugal/one-liners

A collection of one-liners for bug bounty hunting.

bug-bounty bugbounty enumeration onliner-scripts subdomain-enumeration

Last synced: 15 Oct 2024

https://github.com/khast3x/Redcloud

Automated Red Team Infrastructure deployement using Docker

bugbounty docker hacking kali metasploit offensive pentest traefik

Last synced: 06 Nov 2024

https://github.com/codingo/Interlace

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

bugbounty cidr-notation enumeration hacking hacking-tool linux multithreading oscp oscp-tools penetration-testing security security-tools service-enumeration thread

Last synced: 06 Nov 2024

https://github.com/khast3x/redcloud

Automated Red Team Infrastructure deployement using Docker

bugbounty docker hacking kali metasploit offensive pentest traefik

Last synced: 29 Oct 2024

https://github.com/ptswarm/reFlutter

Flutter Reverse Engineering Framework

bugbounty mobile-security reverse-engineering ssl-pinning

Last synced: 04 Aug 2024

https://github.com/codingo/interlace

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

bugbounty cidr-notation enumeration hacking hacking-tool linux multithreading oscp oscp-tools penetration-testing security security-tools service-enumeration thread

Last synced: 14 Oct 2024

https://github.com/codingo/VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security

Last synced: 01 Nov 2024

https://github.com/codingo/vhostscan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security

Last synced: 29 Oct 2024

https://github.com/vincentcox/bypass-firewalls-by-DNS-history

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

bugbounty bypassing dns-record network-security security security-tools

Last synced: 06 Nov 2024

https://github.com/vincentcox/bypass-firewalls-by-dns-history

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

bugbounty bypassing dns-record network-security security security-tools

Last synced: 29 Oct 2024

https://github.com/hahwul/XSpear

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

bugbounty bugbountytips gem hacking library pentest ruby scanner scanning-xss selenium tool webhacking xss

Last synced: 03 Nov 2024

https://github.com/tillson/git-hound

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.

bugbounty git githound github osint secrets security security-tools

Last synced: 09 Oct 2024

https://github.com/hahwul/xspear

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

bugbounty bugbountytips gem hacking library pentest ruby scanner scanning-xss selenium tool webhacking xss

Last synced: 11 Oct 2024

https://github.com/roottusk/vapi

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

api apitop10 appsec appsec-tutorials bugbounty cors docker exercises hacktoberfest hacktoberfest-accepted owasp owasp-top-10 owasp-top-ten php postman vulnerable-application

Last synced: 29 Oct 2024

https://github.com/Viralmaniar/BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

blue-team bugbounty bugbounty-tool bugbountytips cybersecurity offensive-security osint pentest-tool pentesting purple-team purple-teams recon reconnaissance red-team red-teaming

Last synced: 04 Aug 2024

https://github.com/caido/caido

🚀 Caido releases, wiki and roadmap

bugbounty pentesting proxy security tool

Last synced: 15 Oct 2024

https://github.com/h4r5h1t/webcopilot

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

bug-bounty bugbounty enumeration recon reconnaissance

Last synced: 15 Oct 2024

https://github.com/karanxa/bug-bounty-wordlists

A repository that includes all the important wordlists used while bug hunting.

bugbounty hacktoberfest hacktoberfest2022

Last synced: 15 Oct 2024

https://github.com/Karanxa/Bug-Bounty-Wordlists

A repository that includes all the important wordlists used while bug hunting.

bugbounty hacktoberfest hacktoberfest2022

Last synced: 03 Aug 2024

https://github.com/random-robbie/bruteforce-lists

Some files for bruteforcing certain things.

bruteforce bugbounty bugbountytips dirbuster

Last synced: 09 Nov 2024

https://github.com/devploit/dontgo403

Tool to bypass 403/40X response codes.

403 403-bypass bugbounty bypass ctf pentesting waf-bypass websec

Last synced: 25 Aug 2024

https://github.com/devploit/nomore403

Tool to bypass 403/40X response codes.

403 403-bypass bugbounty bypass ctf pentesting waf-bypass websec

Last synced: 03 Aug 2024

https://github.com/projectdiscovery/public-bugbounty-programs

Community curated list of public bug bounty and responsible disclosure programs.

bugbounty bugbounty-program chaos hacktoberfest reconnaissance

Last synced: 13 Nov 2024

https://github.com/1n3/privesc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

bugbounty exploits hacking linux mysql pentesting privesc sql windows

Last synced: 09 Nov 2024

https://github.com/indianajson/can-i-take-over-dns

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

bugbounty bugbountytips dangling-dns dns dns-hijacking domain-takeover hacking hacking-tool infosec nameservers subdomain-takeover takeover-subdomain

Last synced: 03 Nov 2024

https://github.com/1N3/PrivEsc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

bugbounty exploits hacking linux mysql pentesting privesc sql windows

Last synced: 05 Nov 2024

https://github.com/topscoder/nuclei-wordfence-cve

The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

bugbounty cve exploits nuclei nuclei-templates pentesting projectdiscovery scanner security vulnerability vulnerability-scanning wordfence wordpress

Last synced: 13 Nov 2024

https://github.com/ayoubfathi/leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

appsec axiom bugbounty dirbuster dirsearch ffuf fuzzing hacktoberfest meg nuclei penetration-testing pentest recon redteam redteaming security security-tools subfinder wayback-machine wordlist

Last synced: 04 Aug 2024

https://github.com/chvancooten/BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

bug-bounty-reconnaissance bugbounty docker-image hacking hacktoberfest reconnaissance

Last synced: 05 Nov 2024

https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

bugbounty hacking hacking-tool penetration-testing penetration-testing-tools pentesting scanner security security-audit security-scanner security-tools vulnerability-scanners web-cache

Last synced: 05 Nov 2024

https://github.com/chvancooten/bugbountyscanner

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

bug-bounty-reconnaissance bugbounty docker-image hacking hacktoberfest reconnaissance

Last synced: 11 Oct 2024

https://github.com/KathanP19/JSFScan.sh

Automation for javascript recon in bug bounty.

bugbounty bugbounty-tool javascript-recon

Last synced: 03 Aug 2024

https://github.com/robotshell/magicRecon

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

bash-script bug bugbounty bugbounty-tool bugbountytricks infosec nuclei scanner sql-injection subdomain subdomains-enumeration tool vulnerability-scanners xss-vulnerability

Last synced: 06 Nov 2024

https://github.com/sh377c0d3/Payloads

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

bugbounty bugbounty-tool payload payloads payloads-database penetration-testing

Last synced: 04 Aug 2024

https://github.com/xm1k3/cent

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

bugbounty golang hacktoberfest nuclei nuclei-templates penetration-testing pentesting templates

Last synced: 05 Nov 2024

https://github.com/boy-hack/ksubdomain

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

bugbounty hacker-tools subdomain

Last synced: 04 Aug 2024

https://github.com/hisxo/reconaizer

A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!

bugbounty burp-extensions burpsuite gpt-4 openai openai-api openai-chatgpt

Last synced: 09 Nov 2024

https://github.com/vincentcox/StaCoAn

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

bugbounty mobile-security security security-tools static-code-analysis

Last synced: 27 Oct 2024

https://github.com/vincentcox/stacoan

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

bugbounty mobile-security security security-tools static-code-analysis

Last synced: 25 Oct 2024

https://github.com/hisxo/ReconAIzer

A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!

bugbounty burp-extensions burpsuite gpt-4 openai openai-api openai-chatgpt

Last synced: 05 Nov 2024

https://github.com/Dheerajmadhukar/karma_v2

⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)

automation bash-script bugbounty infrastructure intelligence osint reconnaissance shodan

Last synced: 06 Nov 2024

https://github.com/dheerajmadhukar/karma_v2

⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)

automation bash-script bugbounty infrastructure intelligence osint reconnaissance shodan

Last synced: 15 Oct 2024

https://github.com/0xpugal/fuzz4bounty

1337 Wordlists for Bug Bounty Hunting

bruteforce bugbounty dirsearch ffuf fuzz fuzz4bounty wordlist

Last synced: 08 Nov 2024

https://github.com/Zarcolio/sitedorks

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

baidu bing bugbounty bugcrowd duckduckgo google google-dorks googledork hackerone hacking infosec intigriti osint python3 recon reconnaissance search search-engines yahoo yandex

Last synced: 04 Aug 2024

https://github.com/R0X4R/Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 06 Nov 2024

https://github.com/r0x4r/garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 12 Nov 2024

https://github.com/hahwul/jwt-hack

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

bugbounty cracking hacking hacktoberfest jwt payload-generator security testing-tools tool

Last synced: 31 Oct 2024

https://github.com/bl4de/security-tools

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

bug-bounties bug-bounty bugbounty ctf ctf-tools hacking infosec itsecurity pentesting python scanner security-testing security-tools static-analysis webappsec

Last synced: 03 Nov 2024

https://github.com/dwisiswant0/findom-xss

A fast DOM based XSS vulnerability scanner with simplicity.

bugbounty bugbountytips findom-xss pentest pentesting xss xss-scanner

Last synced: 28 Oct 2024

https://github.com/dsopas/assessment-mindset

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

bugbounty infosec methodology mindmap

Last synced: 03 Nov 2024

https://github.com/aaaguirrep/offensive-docker

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

bug-bounty bugbounty ctf-tools hacking hacking-tools htb pentest pentesting pentesting-tools

Last synced: 26 Oct 2024

https://github.com/aaaguirrep/pentest

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

bug-bounty bugbounty ctf-tools hacking hacking-tools htb pentest pentesting pentesting-tools

Last synced: 03 Aug 2024

https://github.com/TypeError/domained

Multi Tool Subdomain Enumeration

bugbounty enumeration infosec security subdomains

Last synced: 03 Nov 2024

https://github.com/robotshell/magicrecon

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

bash-script bug bugbounty bugbounty-tool bugbountytricks infosec nuclei scanner sql-injection subdomain subdomains-enumeration tool vulnerability-scanners xss-vulnerability

Last synced: 13 Nov 2024

https://github.com/knassar702/scant3r

ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )

bug-bounty bugbounty infosec module-pattern penetration-testing pentesting security-tools web-scanners xss

Last synced: 04 Aug 2024

https://github.com/h33tlit/secret-regex-list

List of regex for scraping secret API keys and juicy information.

bugbounty google google-api juicy oauth regex regex-pattern secret secret-keys

Last synced: 04 Aug 2024

https://github.com/iamthefrogy/frogy

My subdomain enumeration script. It's unique in the way it is built upon.

bug-bounty bugbounty infosec osint reconnaissance

Last synced: 07 Nov 2024