Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2025-02-04 00:04:14 UTC
- JSON Representation
https://github.com/chopicalqui/KaliIntelligenceSuite
Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
bugbounty data-mining intelligence-gathering kali-linux kali-linux-tools osint penetration-testing penetration-testing-framework
Last synced: 21 Nov 2024
https://github.com/R0X4R/Pinaak
A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
bash-script bugbounty fastscanner find-vulnerabilities nuclei sqlinjection vulnerabilities vulnerability-scanners xss-vulnerability
Last synced: 21 Nov 2024
https://github.com/p0dalirius/cve-2021-43008-adminerread
Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
adminer bugbounty cve cve-2021-43008 exploit file hacking pentest read tool vulnerability
Last synced: 30 Dec 2024
https://github.com/dwisiswant0/hinject
Host Header Injection Checker
bugbounty go golang penetration-testing
Last synced: 28 Oct 2024
https://github.com/m8sec/taser
Python resource library for creating security related tooling
bugbounty hacking pentesting python3 security
Last synced: 26 Jan 2025
https://github.com/a3h1nt/subcert
Subcert is a subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
bugbounty certificate-transparency infosec osint-tool pentesting-tools python3 subdomain-enumeration
Last synced: 28 Oct 2024
https://github.com/un4gi/dirtywords
A targeted word list generation tool
bugbounty content-discovery enumeration golang pentesting web
Last synced: 21 Nov 2024
https://github.com/dotnetrussell/minerinthemiddle
This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads
bug-bounty bugbounty hacking hacking-tool info-sec information-security infosec infosectools injection miner monero penetration-testing penetration-testing-tools python red-team
Last synced: 10 Oct 2024
https://github.com/az0mb13/frida_setup
One-click installer for Frida and Burp certs for SSL Pinning bypass
adb android bug-bounty bugbounty frida hacking-tools pentesting pentesting-tools reconnaissance
Last synced: 07 Nov 2024
https://github.com/enenumxela/subdomains.sh
A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.
amass asset-discovery bash-scripting bug-bounty bugbounty dns enumeration findomain hakrevdns passive-dns penetration-testing pentesting reconnaissance reverse-dns reverse-dns-lookup subdomain subdomains subdomains-enumeration subfinder xsubfind3r
Last synced: 06 Nov 2024
https://github.com/BugHunterID/BugHunterID
Para pencari bug / celah kemanan bisa bergabung.
bounty bug bugbounty bughunterid hackerone indonesia security
Last synced: 23 Oct 2024
https://github.com/macmod/goblob
A fast enumeration tool for publicly exposed Azure Storage blobs.
azure-blob-storage azure-storage blob-storage brute-force bruteforce bug-bounty bugbounty enumeration go golang infosec pentest recon reconnaissance scanner security
Last synced: 28 Oct 2024
https://github.com/blackhatethicalhacking/fetchmeurls
A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)
bugbounty bugbountytool recon reconnaissance
Last synced: 30 Jan 2025
https://github.com/anof-cyber/mobsecco
Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins
android apk bug-bounty bugbounty cordova cybersecurity mobile-security penetration-testing pentesting pentesting-tools python
Last synced: 14 Oct 2024
https://github.com/aufzayed/HydraRecon
All In One, Fast, Easy Recon Tool
bugbounty bugbounty-tool bugbountytips crawler hacking hacking-tools information-gathering open-source-intelligence osnit pentest pentest-tools pentesting python recon recon-tools
Last synced: 16 Nov 2024
https://github.com/tintinweb/bugbounty-companion
A BugBounty companion that checks out high-reward yielding bug bounty code-bases from Immunefi/code4rena 🙌 (use at own risk)
bugbounty code4rena immunefi smart-contracts
Last synced: 02 Nov 2024
https://github.com/gwen001/bugbountytips
Webapp to search tips on Twitter through #bugbountytips
bugbounty bugbountytips hashtag pentesting php security twitter
Last synced: 09 Nov 2024
https://github.com/dub-flow/subsnipe
SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.
bugbounty ethical-hacking penetration-testing
Last synced: 31 Jan 2025
https://github.com/gnebbia/halive
A fast http and https prober, to check which URLs are alive
alive-hosts asynchronous asyncio bugbounty http https probe probe-requests prober reconnaissance requests
Last synced: 13 Nov 2024
https://github.com/edoverflow/legal-bug-bounty
#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
bugbounty infosec legal security
Last synced: 06 Jan 2025
https://github.com/hahwul/websocket-connection-smuggler
websocket-connection-smuggler
bugbounty hacking security testing-tools websocket websocket-connection-smuggling
Last synced: 02 Nov 2024
https://github.com/p0dalirius/lfidump
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
bugbounty dump file inclusion local pentesting
Last synced: 30 Dec 2024
https://github.com/ethicalhackingplayground/dnsresolver
A Lightning-Fast DNS Resolver written in Rust 🦀
bugbounty dns http-prober resolver
Last synced: 31 Jan 2025
https://github.com/yeswehack/YesWeBurp
YesWeHack Api Extension for Burp
bugbounty burp-extensions hacking pentest tools
Last synced: 09 Nov 2024
https://github.com/blackhatethicalhacking/scopehunter
ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.
bugbounty hacking infosec kali-linux penetration-testing pentesting
Last synced: 31 Jan 2025
https://github.com/typeerror/bookmarks
Reclaim control of your Burp Suite Repeater tabs with this powerful extension
appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro
Last synced: 08 Nov 2024
https://github.com/TypeError/Bookmarks
Reclaim control of your Burp Suite Repeater tabs with this powerful extension
appsec bugbounty burp-extensions burpsuite burpsuite-extender burpsuite-pro
Last synced: 24 Oct 2024
https://github.com/elfarsaouiomar/monitor-new-subdomain
MNS is a security and reconnaissance tool for monitoring new subdomains
bugbounty monitoring python3 recon subdomains
Last synced: 21 Nov 2024
https://github.com/InfoSecWarrior/Offensive-Pentesting-Scripts
Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work more efficient and effective.
automation bash-script bugbounty gotools nmap-scripts pentesting subdomain-enumeration subdomain-wordlist
Last synced: 07 Nov 2024
https://github.com/codingo/dooked
DNS and Target HTTP History Local Storage and Search
bounties bug bugbounty bugbounty-tool infosec reconnaissance security security-tools
Last synced: 20 Oct 2024
https://github.com/p0dalirius/ldapconsole
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
active-directory bugbounty ldap pentesting search
Last synced: 23 Jan 2025
https://github.com/swisscom/bugbounty
Swisscom Vulnerability Disclosure Policy & Bug Bounty Programme
Last synced: 26 Jan 2025
https://github.com/jimen0/differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters
bugbounty cloudrun go golang serverless url
Last synced: 28 Oct 2024
https://github.com/radenvodka/pentol
PENTOL - Pentester Toolkit for Fiddler2
bugbounty exploit exploiting-vulnerabilities fiddler-extension fiddler2 kitploit pentest-tool pentesting security security-tools tools
Last synced: 17 Nov 2024
https://github.com/InitRoot/BurpSQLTruncSanner
Messy BurpSuite plugin for SQL Truncation vulnerabilities.
bugbounty burpsuite-extender sql-truncation
Last synced: 03 Nov 2024
https://github.com/gwen001/github-regexp
Basically a regexp over a GitHub search.
bugbounty github go golang pentesting private regexp secrets security-tools
Last synced: 09 Nov 2024
https://github.com/gwen001/gitlab-subdomains
Find subdomains on GitLab.
bugbounty gitlab go pentesting security-tools subdomains
Last synced: 16 Nov 2024
https://github.com/Zarcolio/grepaddr
Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.
bugbounty command-line ctf ctf-tools e-mail extract grep-like hacking ip-addresses ipv4 ipv6 mac-address pentesting python python3 recon reconnaissance urls
Last synced: 06 Nov 2024
https://github.com/ghsec/BBProfiles
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
Last synced: 25 Oct 2024
https://github.com/hahwul/gitls
🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
bugbounty butbountytips cli-tool fetcher git github security security-tools tool whitebox-testing
Last synced: 26 Jan 2025
https://github.com/EdOverflow/smith
Simple wrapper for meg that sieves through meg's output for you.
bugbounty security security-tools
Last synced: 18 Jan 2025
https://github.com/kabilan1290/grapX
grapX will iterate through the URLs and grep the endpoints with all possible extensions.
automation bugbounty bugbounty-tool bugbountytips cybersecurity opensource python python-script security-automation security-vulnerability
Last synced: 21 Nov 2024
https://github.com/z3dc0ps/0x0p1n3r
0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover
bugbounty enumeration enumerations subdomain subdomain-enumeration subdomain-scanner vulnerability
Last synced: 21 Nov 2024
https://github.com/nullt3r/rapiddns
Rapidly enumerate subdomains and domains using rapiddns.io.
bugbounty bugbountytips domain-discovery enumeration scanner subdomains-enumeration
Last synced: 21 Nov 2024
https://github.com/gerosecurity/gerobug
The First Open Source Bug Bounty Platform
bounty-hunting bug-bounty bug-bounty-platform bugbounty bugbounty-platform bugbounty-tool cybersecurity infosec vdp vulnerability-disclosure
Last synced: 02 Jan 2025
https://github.com/nikhil1232/Bucket-Flaws
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
application-security aws-s3 bucket bug-bounty bugbounty s3 s3-bucket s3-buckets security-misconfiguration wapt
Last synced: 21 Nov 2024
https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213
https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8
Last synced: 21 Nov 2024
https://github.com/dwisiswant0/bounty-targets-alert
It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.
bugbounty bugbountytips bugcrowd federacy hackenproof hackerone intigriti vdp vrp yeswehack
Last synced: 28 Oct 2024
https://github.com/blackhatethicalhacking/ScopeHunter
ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.
bugbounty hacking infosec kali-linux penetration-testing pentesting
Last synced: 23 Oct 2024
https://github.com/dwisiswant0/continuous-nuclei
Running nuclei Continuously
automation bugbounty bugbounty-tool nuclei projectdiscovery
Last synced: 21 Nov 2024
https://github.com/Adversis/PandorasBox
Security tool to quickly audit Public Box files and folders.
bugbounty cloud-security penetration-testing security-tools
Last synced: 14 Nov 2024
https://github.com/darklotuskdb/SSTI-XSS-Finder
XSS Finder Via SSTI
bug bugbounty bugbounty-tool bugbountytips dorks hacking ssti tool vulnerability xss
Last synced: 21 Nov 2024
https://github.com/azathothas/arsenal
Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
bug-bounty bugbounty hacking recon recon-tools security security-tools tools
Last synced: 18 Nov 2024
https://github.com/themarkib/google-acquisitions
Most of the Google Acquisitions for Bug Bounty Hunter.
bugbounty ethical-hacking googlevrp penetration-testing
Last synced: 13 Dec 2024
https://github.com/Josue87/roboxtractor
Extract endpoints marked as disallow in robots files to generate wordlists.
bug-bounty bugbounty enumeration fuzzing hacking wordlist
Last synced: 21 Nov 2024
https://github.com/Sh1Yo/rate-limit-checker
Check whether the domain has a rate limit enabled.
Last synced: 21 Nov 2024
https://github.com/birdbee44/Resources
bugbounty honey honey-pots osint phishing resources scanner sql-injection xss
Last synced: 21 Nov 2024
https://github.com/mindpatch/hacking-lab
Small Vulnerable Web App
bugbounty cmdinjection flask hackable hacking-lab openredirect python sqlinjection ssrf ssti uploadfile xss
Last synced: 22 Nov 2024
https://github.com/Aju100/VulWebaju
VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
bugbounty hacking hacktoberfest owasp-top-10 penetration-testing pentesting
Last synced: 21 Nov 2024
https://github.com/MindPatch/hacking-lab
Small Vulnerable Web App
bugbounty cmdinjection flask hackable hacking-lab openredirect python sqlinjection ssrf ssti uploadfile xss
Last synced: 21 Nov 2024
https://github.com/Th0h0/autopoisoner
Web cache poisoning vulnerability scanner.
automation bugbounty python3 web-cache-deception web-cache-misconfiguration web-cache-poisoning
Last synced: 16 Nov 2024
https://github.com/nu11pointer/fuzzlists
A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc
bruteforce bugbounty cybersecurity dictionaries infosec pentesting wordlists
Last synced: 05 Nov 2024
https://github.com/DreyAnd/DeadDNS
DNS hijacking via dead records automation tool
bugbounty bugbounty-tool bugbountytips bughunting
Last synced: 21 Nov 2024
https://github.com/random-robbie/open-redirect
Open Redirect Finder.
bugbounty casperjs open-redirect openredirect python
Last synced: 26 Dec 2024
https://github.com/kljunowsky/CVE-2022-42889-text4shell
Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.
apache bug-bounty bug-bounty-hunting bugbounty bugbounty-tool commons-text cve-2022-42889 exploit oneliner security security-tools
Last synced: 21 Nov 2024
https://github.com/kaiiyer/rajappan
An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE
articles blog bugbounty cheatsheet conference cybersecurity differential-privacy hacktoberfest hacktoberfest2022 internet-freedom podcasts privacy rajappan security security-tools threat-hunting threat-intelligence toolkit tools
Last synced: 07 Nov 2024
https://github.com/bassammaged/awsEnum
Enumerate AWS cloud resources based on provided credential
aws bug bugbounty enumeration penetration-testing security-audit security-tools
Last synced: 23 Oct 2024
https://github.com/xchopath/pathprober
Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once
bugbounty pentest pentest-scripts pentest-tools python python3 redteam redteam-tools webscanner
Last synced: 21 Nov 2024
https://github.com/rudSarkar/crlf-injector
A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
bugbounty crlf-injection python toolshacking
Last synced: 09 Nov 2024
https://github.com/wfinn/redirex
tool that generates bypasses for open redirects
Last synced: 21 Nov 2024
https://github.com/gwen001/google-search
Returns results from Google search.
bugbounty endpoints go golang google goop pentesting python recon search security-tools urls
Last synced: 09 Nov 2024
https://github.com/joker-reincarnated/toxic-md
Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot configurations, this bot has you covered.
Last synced: 03 Feb 2025
https://github.com/rudsarkar/crlf-injector
A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
bugbounty crlf-injection python toolshacking
Last synced: 18 Nov 2024
https://github.com/ko2sec/apkizer
apkizer is a mass downloader for android applications for all available versions.
android-application apk apkpure bugbounty recon reconnaissance
Last synced: 21 Nov 2024
https://github.com/mrlew1s/BrokenSMTP
Small python script to look for common vulnerabilities on SMTP server.
bugbounty pentest pentest-scripts pentest-tool pentesting python python3 security security-tools smtp spoofing userenumeration vulnerabilities vulnerability
Last synced: 21 Nov 2024
https://github.com/mzfr/takeover
A tool for testing subdomain takeover possibilities at a mass scale.
bugbounty subdomain-takeover takeover
Last synced: 03 Nov 2024
https://github.com/robotshell/dorkscraper
DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.
bugbounty googledorks pentesting python tool
Last synced: 19 Dec 2024
https://github.com/SomeKirill/wordlist_generator
Unique wordlist generator of unique wordlists.
bugbounty bugbounty-tool information-gathering pentesting reconnaissance security wordlist
Last synced: 21 Nov 2024
https://github.com/R0X4R/scvault
Custom scripts for directory fuzzing, subdomain enumeration, and more.
automation bash-script bug-bounty bug-bounty-hunters bugbounty directory-busting ffuf fuzzing infosec interlace
Last synced: 21 Nov 2024
https://github.com/r0x4r/scvault
Custom scripts for directory fuzzing, subdomain enumeration, and more.
automation bash-script bug-bounty bug-bounty-hunters bugbounty directory-busting ffuf fuzzing infosec interlace
Last synced: 08 Nov 2024
https://github.com/gwen001/bxss
Alternative to XSS Hunter for blind XSS.
bugbounty pentesting php security-tools xss xsshunter
Last synced: 09 Nov 2024
https://github.com/dotnetrussell/ensemble
A Bug Bounty Platform that allows hunters to issue commands over a geo-distributed cluster. The ideal user is someone who is attempting to scan multiple bug bounty programs simultaneously, on a recurring basis.
blueteam bug-bounty bug-bounty-hunting bug-bounty-recon bug-bounty-tools bugbounty hacking red-team red-team-tools red-teaming redteam
Last synced: 21 Nov 2024
https://github.com/R0X4R/ssrf-tool
An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.
bugbounty bugbounty-tool bugbountytips go ssrf ssrf-tool tools
Last synced: 21 Nov 2024
https://github.com/e1abrador/Burp-Encode-IP
Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.
bugbounty bugbounty-tool bugbountytips bypass open-redirect red-team red-team-tools ssrf
Last synced: 18 Nov 2024
https://github.com/p0dalirius/robotstester
This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
bugbounty crawler pentesting python robots tool
Last synced: 30 Dec 2024
https://github.com/robotshell/dorkScraper
DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.
bugbounty googledorks pentesting python tool
Last synced: 21 Nov 2024
https://github.com/jonaslejon/lolcrawler
Headless web crawler for bugbounty and penetration-testing/redteaming
bugbounty crawler docker penetration-testing penetration-testing-tools redteam redteam-tools redteaming
Last synced: 21 Nov 2024
https://github.com/melbadry9/SSLEnum
Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)
bugbounty reconnaissance rust rust-lang ssl-certificate
Last synced: 21 Nov 2024
