Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2025-02-04 00:04:14 UTC
- JSON Representation
https://github.com/jonaslejon/lolcrawler
Headless web crawler for bugbounty and penetration-testing/redteaming
bugbounty crawler docker penetration-testing penetration-testing-tools redteam redteam-tools redteaming
Last synced: 21 Nov 2024
https://github.com/cqsd/daily-commonspeak2
commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists
bugbounty content-discovery security
Last synced: 21 Nov 2024
https://github.com/m8sec/subwalker
Simultaneously execute various subdomain enumeration tools and aggregate results.
bugbounty recon subdomain-enumeration
Last synced: 19 Dec 2024
https://github.com/dreamer1eh/ultimate_bughunter_tools
Ultimate Package Of 50 Bug Bounty Hunting Tools
bug-bounty bugbounty infosec security security-tools
Last synced: 21 Nov 2024
https://github.com/azathothas/certstream-domains
[Automated | UpToDate] Daily Dumps of CertStream Certificate Logs Subdomains Data (SAN || CN)
bugbounty certificate certificate-transparency certificate-transparency-logs certstream crt-monitor logs nepali-domains ssl-certificates subdomain transparency
Last synced: 19 Jan 2025
https://github.com/Dc4ts/ChangeTower
ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go
bugbounty bugbounty-tool golang red-team webscanner
Last synced: 21 Nov 2024
https://github.com/BountyStrike/Emissary
Send notifications on different channels such as Slack, Telegram, Discord etc.
Last synced: 16 Nov 2024
https://github.com/pikpikcu/js-finding
JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various extraction methods and provides additional options for file download and wordlists creation.
Last synced: 20 Nov 2024
https://github.com/melbadry9/ScanApi
Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
bugbounty recon s3-bucket-scanner subdomains-enumeration
Last synced: 21 Nov 2024
https://github.com/khetaguridimitri/sql-injection
SQL Injection / SQL инъекциа - Hacking and bypass
android audit blackhat bugbounty bughunting cyberattack cybersecurity dorks ethical-hacking ethical-hacking-tools hacking intelligence linux pentest redhat security sql sql-injection whitehat windows
Last synced: 08 Nov 2024
https://github.com/karthi-the-hacker/crlfi
CRLF Bug scanner for WebPentesters and Bugbounty Hunters
bugbounty bugbounty-tool bugbounty-tools crlf-injection crlf-injection-scanner webpentesting websecurity
Last synced: 02 Jan 2025
https://github.com/karthi-the-hacker/Gh0stR3c0n
All in one web Recon app
bugbounty bugbounty-tool bugbounty-tools bugbountyautomation bugbountytips webrecon
Last synced: 21 Nov 2024
https://github.com/0xpugal/knoxsser
A concise and effective bash script for mass XSS scanning utilizing the KNOXSS API by Brute Logic
Last synced: 08 Nov 2024
https://github.com/mathis2001/webhackurls
Simple python OSINT tool for urls recon thanks to the waybackmachine.
bugbounty osint pentesting recon wayback-machine webarchive
Last synced: 11 Nov 2024
https://github.com/BLACK-SCORP10/url-status-checker
Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded output, and easy CLI usage, it's a handy solution for monitoring web service performance.
automation bug-bounty bugbounty bugbounty-tools bugbountyautomation bulk easy-to-use httpx infosys python status-codes statuscode
Last synced: 25 Nov 2024
https://github.com/acuciureanu/ppfang
A tool which helps identifying client-side prototype polluting libraries
bugbounty bugbounty-tool bugbountytips chromium cspp prototype-pollution security security-tools vulnerability-scanners
Last synced: 12 Oct 2024
https://github.com/blackhatethicalhacking/openrediwrecked
A powerful and sophisticated tool for detecting and exploiting open redirect vulnerabilities using the sed utility and a selected list of carefully crafted payloads with encoding techniques.
bugbounty hacking infosec openredirect-scanner penetration-testing pentesting
Last synced: 05 Nov 2024
https://github.com/edoardottt/malicious-rmqr-codes
Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
bug-bounty bugbounty malicious-payloads offensive-security payload-generator payloads qr-code qrcode qrcodes red-team red-team-tools redteam redteam-tools redteaming rmqr rmqrcode security security-tools web-security
Last synced: 28 Oct 2024
https://github.com/abuvanth/kicks3
S3 bucket finder from html,js and bucket misconfiguration testing tool
automation aws aws-s3 bucket-misconfiguration-testing bugbounty s3 s3-bucket-finder security-tools storage
Last synced: 03 Nov 2024
https://github.com/pelaohxc/postMessageFinder
bugbounty domxss hacking javascript postmessage tool xss
Last synced: 21 Nov 2024
https://github.com/typeerror/crystalball
An enchanting 🔮 web screenshot tool for capturing and sharing web content effortlessly
bugbounty enumeration infosec security web-screenshot
Last synced: 08 Nov 2024
https://github.com/rascal999/maxos
Pentest focused NixOS config
bugbounty docker-images firefox-bookmarks hacking hacking-tool jupyter jupyter-notebook linux nix nixos nixos-config operating-system osint pentest pentesting redteam resources security
Last synced: 18 Jan 2025
https://github.com/andripwn/PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
allpayload bugbounty bugcrowd bughunter hackerone payloads pentest python rce researchers securityresearchers sql vulnerability vulnerabilityanalysis xsss
Last synced: 23 Oct 2024
https://github.com/bountymachine/about
A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!
automation bountymachine bugbounty infosec presentation slides
Last synced: 18 Nov 2024
https://github.com/HJ23/Raptor
Passive subdomain enumeration tool with http-probe.
bug-bounties bug-bountry bug-hunter bugbounty cybersecurity enumeration hacking http-probe osint osint-python osint-tool probe probe-requests python python3 subdomain subdomain-enumeration subdomain-scanner subdomains subdomains-monitoring
Last synced: 21 Nov 2024
https://github.com/mrnazu/learn-365-days
Learn 365 Days Challenge
365daysofcode algorithms-and-data-structures articles bugbounty bugcrowd certfication coding cybersecurity hacking learn365 learn365days learning security web websecurity writeups
Last synced: 18 Jan 2025
https://github.com/hahwul/backbomb
💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
appsec bugbounty docker docker-image environment golang hacking pentest security tools
Last synced: 21 Jan 2025
https://github.com/umutcamliyurt/subhunter
A fast subdomain takeover tool
bug-bounty bug-bounty-tools bugbounty go golang infosec penetration-testing pentesting security-tools subdomain-takeover takeover-subdomain
Last synced: 19 Nov 2024
https://github.com/mathis2001/paramfirstcheck
ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, RCE and Open redirect
bugbounty parameters pentest top25
Last synced: 11 Nov 2024
https://github.com/blackhatethicalhacking/sql-injection-pwn
A 1 Liner SQL Injection Attack using SQLMAP and various parameters that helps quickly check for a vulnerabilities during Bug Bounty
bugbounty hacking penetration-testing pentesting redteam sqlinjection
Last synced: 05 Nov 2024
https://github.com/Sajibekanti/Bug_Bounty_List
Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.
Last synced: 21 Nov 2024
https://github.com/0xpugal/bounty.sh
simple bash script to earn bounties
bash bugbounty recon reconnaissance shell
Last synced: 08 Nov 2024
https://github.com/sidxparab/Subdomain-Enumeration-Guide
This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.
bugbounty pentesting recon reconnaissance subdomain-enumeration
Last synced: 21 Nov 2024
https://github.com/r0x4r/snetra
A Python based scanner uses shodan-internetdb to scan the IP.
bugbounty penetration-testing penetration-testing-tools python3 shodan
Last synced: 08 Nov 2024
https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn
An AIO Tool to check for Vulnerable Amazon S3 Buckets as part of Bug Bounty, the uniqueness of this tool is that it can take a file full of buckets, and check all of them with various attack scenarios if they are vulnerable
bugbounty hacking penetration-testing pentest-tool pentesting redteam s3-bucket
Last synced: 05 Nov 2024
https://github.com/Damian89/simple-oob-scanner
Simple tool to test for SSRF/OOB HTTP Read within the Path of a request
bugbounty penetration-testing pentesting python3
Last synced: 21 Nov 2024
https://github.com/R0X4R/snetra
A Python based scanner uses shodan-internetdb to scan the IP.
bugbounty penetration-testing penetration-testing-tools python3 shodan
Last synced: 21 Nov 2024
https://github.com/sidxparab/subdomain-enumeration-guide
This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.
bugbounty pentesting recon reconnaissance subdomain-enumeration
Last synced: 18 Dec 2024
https://github.com/shivamrai2003/sql-injection-google-dork-list
Updated 6000 Sql Injection Google Dork 2021
bugbounty dorks google-dork google-dorks pentesting security
Last synced: 02 Jan 2025
https://github.com/shelld3v/flydns
Related subdomains finder
bug-bounty bugbounty hacking infosec network-security osint pentest pentesting recon reconnaissance security subdomains subdomains-discovery
Last synced: 28 Oct 2024
https://github.com/zishanadthandar/burptoggle
Burp Suite Proxy Toggler Lite Add-on for Mozilla Firefox.
bugbounty bugbounty-tool burp-extensions burpsuite burpsuite-tools firefox firefox-addon firefox-extension firefox-extensions firefox-webextension hacking hacking-tool hackingtool opensource
Last synced: 22 Nov 2024
https://github.com/aldo-moreno-leon/ORtester
Open Redirect scanner - (out of date)
Last synced: 21 Nov 2024
https://github.com/BitTheByte/Orkestra
Web-based Android debugger with inspection capabilities using Frida and Jadx as a backbone
android bugbounty bugcrowd debugger decompiler frida hackerone jadx java java-decompiler orkestra
Last synced: 21 Nov 2024
https://github.com/melbadry9/WhoEnum
Mass querying whois records
bugbounty enumeration recon whois
Last synced: 21 Nov 2024
https://github.com/blackhatethicalhacking/bf_active_sub
Subdomain Bruteforce - Bounty Quick Code
bruteforce bugbounty hacking kali-linux penetration-testing pentesting reconnaissance subdomain-enumeration
Last synced: 05 Nov 2024
https://github.com/ihebski/db
Bugbounty utility to store list of enumerated subdomains into an sqlite3 db [one liner style / Pipe and save]
bugbounty database mini-utility sqlite3 subdomain-enumeration
Last synced: 29 Oct 2024
https://github.com/BitTheByte/BitTraversal
Burpsuite Plugin to detect Directory Traversal vulnerabilities
bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender java path-traversal traversal web
Last synced: 21 Nov 2024
https://github.com/mrofisr/gf-patterns
Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf
Last synced: 23 Jan 2025
https://github.com/swanandx/rustywitness
A CLI tool for getting screenshots of URLs using headless chrome
bugbounty cli headless-chrome recon rust web
Last synced: 27 Oct 2024
https://github.com/VincentDS/HackerOne-Notifier
Send notifications if a new program is published on HackerOne using Pushbullet
bugbounty hackerone notifications pushbullet
Last synced: 21 Nov 2024
https://github.com/vah13/BurpCRLFPlugin
Another plugin for CRLF vulnerability detection
bugbounty burp crlf plugin scanner vulnerability-detection
Last synced: 25 Oct 2024
https://github.com/gwen001/favicon-hashtrick
Python script implementing the favicon hash trick to find subdomains.
bugbounty favicon pentesting python security-tools shodan
Last synced: 09 Nov 2024
https://github.com/theporgs/exegol-resources
Hacking resources for the Exegol project
active-directory bugbounty hacking pentesting
Last synced: 16 Nov 2024
https://github.com/0xAkashsky/sub-scout
Simple bash Script to automate initial recon using (httpx, puredns, regulator, wayback, katana, aquatone)
bugbounty cybersecurity infosec infosectools security tools
Last synced: 23 Oct 2024
https://github.com/ritiksahni/ASN-Eagle
A tool to discover ASN of any host and fetch IP ranges.
api asn asn-eagle automation autonomous bugbounty hacking hackingtools reconaissance reconnaissance scanner vulnerability
Last synced: 21 Nov 2024
https://github.com/itsignacioportal/hacker-scoper
Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity
Last synced: 30 Dec 2024
https://github.com/xalgord/my-methodologies
Tools and methods that I personally use for Recon and Exploitations
bug-bounty bugbounty penetration-testing pentesting recon xss
Last synced: 21 Jan 2025
https://github.com/javierolmedo/ipdiscover
🔍 A simple tool to obtain long lists of ips from domains using goroutines
bugbounty bughunter domain hacking-tool ip recon
Last synced: 29 Nov 2024
https://github.com/txuswashere/pentesting
CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...
active-directory audit auditing bugbounty cloudsecurity cyber-security cybersecurity exploiting hacking networksecurity osint pentesting pentesting-tools privilegeescalation purple-team purpleteam resources reversing webpentest webpentesting
Last synced: 30 Jan 2025
https://github.com/ivre/obsidian-ivre-plugin
Grabs data from IVRE and brings it into Obsidian notes
bugbounty cti hacktoberfest ioc ivre obsidian obsidian-md obsidian-plugin obsidian-plugins pentest pentesting threat-intelligence threatintel
Last synced: 13 Nov 2024
https://github.com/randomrobbiebf/phpunit-brute
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
bugbounty cve-2017-9841 phpunit
Last synced: 20 Nov 2024
https://github.com/tuxotron/docker-image-generator
Customized docker images generation toolkit
bugbounty docker infosec pentesting
Last synced: 21 Nov 2024
https://github.com/gwen001/csp-analyzer
Analyze Content-Security-Policy header of a given URL.
bugbounty content-security-policy csp pentesting python security-tools
Last synced: 09 Nov 2024
https://github.com/anof-cyber/pentest-recon
Web application pentesting recon
bugbounty information-extraction pentesting reconnaissance webapplication webpentest
Last synced: 06 Nov 2024
https://github.com/xNaughty/BugBountyTips
BugBountyTips en Español
bugbounty bypass ciberseguridad hacking infosec payloads penetration-testing pentesting redteam
Last synced: 21 Nov 2024
https://github.com/komodoooo/some-things
Scripts, POCs & more
adb-android bugbounty compromised-emails cve-poc cybersec-resources deauthentication-attack dorks network-sniffing scripts shell-shoveling shellcode sqli-scanner ssh-bruteforce ssl-scanner url-crawler utilities xss-payloads youtube-views
Last synced: 17 Nov 2024
https://github.com/proditis/bugbounty-cicd
A set of Gitlab pipelines and Github workflows to automate and ease on BugBounty and Penetration Testing engagements
bugbounty bugbounty-pipeline cybersecurity devsecops devsecops-pipeline gitlab gitlab-ci
Last synced: 08 Nov 2024
https://github.com/ItsIgnacioPortal/hacker-scoper
Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity
Last synced: 21 Nov 2024
https://github.com/thelikes/fuzzmost
all manner of wordlists
bugbounty infosec recon wordlist
Last synced: 21 Nov 2024
https://github.com/elniak/bountydork
BountyDork is a comprehensive tool designed for penetration testers and cybersecurity researchers. It integrates various modules for performing attacks, reporting, and managing VPN/proxy settings, making it an indispensable asset for any security professional.
bugbounty dork dorking google penetration-testing proxy pypy python vpn
Last synced: 13 Dec 2024
https://github.com/samirettali/bounty-notes
My bug bounty notes
bounty-notes bug-bounty bug-bounty-recon bug-bounty-tips bugbounty bugbountytips hacking
Last synced: 21 Nov 2024
https://github.com/sam5epi0l/beginner-bug-bounty-automation
Many script that can be modified according to your needs for Information Gathering and Asset discovery in Bug Bounty Hunting (Pull requests are welcome!)
amass bash-script beginner-friendly bug-bounty bugbounty hacking hacking-tools nipe penetration-testing recon reconnaissance starter-kit tor tor-network
Last synced: 22 Nov 2024
https://github.com/Anof-cyber/pentest-recon
Web application pentesting recon
bugbounty information-extraction pentesting reconnaissance webapplication webpentest
Last synced: 21 Nov 2024
https://github.com/ravro-ir/log4shell-looker
log4jshell vulnerability scanner for bug bounty
bugbounty bugs java java-8 log4j log4j2 log4shell logger logging secuurity vulnerabilities vulnerability vulnerability-detection vulnerability-scanners
Last synced: 21 Nov 2024
https://github.com/anof-cyber/alphascan
A BurpSuite extension for vulnerability Scanning
application-security appsec bug-bounty bugbounty burp-extensions burpsuite pentesting security security-scanner vulnerability vulnerability-scanners
Last synced: 06 Nov 2024
https://github.com/Naategh/dom-red
Small script to check a list of domains against open redirect vulnerability
bugbounty open-redirect python
Last synced: 03 Nov 2024
https://github.com/angelsecurityteam/framedomain
FrameDomain Framework - subdomains enumeration tool for penetration testers
bug-bounty-program bugbounty framedomain-framework framework information-gathering penetration-testing penetration-testing-framework python3 subdomain-bruteforcing subdomain-enumeration subdomain-finder subdomain-scanner
Last synced: 13 Nov 2024
https://github.com/AmoloHT/TTWAF
「🧱」Test a list of payloads and see if you can bypass it
application bugbounty bugbounty-tool bypass firewall lfi payload rce rust sqli test waf xss
Last synced: 23 Oct 2024
https://github.com/topscoder/fourohme
FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.
401 401-bypass 403 403-bypass bugbounty bugbountytips bugbountytricks cli http http-headers osint recon
Last synced: 13 Nov 2024
https://github.com/JavierOlmedo/ipdiscover
🔍 A simple tool to obtain long lists of ips from domains using goroutines
bugbounty bughunter domain hacking-tool ip recon
Last synced: 21 Nov 2024
https://github.com/johnsaigle/scary-strings
Collection of wordlists containing dangerous function calls in many languages
application-security appsec bug-bounty bugbounty go hacking infosec penetration-testing penetration-testing-tools pentesting php rust security security-tools source-code-analysis static-analysis white-box-testing wordlist wordlists
Last synced: 16 Nov 2024
https://github.com/adnanekhan/actionstoctou
Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
Last synced: 08 Nov 2024
https://github.com/h0tak88r/nuclei_templates
Collection of templates from various resources
bugbounty cybersecurity nuclei-tamplates
Last synced: 18 Jan 2025
https://github.com/ImAyrix/er
😁 Easy Regex
bug-bounty bugbounty cli golang regex
Last synced: 23 Oct 2024
https://github.com/adnanekhan/actionscacheblasting
Proof-of-concept code for research into GitHub Actions Cache poisoning.
Last synced: 08 Nov 2024
https://github.com/incogbyte/laravel-phpunit-rce-masscaner
Masscanner for Laravel phpunit RCE CVE-2017-9841
Last synced: 07 Dec 2024
https://github.com/humblelad/Needle
Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
bugbounty bugcrowd chrome-extension hackerone intigriti yeswehack
Last synced: 21 Nov 2024
https://github.com/nscuro/fdnssearch
Swiftly search FDNS datasets from Rapid7 Open Data
bugbounty dns fdns golang opendata rapid7 subdomains
Last synced: 21 Nov 2024
https://github.com/aufzayed/digit
Extract endpoints from specific Git repository for fuzzing
bugbounty bugbounty-tool bugbountytips cybersecurity hacking hacking-tool hacking-tools infosec pentest pentest-scripts pentest-tool pentesting pentesting-tools recon
Last synced: 21 Nov 2024
https://github.com/p0dalirius/robotsvalidator
A python script to check if URLs are allowed or disallowed by a robots.txt file.
allow bugbounty bypass check disallow robots-txt web
Last synced: 30 Dec 2024
https://github.com/anof-cyber/web-recon
Web application recon for bug bounty
bugbounty httprobe linkfinder nmap sublist3r waybackurl
Last synced: 06 Nov 2024
https://github.com/gwen001/detectify-cves
Find CVEs that don't have a Detectify modules.
bugbounty cve detectify pentesting scanner security-tools
Last synced: 09 Nov 2024