Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
- GitHub: https://github.com/topics/bugbounty
- Wikipedia: https://en.wikipedia.org/wiki/Bug_bounty_program
- Related Topics: security,penetration-testing,pentesting,pentest,
- Aliases: bug-bounty,
- Last updated: 2025-02-04 00:04:14 UTC
- JSON Representation
https://github.com/si9int/gDork
A Mozilla Firefox extension which allows quick access to your google-dorking result
bugbounty dorking reconnaissance
Last synced: 21 Nov 2024
https://github.com/sec-it/BFAC-Burp-Extension
Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)
backup-files bugbounty burp-extensions burpsuite pentest recon
Last synced: 21 Nov 2024
https://github.com/gwen001/detectify-cves
Find CVEs that don't have a Detectify modules.
bugbounty cve detectify pentesting scanner security-tools
Last synced: 09 Nov 2024
https://github.com/p0dalirius/crawlersuseragents
Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
bugbounty crawler crawlers pentest request tool user-agent web
Last synced: 30 Dec 2024
https://github.com/Bhagavan-Bollina/BugBounty-Dorks
Highly recommended dorks for bug bounty
bug-bounty-dorks bugbounty dorks recon
Last synced: 21 Nov 2024
https://github.com/thelikes/fuzznav
parse ffuf & map endpoints to wordlists
bugbounty directory-fuzzing discovered-endpoints ffuf hacking multiple-wordlists offensive-security pentesting
Last synced: 21 Nov 2024
https://github.com/javanxd/raceocat
Make exploiting race conditions in web applications highly efficient and ease-of-use.
bugbounty race-conditions race-detection racer research-and-development
Last synced: 10 Nov 2024
https://github.com/alexfrancow/isoc
:bar_chart: Deploy an "illegal" SOC to manage vulnerabilities on your city servers in minutes.
blue-team bugbounty bugbounty-tool cybersecurity docker docker-compose elasticsearch elk kibana mongodb openvas python3 red-team security-operations siem vulnerability-detection w3af zabbix
Last synced: 20 Nov 2024
https://github.com/machine1337/reverse-shells
This tool will help in generating reverse shells easily for all types of OS.
bugbounty fastest-shells hacking machine1337 onelinershells pentesting phpshell phpshells quickshells reverse-shell windows-shells
Last synced: 10 Nov 2024
https://github.com/blackhatethicalhacking/bheh-sub-pwner
This bash script tool, will perform advanced subdomain enumeration, save the results, it will then probe the subdomains into urls, save the results in a separate file, it will then resolve all the subdomains into ip addresses and save the results separately.
bugbounty hacking penetration-testing pentesting subdomain-enumeration subdomain-scanner
Last synced: 05 Nov 2024
https://github.com/ElSicarius/findalllinks
A tool to extract all the urls and paths found in the content of a page (js sources included)
bugbounty extension javascript linkfinder
Last synced: 21 Nov 2024
https://github.com/pdelteil/HackerOneAPIClient
This project is a bash client to use HackerOne's API.
bugbounty bugbountyhunting hackerone
Last synced: 12 Nov 2024
https://github.com/MindPatch/pmg
Extract parameters/paths from urls
bugbounty bugbounty-tool bughunting python regex security
Last synced: 21 Nov 2024
https://github.com/azathothas/wordlists
[Custom || Automated] Curation & Collection of BugBounty Wordlists
bug-bounty bugbounty content-discovery feroxbuster ffuf fuzzing gobuster vhost wordlist wordlists
Last synced: 19 Jan 2025
https://github.com/lekssays/kibanarec
A Tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations for Bug Bounty.
bugbounty kibana recon reconnaissance
Last synced: 10 Nov 2024
https://github.com/0ss/byp4ss3r
tool to bypass 403/401 pages ( helpful for bug hunting)
Last synced: 21 Nov 2024
https://github.com/machine1337/fast-scan
An Advanced tool to scan hundreds of IP's in Seconds for CVE's, Open Ports And Web Technologies.
bugbounty cve-scanning hacking ipscanner kali-linux machine1337 portscanner serverinfo webscanner
Last synced: 10 Nov 2024
https://github.com/ctoic/lisbook
Collection of your faviorite books.
beginner-friendly bootstrap bugbounty css good-first-issue goodfirstissue hacktoberfest hacktoberfest-accepted hactoberfest help-wanted html javascript tailwindcss webapp
Last synced: 26 Jan 2025
https://github.com/mathis2001/cert4recon
Simple passive Python Recon tool for subdomains enumeration with crt.sh
bugbounty crt-sh information-gathering osint recon subdomain-enumeration
Last synced: 11 Nov 2024
https://github.com/0xkayala/custom-nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
bugbounty custom-nuclei-templates exploit-development exploits fingerprint nuclei nuclei-checks nuclei-templates nucleifuzzer security vulnerability-detection
Last synced: 11 Nov 2024
https://github.com/gwen001/extract-endpoints
Extract endpoints from source files.
bugbounty endpoints pentesting php security-tools urls
Last synced: 09 Nov 2024
https://github.com/umair9747/4ofour
A tech enumeration toolkit focused on 404 Not found pages.
bounty bug-bounty bugbounty cybersecurity cybersecurity-tools ethical-hacking infosec linux osint penetration-testing pentesting recon reconnaissance webappsecurity websec websecurity
Last synced: 08 Nov 2024
https://github.com/mindpatch/pmg
Extract parameters/paths from urls
bugbounty bugbounty-tool bughunting python regex security
Last synced: 22 Nov 2024
https://github.com/gwen001/gitgrep
Webapp to perform regexp search over GitHub search.
bugbounty git github pentesting php private regexp secrets security-tools
Last synced: 09 Nov 2024
https://github.com/mrvcoder/cloud_data
Get some useful data from Clouds for your targets
apex-domains bug-bounty bugbounty cloud cname domain ipv4 osint osint-tool recon reconnaissance subdomain subdomain-enumeration subdomain-finder subdomain-scanner
Last synced: 06 Nov 2024
https://github.com/r3k4t/onionnux
Onionnux is a onionsite(DEEPNET/DARKNET) tool.It can help to idenitfy onionsite is active or onionsite server name.
bugbounty forensics-investigations onion-routing python-pyfiglet python-requests security-analysis security-audit security-research socks5-proxy software-engineering website-vulnerability
Last synced: 17 Nov 2024
https://github.com/ucybers/bug-bounty-beginner-roadmap
This is a resource for anyone looking to learn bug hunting and provides guidance during the study and learning phase.
bug bug-bounty bugbounty bugbounty-tool bugs cmd cmdline cyber-security cybersecurity cybersecurity-tool guide hacker linux linux-shell powershell roadmap tutorial tutorials windows
Last synced: 13 Oct 2024
https://github.com/zishanadthandar/writeups
CTF and Bug Bounty Hunting WriteUps.
activedirectory activedirectorysecurity bufferoverflow bugbounty bugbounty-writeups capture-the-flag ctf ctf-challenges ctf-tools ctf-writeups cybersecurity ethical-hacking ethicalhacking linux pentesting pentesting-tool pentesting-tools privilegeescalation webexploitation windows
Last synced: 22 Nov 2024
https://github.com/blackhatethicalhacking/blackhatethicalhacking
Who We Are
bugbounty courses hacking hacking-tools offensive-security pentesting redteam socialengineering
Last synced: 22 Dec 2024
https://github.com/zpettry/boxer
Boxer: A fast directory bruteforce tool written in Python with concurrency.
bruteforce bugbounty directory hacking hacking-tool penetration-testing pentesting python
Last synced: 10 Nov 2024
https://github.com/h33tlit/Parameter-Reflect-Finder
Parameter-Reflect-Finder is a python based tool that helps you find reflected parameters which can have potential XSS or Open redirection vulnerabilities.
bug-bounty bugbounty open-redirect open-redirect-detection parameter-search reflector scanner scraper xss xss-detection xss-scanner
Last synced: 21 Nov 2024
https://github.com/random-robbie/s3-listable
S3 Buckets that will let you list all files inside them
aws aws-s3 bugbounty s3-bucket s3-storage
Last synced: 09 Nov 2024
https://github.com/umair9747/archer
A tool to check for response status codes with ease
bounty bounty-hunting-tools bug-bounty bugbounty bugbounty-tool bugbountytips ethical-hacking hacking hacktoberfest linux penetration-test penetration-testing penetration-testing-framework penetration-testing-tools pentest pentesting recon reconnaissance webapp webapp-security
Last synced: 19 Nov 2024
https://github.com/hueristiq/hqurlscann3r
A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes
bugbounty bypass-403 go golang
Last synced: 06 Nov 2024
https://github.com/stackoverflowexcept1on/how-to-hack-github-actions
How to hack Github Actions if you're smart enough ($500 bug bounty)
bugbounty cpp20 hackerone-reports hacking
Last synced: 11 Jan 2025
https://github.com/paulveillard/cybersecurity-bug-bounty
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Bug Bounty in Cybersecurity.
bounty bug bug-bounty-automation bug-bounty-tools bugbounty
Last synced: 07 Dec 2024
https://github.com/mrvcoder/getasn
🌐 Get Some Useful Info From Domain/IP/ASN 🔥
asn-lookup bgpview bugbounty cdn cdn-check cidr cli domain information-gathering osint recon reconnaissance
Last synced: 06 Nov 2024
https://github.com/mathis2001/ParamChanger
ParamChanger is a tool allowing you to replace the parameters of a list of urls by a payload entered as an argument
Last synced: 23 Oct 2024
https://github.com/mathis2001/paramchanger
ParamChanger is a tool allowing you to replace the parameters of a list of urls by a payload entered as an argument
Last synced: 11 Nov 2024
https://github.com/topscoder/nuclei-zero-day
This repository contains random Nuclei templates I've created. Most of them based on recent security issues and exploits.
bugbounty infosec nuclei nuclei-templates security
Last synced: 12 Jan 2025
https://github.com/AdnaneKhan/ActionsTOCTOU
Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
Last synced: 18 Jan 2025
https://github.com/ehsaanqazi/Bug-Bounty
Resources and Guides for Web Application Vulnerabilities
bugbounty cybersecurity information-security webapplicationsecurity
Last synced: 21 Nov 2024
https://github.com/rodolfomarianocy/asnpepper
ASNPepper - Recon in ASN - Extracting CIDR's - Fast and efficient scanning
asn bgp bugbounty hacking information-gathering pentest pentesting reconnaissance tips tricks
Last synced: 14 Dec 2024
https://github.com/d3mondev/crossjoin
Generate a cross join, also known as a Cartesian product, from the lines of the specified files. This process is useful for creating fuzzing payloads.
bug-bounty bugbounty bugbounty-tool bugbounty-tools cartesian-product cross-join crossjoin fuzzer fuzzing hacking hacking-tool penetration-testing penetration-testing-tools permutation
Last synced: 12 Nov 2024
https://github.com/3nock/ote-templates
Community curated list of templates for the OSINT template engine.
attack-surfaces bugbounty fingerprinting osint recon security templates
Last synced: 05 Jan 2025
https://github.com/gwen001/apk-analyzer
Analyze an APK archive.
android apk bugbounty code-analysis mobile mobile-app pentesting python security-tools
Last synced: 09 Nov 2024
https://github.com/momenbasel/pyrobots
a tool that gets all paths at robots.txt and opens it in the browser.
bugbounty penetration-testing pentesting python python3 robots-txt
Last synced: 11 Oct 2024
https://github.com/j3ssie/str-replace
Simple tools to handle string and generate subdomain permutations
bugbounty hacking infosec pentesting permutations recon subdomain
Last synced: 14 Oct 2024
https://github.com/machine1337/sqlscan
A small and an efficient tool to find SQL injection vulnerability in a websites.
automation-framework bugbounty bugbounty-tool hacking machine1337 sql sqli sqlinjection
Last synced: 10 Nov 2024
https://github.com/cosad3s/njsdump
Dump paths & pages from Next.js Manifest
bugbounty nextjs recon security
Last synced: 17 Dec 2024
https://github.com/macmod/namescraper
A Selenium scraper for public domain search tools.
bug-bounty bugbounty dns dnsrecon domain osint pentest reconnaissance scraper security security-tools securitytrails selenium subdomain subdomain-enumeration viewdns whoisxmlapi
Last synced: 22 Nov 2024
https://github.com/gwen001/dnsexpire
Test domain expiration dates.
bugbounty dns domains pentesting php python security-tools subdomains
Last synced: 09 Nov 2024
https://github.com/machine1337/open-redirector
A small and efficient tool to find open redirect vulnerabilities.
bugbounty hacking machine1337 openredirect-scanner vulnerabilities
Last synced: 10 Nov 2024
https://github.com/random-robbie/yahoo-bug-bounty
List of hosts from yahoo.com
bugbounty recon yahoo yahoo-bug-bounty
Last synced: 05 Jan 2025
https://github.com/0xpugal/bugbounty_profile
Automate bug bounty recon using bash alias
bash bash-alias bash-profile bugbounty recon reconnaissance
Last synced: 08 Nov 2024
https://github.com/Traumatism/raycharles
Blind RCE fuzzer
bugbounty command-injection fuzz fuzzer fuzzing hacking injection pwn rce remote-code-execution
Last synced: 23 Oct 2024
https://github.com/masa-finance/bug-bounty
Information about bug bounties available to developers
Last synced: 26 Jan 2025
https://github.com/hackshiv/hackbot
A simple hackingbot for terminal usage (Able to learn and adapt from users).
ai bugbounty bugbountytools chatgpt chatgpt4 hacker hacking machine-learning mistral pentest pentesting pentesting-tools python python3 securityresearch securityresearchers simple-project wormgpt
Last synced: 12 Nov 2024
https://github.com/crypticq/DNS_Enumerator
bugbounty cybersecurity hacking networking pentest-tool pentesting subdomain-enumeration
Last synced: 23 Oct 2024
https://github.com/robotshell/robotScraper
RobotScraper is a simple tool written in Python to check each of the paths found in the robots.txt file and what HTTP response code they return.
bounty-hunting-tools bugbounty hacking infosec python robots scraper tool
Last synced: 21 Nov 2024
https://github.com/robotshell/robotscraper
RobotScraper is a simple tool written in Python to check each of the paths found in the robots.txt file and what HTTP response code they return.
bounty-hunting-tools bugbounty hacking infosec python robots scraper tool
Last synced: 08 Nov 2024
https://github.com/gwen001/gitpillage
Extract data from a .git directory.
bugbounty endpoints git github pentesting python secrets security-tools urls
Last synced: 09 Nov 2024
https://github.com/dotnetrussell/shinobishell
An experimental shell that handles file exfiltration, exploit injection and various other obnoxious tasks.
bug-bounty bugbounty hacking hacking-tool info-sec information-security infosec infosectools linux penetration-testing penetration-testing-tools python python3 redteam shell
Last synced: 22 Jan 2025
https://github.com/cosad3s/salsa
SALSA 💃⚡ - SALesforce Scanner for Aura (and beyond). Enumeration of vulnerabilities and misconfigurations against Salesforce endpoint.
bugbounty hacking salesforce security
Last synced: 29 Oct 2024
https://github.com/DEMON1A/Blinder
A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers
automation blinder bugbounty bugbounty-tool python3 ssti tool xss xsshunter
Last synced: 21 Nov 2024
https://github.com/enenumxela/ps.sh
A wrapper around tools used for port scanning(nmap, naabu & masscan), the goal being reducing scan time, increasing scan efficiency and automating the workflow.
bashscript bashscripting bug-bounty bugbounty bugbounty-tool enumeration masscan naabu netwok-mapping nmap open-port-check open-port-check-script penetration-testing penetration-testing-tools pentesting port-scaning recon reconnaissance service-discovery
Last synced: 06 Nov 2024
https://github.com/lucasmartinelle/AnotherVulnerableWebApp
bugbounty dvwa php7 security training vulnerabilities vulnerable web
Last synced: 21 Nov 2024
https://github.com/leakix/leakixclient-python
Python Client to LeakIX API
attack-surface-management bounty bugbounty hacktoberfest infosec leakix osint python redteam security vulnerability
Last synced: 11 Nov 2024
https://github.com/fasalmbt/reconme
Recon tool
automation bugbounty recon recontool
Last synced: 21 Nov 2024
https://github.com/Markdown-Bug-Bounty-Recon/Markdown-Bug-Bounty-Recon
A recon Framework for Bug Bounty Hunters that would convert the output of a script into Markdown syntax document, which would help them to make better notes, have everything in one document, or concentrating on one domain.md document.
bug-bounty bugbounty security security-tools
Last synced: 21 Nov 2024
https://github.com/freyxfi/bugrecon
An automated bug hunting tool for comprehensive reconnaissance, including subdomain enumeration, port scanning, vulnerability detection, and report generation.
bugbounty bugbounty-tool bugbountytips bughunting hacktoberfest hacktoberfest-accepted hacktoberfest2024 recon reconnaissance
Last synced: 05 Jan 2025
https://github.com/machine1337/hackguard
FAST WEB APPLICATION VULNERABILITY SCANNER written in python3
bugbounty cybersecurity hacking machine1337 penetration sql-injection vulnerability-detection vulnerability-scanners web-application-fr web-application-scan web-scanning
Last synced: 10 Nov 2024
https://github.com/9oelm/atm
A set of AuToMation scripts for hacking.
automation bugbounty hacking infosec script web-hacking
Last synced: 23 Oct 2024
https://github.com/mrlew1s/SubdomainTakeover
Small python or powershell script to look for potential subdomain takeover vulnerabilities via vulnerable Alias.
bugbounty offensive offensive-security pentest-scripts pentest-tool powershell python3 security security-tools subdomain subdomain-takeover takeover takeover-subdomain vulnerabilities vulnerability vulnerability-detection vulnerability-scanners
Last synced: 21 Nov 2024
https://github.com/machine1337/lfiscan
A small and fast bash script to automate LFI vulnerability.
bugbounty hacking lfi lfi-exploitation machine1337 shell
Last synced: 10 Nov 2024
https://github.com/austinsonger/penteststack
Penetration Testing Stack
auditing backdoor bugbounty ddos dorking evasion exploitation firewall hacking osint penetration-testing penetration-testing-framework penetration-testing-tools
Last synced: 21 Jan 2025
https://github.com/umair9747/seize
A Command-line Utility written in Go for generating images of your CLI output using stdin
automation bugbounty cli command-line command-line-tool cybersecurity golang hacking linux programming
Last synced: 09 Nov 2024
https://github.com/c-f/lel
Visualization layer and helper for relevant IT related documentation and operation
bugbounty documentation-tool golang graph lel logger react redteam-infrastructure
Last synced: 21 Nov 2024
https://github.com/mathis2001/files-upload
Some useful files for upload features pentesting
bugbounty file-upload pentest pentesting php svg webshell
Last synced: 11 Nov 2024
https://github.com/0xdln1/getlevels
Tool for sorting different Level of subdomains form 1...N
bugbounty getlevels infosec python subdomain-enumeration subdomainlist subdomains
Last synced: 21 Nov 2024
https://github.com/indiancybertroops/Web-See
Web-See is Tool For Checkout Status Of Urls in Mass Its For Bug Bounty Hunters And Black Hat Hackers It Will Save Your Valuable Time Script is Designed By Indian Cyber Troops
200 202 301 302 400 404 500 bugbounty bugbountyrecon defacing domain-checker ict icttools indiancybertroops indianhacker status-checker web-see webstatus
Last synced: 23 Oct 2024
https://github.com/gwen001/shottheworld
PHP tool that takes screenshots of a given ips/ports combo list and then try to guess the service.
bugbounty ips pentesting php ports security-tools socket
Last synced: 09 Nov 2024
https://github.com/krishpranav/sniff
A Simple Golang Tool That Automates OSINT For Threat Intelligence And Mapping Your Attack Surface.
attack attack-defense attack-surface attack-surfaces bugbounty go golang recon reconnaissance scanner security web-security
Last synced: 15 Oct 2024
https://github.com/terjanq/xss-challenge-solutions
This repository is an interactive collection of my solutions to various XSS challenges.
bugbounty ctf-challenges ctf-writeups javascript xss-challenges
Last synced: 13 Nov 2024
https://github.com/bytexenon/securityresearchwriteups
All Public vulns/bugs/exploits I found and discolsed.
bugbounty documentation github markdown poc report research security vulnerability writeups xss
Last synced: 19 Nov 2024
https://github.com/hueristiq/xurlbits
A CLI utility to pull out bits of URLs.
bugbounty go golang infosec parser reconnaissance url url-parsing
Last synced: 06 Nov 2024
https://github.com/momenbasel/liffier
tired of manually add dot-dot-slash to your possible path traversal? this short snippet will increment ../ on the URL.
bugbounty python python3 vulnerability-scanners
Last synced: 11 Oct 2024
https://github.com/nsonaniya2010/sanfinder
It finds Subject Alternative Names for a given list of domains
bug-bounty bug-hunting bugbounty infosec madeinindia security security-tools
Last synced: 08 Nov 2024
https://github.com/random-robbie/selenium-abuser
Abuse Open Selenium Gird or Node to get access to metadata endpoint.
bugbounty hacker iam-credentials iam-role selenium selenium-grid selenium-python
Last synced: 09 Nov 2024
https://github.com/krishpranav/packetkit
An Advanced Network Packet Sniffer Built In Rust
bugbounty hacking hackingtools network network-scanner pcap pentesting rust rust-security security sniffer
Last synced: 15 Oct 2024
https://github.com/edoverflow/bounty-pls
A Chrome extension that spices up those #togetherwehitharder tweets.
Last synced: 10 Nov 2024
https://github.com/tkmru/xss_dict
xss dictionary for Google 日本語入力
bugbounty bugbountytips xss-detection
Last synced: 01 Feb 2025
https://github.com/machine1337/jsscanner
An Efficent tool to find juicy secrets in javascript source code. Automate Your Javascript hunting using this tool.
bugbounty bugbounty-tool hackerone hacking javascript-recon jsscanner machine1337 reconn
Last synced: 10 Nov 2024
https://github.com/melbadry9/domain_reg
Check domain availability for registration
bugbounty domain-registration recon
Last synced: 21 Nov 2024
