Top 251 bugbounty open source projects

Bugbounty Scans
aquatone results for sites with bug bountys
Cc.py
Extracting URLs of a specific target based on the results of "commoncrawl.org"
Autorecon
Simple shell script for automated domain recognition with some tools
Public Bugbounty Programs
Community curated list of public bug bounty and responsible disclosure programs.
Bugbountyscanner
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Intruderpayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Sitedorks
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Ssrf Sheriff
A simple SSRF-testing sheriff written in Go
✭ 221
gobugbounty
Dnsprobe
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Contact.sh
An OSINT tool to find contacts in order to report security vulnerabilities.
Can I Take Over Xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Qsfuzz
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Mad Metasploit
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
Slicer
A tool to automate the boring process of APK recon
Howtohunt
Tutorials and Things to Do while Hunting Vulnerability.
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
3klcon
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Knary
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Xrcross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Jwt Hack
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Taie Bugbounty Killer
挖掘国内外漏洞平台必备的自动化捡钱赏金技巧,看了并去做了捡钱如喝水。
✭ 175
bugbounty
Tuktuk
Tool for catching and logging different types of requests.
Jaeles Signatures
Default signature for Jaeles Scanner
Url Tracker
Change monitoring app that checks the content of web pages in different periods.
Tools Tbhm
Tools of "The Bug Hunters Methodology V2 by @jhaddix"
Mobilehackersweapons
Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Bountystrike Sh
Poor (rich?) man's bug bounty pipeline
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Jira Scan
CVE-2017-9506 - SSRF
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Di.we.h
Repositório com conteúdo sobre web hacking em português
Awesome Bugbounty Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Proof Of Concepts
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Bug Hunting Colab
A Colab For Bug Hunting!
Bbr
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Quiver
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Reconness
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Asnip
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Swiftness
A note-taking macOS app for penetration-testers.
0l4bs
Cross-site scripting labs for web application security enthusiasts
✭ 119
bugbountyxss
1-60 of 251 bugbounty projects