Top 305 bugbounty open source projects

Gofingerprint
GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Grecon
Your Google Recon is Now Automated
Corsme
Cross Origin Resource Sharing MisConfiguration Scanner
Hackeronedb
The unofficial HackerOne disclosure Timeline
Quickxss
Automating XSS using Bash
Gxss
A tool to check a bunch of URLs that contain reflecting params.
Dns Discovery
DNS-Discovery is a multithreaded subdomain bruteforcer.
Bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Facebook Bugbounty Writeups
Collection of Facebook Bug Bounty Writeups
Deksterecon
Web Application recon automation
Uddup
Urls de-duplication tool for better recon.
Nuclei Templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Arl
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Gf Secrets
Secret and/ credential patterns used for gf.
S3scanner
Scan for open AWS S3 buckets and dump the contents
Aws Scanner
Scans a list of websites for Cloudfront or S3 Buckets
Pentest Guide
Penetration tests guide based on OWASP including test cases, resources and examples.
Crlf Injection Scanner
Command line tool for testing CRLF injection on a list of domains.
Acamar
A Python3 based single-file subdomain enumerator
Csp
Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
Bug Bounty Tools
Random Tools for Bug Bounty
✭ 89
bugbounty
Webhackersweapons
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Subjack
Subdomain Takeover tool written in Go
Gitgraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Findsploit
Find exploits in local and online databases instantly
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
S3reverse
The format of various s3 buckets is convert in one format. for bugbounty and security testing.
Zile
Extract API keys from file or url using by magic of python and regex.
Rfd Checker
RFD Checker - security CLI tool to test Reflected File Download issues
Differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters
Jaeles
The Swiss Army knife for automated Web Application Testing
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Halive
A fast http and https prober, to check which URLs are alive
31 Days Of Api Security Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Bug Bounty Responses
A collection of response templates for invalid bug bounty reports.
Drishti
A fast HTTP Response status checker implemented in Python3
Burpbounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Awsbucketdump
Security Tool to Look For Interesting Files in S3 Buckets
Ezxss
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Legal Bug Bounty
#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Brutex
Automatically brute force all services running on a target.
Tiny Xss Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Takeover
A tool for testing subdomain takeover possibilities at a mass scale.
Gogitdumper
Dump exposed HTTP .git fast
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Urlhunter
a recon tool that allows searching on URLs that are exposed via shortener services
Subdomainizer
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Privesc
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Gospider
Gospider - Fast web spider written in Go
Paramspider
Mining parameters from dark corners of Web Archives
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
61-120 of 305 bugbounty projects