Top 305 bugbounty open source projects

🦄🔒 Awesome list of secrets in environment variables 🖥️

CloudFlare Checker written in Go

Do some quick reconnaissance on a domain-based web-application

Open Redirect scanner - (out of date)

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

a Go code to detect leaks in JS files via regex patterns

Yet Another PHP Shell - The most complete PHP reverse shell

No description or website provided.

A Tool for Domain Flyovers

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

Misc. Public Reports of Penetration Testing and Security Audits.

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

BugBounty Tool

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

XSS in pastebin.com and reddit.com via unsanitized markdown output

One-click installer for Frida and Burp certs for SSL Pinning bypass

Reconness Agents Script

An efficient multi-threaded DNS resolver validator

Pentesting/Bugbounty Dockerfiles.

No description or website provided.

Nuubi Tools (Information-ghatering|Scanner|Recon.)

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Host Header Injection Checker

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Simultaneously execute various subdomain enumeration tools and aggregate results.

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

sub domain wild card filtering tool

Domain availbility checker

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

Framework for rapid development and reusable of security tools

Para pencari bug / celah kemanan bisa bergabung.

HTTP fuzzer engine security oriented

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Kubernetes Scanner

Running nuclei Continuously

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

My personal bug bounty toolkit.

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

DNS hijacking via dead records automation tool

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

Modified Nuclei Templates Version to FUZZ Host Header