ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

This challenge is Inon Shkedy's 31 days API Security Tips.

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

websocket-connection-smuggler

Subdomain Takeover tool written in Go

A fast http and https prober, to check which URLs are alive

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

A fast HTTP Response status checker implemented in Python3

A collection of response templates for invalid bug bounty reports.

RFD Checker - security CLI tool to test Reflected File Download issues

Security Tool to Look For Interesting Files in S3 Buckets

Find exploits in local and online databases instantly

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

The Swiss Army knife for automated Web Application Testing

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Extract API keys from file or url using by magic of python and regex.