GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → JakobTheDev → bug-bounty

JakobTheDev / bug-bounty

Licence: other
My personal bug bounty toolkit.

Programming Languages

javascript
184084 projects - #8 most used programming language
Dockerfile
14818 projects
Classic ASP
548 projects

Labels

hackingpenetration-testingmethodologybugbounty

Projects that are alternatives of or similar to bug-bounty

Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-51.18%)
Mutual labels:  penetration-testing, methodology, bugbounty
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+25812.6%)
Mutual labels:  penetration-testing, methodology, bugbounty
Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (+44.09%)
Mutual labels:  penetration-testing, bugbounty
Knary
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (+47.24%)
Mutual labels:  penetration-testing, bugbounty
Wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+2949.61%)
Mutual labels:  penetration-testing, bugbounty
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+27.56%)
Mutual labels:  penetration-testing, bugbounty
Awesome Vulnerable Apps
Awesome Vulnerable Applications
Stars: ✭ 180 (+41.73%)
Mutual labels:  penetration-testing, bugbounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+49.61%)
Mutual labels:  penetration-testing, bugbounty
Pentest Guide
Penetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+936.22%)
Mutual labels:  penetration-testing, bugbounty
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+11.81%)
Mutual labels:  penetration-testing, bugbounty
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+131.5%)
Mutual labels:  penetration-testing, bugbounty
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-64.57%)
Mutual labels:  penetration-testing, bugbounty
Quiver
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (+10.24%)
Mutual labels:  penetration-testing, bugbounty
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1418.11%)
Mutual labels:  penetration-testing, bugbounty
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+43.31%)
Mutual labels:  penetration-testing, bugbounty
Oscp Prep
my oscp prep collection
Stars: ✭ 105 (-17.32%)
Mutual labels:  penetration-testing, methodology
3klcon
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (+48.82%)
Mutual labels:  penetration-testing, bugbounty
Awsbucketdump
Security Tool to Look For Interesting Files in S3 Buckets
Stars: ✭ 1,021 (+703.94%)
Mutual labels:  penetration-testing, bugbounty
boxer
Boxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-88.19%)
Mutual labels:  penetration-testing, bugbounty
crtfinder
Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (-24.41%)
Mutual labels:  penetration-testing, bugbounty
View All Similar Projects ➔

Environment

My basic testing environment includes:

  • Docker container (see Dockerfile)
  • Standard config (see my config repo)
  • BurpSuite
  • Firefox
  • Terminal

Methodology

Bug Classes

Polyglots

Notes

Recon Workflow

Below is a summary of my reconnaissance workflow. More details about the workflow and example commands can be found on the recon page.

Recon Workflow

Tips

  • Create a separate Chrome profile / Google account for Bug Bounty. Create dedicated BB accounts for YouTube etc. so you can get only relevant recommended content.
  • However you do it, set up an environment that has all the tools you use, all the time.
  • Use aliases and bash scripts to simplify commands you use all the time.

Resources

Guides

Lists

Methodology

Tooling

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].