A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Hacking Toolkit

All-in-one tool for managing vulnerability reports from AppSec pipelines

🔐 Docker Container for Penetration Testing & Security

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A Blazing fast Security Auditing tool for Kubernetes

The DevSecOps toolset for REST APIs

Agile Threat Modeling Toolkit

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

🎯 XML External Entity (XXE) Injection Payload List

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Web application vulnerability scanner

kube-scan: Octarine k8s cluster risk assessment tool

Web path scanner

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

🎯 SQL Injection Payload List

被动式漏洞扫描系统