306 Open source projects that are alternatives of or similar to Awesome Bugbounty Writeups

DNS hijacking via dead records automation tool

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Good resources about web security that I have read.

Tutorials and Things to Do while Hunting Vulnerability.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Full Nuclei automation script with logic explanation.

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

BugBounty_CheatSheet

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

CloudFlare Checker written in Go

🦄🔒 Awesome list of secrets in environment variables 🖥️

Scans a list of websites for Cloudfront or S3 Buckets

Your Google Recon is Now Automated

Command line tool for testing CRLF injection on a list of domains.

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.

Automated NoSQL database enumeration and web application exploitation tool.

The unofficial HackerOne disclosure Timeline

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

A tool to check a bunch of URLs that contain reflecting params.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Extract API keys from file or url using by magic of python and regex.

A Colab For Bug Hunting!

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Scan for open AWS S3 buckets and dump the contents

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Penetration tests guide based on OWASP including test cases, resources and examples.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A Python3 based single-file subdomain enumerator

Cross Origin Resource Sharing MisConfiguration Scanner

Random Tools for Bug Bounty

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Subdomain Takeover tool written in Go

Automating XSS using Bash

Find exploits in local and online databases instantly

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

DNS-Discovery is a multithreaded subdomain bruteforcer.

RFD Checker - security CLI tool to test Reflected File Download issues

🎯 Server Side Template Injection Payloads

The Swiss Army knife for automated Web Application Testing

Collection of Facebook Bug Bounty Writeups

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A fast http and https prober, to check which URLs are alive

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Web Application recon automation

This challenge is Inon Shkedy's 31 days API Security Tips.

A collection of response templates for invalid bug bounty reports.

Urls de-duplication tool for better recon.

A fast HTTP Response status checker implemented in Python3

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

A note-taking macOS app for penetration-testers.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Security Tool to Look For Interesting Files in S3 Buckets

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。