306 Open source projects that are alternatives of or similar to Awesome Bugbounty Writeups

An automated target reconnaissance pipeline.

A python tool to check subdomain takeover vulnerability

Dump exposed HTTP .git fast

Flutter Reverse Engineering Framework

Scan for open AWS S3 buckets and dump the contents

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Open Redirect scanner - (out of date)

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Penetration tests guide based on OWASP including test cases, resources and examples.

Yet Another PHP Shell - The most complete PHP reverse shell

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

A Tool for Domain Flyovers

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Misc. Public Reports of Penetration Testing and Security Audits.

Mining parameters from dark corners of Web Archives

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

A Python3 based single-file subdomain enumerator

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

Cross Origin Resource Sharing MisConfiguration Scanner

One-click installer for Frida and Burp certs for SSL Pinning bypass

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

An efficient multi-threaded DNS resolver validator

Random Tools for Bug Bounty

No description or website provided.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

This repository created for personal use and added tools from my latest blog post.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Web path scanner

Subdomain Takeover tool written in Go

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Host Header Injection Checker

Automating XSS using Bash

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Secret and/ credential patterns used for gf.

Automatically brute force all services running on a target.

Awesome cloud enumerator

Simultaneously execute various subdomain enumeration tools and aggregate results.

Find exploits in local and online databases instantly

A big list of Android Hackerone disclosed reports and other resources.

Domain availbility checker

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Making Favicon.ico based Recon Great again !

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

PHP Security Check List [ EN ] 🌋 ☣️

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Pentest/BugBounty progress control with scanning modules

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Scanning APK file for URIs, endpoints & secrets.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.