304 Open source projects that are alternatives of or similar to Bountystrike Sh

Scan for open AWS S3 buckets and dump the contents

Subdomain Takeover tool written in Go

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

The Swiss Army knife for automated Web Application Testing

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A Python3 based single-file subdomain enumerator

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

Automating XSS using Bash

Urls de-duplication tool for better recon.

A collection of response templates for invalid bug bounty reports.

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Secret and/ credential patterns used for gf.

🎯 Server Side Template Injection Payloads

Penetration tests guide based on OWASP including test cases, resources and examples.

Cross-site scripting labs for web application security enthusiasts

Random Tools for Bug Bounty

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Find exploits in local and online databases instantly

Cross Origin Resource Sharing MisConfiguration Scanner

RFD Checker - security CLI tool to test Reflected File Download issues

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

A fast http and https prober, to check which URLs are alive

DNS-Discovery is a multithreaded subdomain bruteforcer.

Web Application recon automation

Automated NoSQL database enumeration and web application exploitation tool.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Scanning APK file for URIs, endpoints & secrets.

A curated list of various bug bounty tools

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Hacking tools

CVE-2017-9506 - SSRF

Scans a list of websites for Cloudfront or S3 Buckets

A note-taking macOS app for penetration-testers.

Command line tool for testing CRLF injection on a list of domains.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

🔺 Red Team Hardware Toolkit 🔺

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Your Google Recon is Now Automated

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A Colab For Bug Hunting!

Extract API keys from file or url using by magic of python and regex.

The unofficial HackerOne disclosure Timeline

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Repositório com conteúdo sobre web hacking em português

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A tool to check a bunch of URLs that contain reflecting params.

This challenge is Inon Shkedy's 31 days API Security Tips.

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Collection of Facebook Bug Bounty Writeups