304 Open source projects that are alternatives of or similar to Bountystrike Sh

Automated NoSQL database enumeration and web application exploitation tool.

Automatically brute force all services running on a target.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

A tool for testing subdomain takeover possibilities at a mass scale.

Scanning APK file for URIs, endpoints & secrets.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A curated list of various bug bounty tools

a recon tool that allows searching on URLs that are exposed via shortener services

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Hacking tools

Gospider - Fast web spider written in Go

CVE-2017-9506 - SSRF

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Scans a list of websites for Cloudfront or S3 Buckets

All about bug bounty (bypasses, payloads, and etc)

A note-taking macOS app for penetration-testers.

🎯 SQL Injection Payload List

Command line tool for testing CRLF injection on a list of domains.

Multi Tool Subdomain Enumeration

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

🎯 Command Injection Payload List

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.

A Powerful Subdomain Takeover Tool

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

A collection of awesome one-liner scripts especially for bug bounty tips.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Powerfull XSS Scanning and Parameter analysis tool&gem

🔺 Red Team Hardware Toolkit 🔺

Automated Red Team Infrastructure deployement using Docker

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Your Google Recon is Now Automated

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Top disclosed reports from HackerOne

A Colab For Bug Hunting!

Intelligence tool but without API key

Extract API keys from file or url using by magic of python and regex.

Generates combination of domain names from the provided input.

The unofficial HackerOne disclosure Timeline

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Repositório com conteúdo sobre web hacking em português

Some files for bruteforcing certain things.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

平常看到好的渗透hacking工具和多领域效率工具的集合

A tool to check a bunch of URLs that contain reflecting params.

Hetty is an HTTP toolkit for security research.

This challenge is Inon Shkedy's 31 days API Security Tips.

🎯 XML External Entity (XXE) Injection Payload List

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Collection of Facebook Bug Bounty Writeups

Security Tool to Look For Interesting Files in S3 Buckets