1058 Open source projects that are alternatives of or similar to Bug Bounty Responses

Decode All Bases - Base Scheme Decoder

goverview - Get an overview of the list of URLs

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Scan for open AWS S3 buckets and dump the contents

A list of interesting payloads, tips and tricks for bug bounty hunters.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Related subdomains finder

Turn your VPS into an attack box

Misc. Public Reports of Penetration Testing and Security Audits.

The fastest dork scanner written in Go.

RFD Checker - security CLI tool to test Reflected File Download issues

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Secret and/ credential patterns used for gf.

all manner of wordlists

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

XSS in pastebin.com and reddit.com via unsanitized markdown output

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

A Tool for Domain Flyovers

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

The Swiss Army knife for automated Web Application Testing

Web path scanner

This challenge is Inon Shkedy's 31 days API Security Tips.

Subdomain Takeover tool written in Go

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A collection of some of my scripts

An OSINT tool to find contacts in order to report security vulnerabilities.

Pentest: Subdomains enumeration tool for penetration testers.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Information Security Library

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Little Bug Bounty & Hacking Tools⚔️

A big list of Android Hackerone disclosed reports and other resources.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

sub domain wild card filtering tool

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Awesome cloud enumerator

🎯 XML External Entity (XXE) Injection Payload List

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Intelligence tool but without API key

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

Astra is a tool to find URLs and secrets inside a webpage/files

Hetty is an HTTP toolkit for security research.

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Multi Tool Subdomain Enumeration

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

laravel+vue.js 前后端分离实战项目(项目中wx端等已经存在，因为涉及业务较多，不再更新到github 需要参考可以私聊我)

We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).

Automatically brute force all services running on a target.