659 Open source projects that are alternatives of or similar to bug-bounty

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A MongoDB importer and API for Project Sonars DNS datasets

Web path scanner

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Host Header Injection Checker

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Awesome Vulnerable Applications

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Security tool to quickly audit Public Box files and folders.

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Security Tool to Look For Interesting Files in S3 Buckets

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Penetration tests guide based on OWASP including test cases, resources and examples.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A Tool for Domain Flyovers

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Yet Another PHP Shell - The most complete PHP reverse shell

my oscp prep collection

Automated NoSQL database enumeration and web application exploitation tool.

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Pentest: Subdomains enumeration tool for penetration testers.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Dark-Phish is a complete phishing tool. For more about Dark-Phish tool please visit the website.

brute force SSH public-key authentication

General stuff for pentesting - password cracking, phishing, automation, Kali, etc.

Little Bug Bounty & Hacking Tools⚔️

A friendly Toolkit for Beginner CTF players

WARF is a Web Application Reconnaissance Framework that helps to gather information about the target.

Swiftly search FDNS datasets from Rapid7 Open Data

Penetration Test Framwork

Full Nuclei automation script with logic explanation.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

:.IP webcam penetration test suit.:

AutoPentest-DRL: Automated Penetration Testing Using Deep Reinforcement Learning

The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow

XSS Payload without Anything.

WordPress pentest tool

Pentest/BugBounty progress control with scanning modules

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Go library for credentials recovery

Collection of several DDos tools.

My last 10 year's material collection on offensive & defensive security, GRC, risk management, technical security guidelines and much more.