386 Open source projects that are alternatives of or similar to Bug-Hunting

No description or website provided.

Pentest: Subdomains enumeration tool for penetration testers.

Credentials Checking Framework

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Web path scanner

Para pencari bug / celah kemanan bisa bergabung.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Awesome Vulnerable Applications

A collection of awesome one-liner scripts especially for bug bounty tips.

Script for Bug Bounty

The unofficial HackerOne disclosure Timeline

A python tool to check subdomain takeover vulnerability

Subdomain Takeover tool written in Go

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

Little Bug Bounty & Hacking Tools⚔️

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

All about bug bounty (bypasses, payloads, and etc)

平常看到好的渗透hacking工具和多领域效率工具的集合

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

A Powerful Subdomain Takeover Tool

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Collection of Facebook Bug Bounty Writeups

Repositório com conteúdo sobre web hacking em português

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A list of resources for those interested in getting started in bug bounties

🎯 XML External Entity (XXE) Injection Payload List

Tips and Tutorials for Bug Bounty and also Penetration Tests.

🎯 RFI/LFI Payload List

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

This challenge is Inon Shkedy's 31 days API Security Tips.

A python script designed to check if the website if vulnerable of clickjacking and create a poc

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Related subdomains finder

Extract endpoints marked as disallow in robots files to generate wordlists.

One-click installer for Frida and Burp certs for SSL Pinning bypass

A Tool for Domain Flyovers

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Famous bugs fixed, problems solved and failures experienced in software history 🐛 🐝 🐜 🐞

RAS(RAndom Subdomain) Fuzzer

My Tools For Bug Bounty

How to crash the integrated browser in FB for Android? Let's open that URL!

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Work in progress...

Laravel error reporting tool

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Bug Tracking app with project members support. Made with PERN stack + TypeScript.

A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

A react native module that lets you to register a global error handler that can capture fatal/non fatal uncaught exceptions.

Official bugsnag error monitoring and error reporting for django, flask, tornado and other python apps.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting