578 Open source projects that are alternatives of or similar to Bugbounty Cheatsheet

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

🎯 SQL Injection Payload List

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Writeups of CTF challenges

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

A training curriculum for teaching information security "champions" within small organisations and helping them conduct a basic assessment. (Work in progress)

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Infosec resource center for offensive and defensive security operations.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

BugBounty Tool

Flutter Reverse Engineering Framework

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

Subdomain takeover vulnerability checker

This repository created for personal use and added tools from my latest blog post.

Security tool to quickly audit Public Box files and folders.

One-click installer for Frida and Burp certs for SSL Pinning bypass

Reconness Agents Script

Demonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.

An efficient multi-threaded DNS resolver validator

Pentesting/Bugbounty Dockerfiles.

Interactive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack

No description or website provided.

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

Nuubi Tools (Information-ghatering|Scanner|Recon.)

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

🦄🔒 Awesome list of secrets in environment variables 🖥️

Python API wrapper for haveibeenpwned.com (API v3)

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

本脚本旨在生成各类畸形URL链接，进行探测使用的payload，尝试绕过服务端ssrf限制。

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

CloudFlare Checker written in Go

LLMNR/NBNS/mDNS Spoofing Detection Toolkit

Nuclei templates for K8S security scanning

Do some quick reconnaissance on a domain-based web-application

Audit your public Google Drive files.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

Open Redirect scanner - (out of date)

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

Common Web Managers Fuzz Wordlists

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

PHP Security Check List [ EN ] 🌋 ☣️

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

渗透测试☞经验/思路/总结/想法/笔记

Host Header Injection Checker

a Go code to detect leaks in JS files via regex patterns

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists

An automated approach to performing recon for bug bounty hunting and penetration testing.

List of my talks and workshops: security engineering, applied cryptography, secure software development

Microarchitectural exploitation and other hardware attacks.

Tips and Tutorials for Bug Bounty and also Penetration Tests.