578 Open source projects that are alternatives of or similar to Bugbounty Cheatsheet

Para pencari bug / celah kemanan bisa bergabung.

Monitoring GitHub for sensitive data shared publicly

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

Monitoring GitLab for sensitive data shared publicly

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Totally Insecure Web Application Project (TIWAP)

Gosint is a distributed asset information collection and vulnerability scanning platform

A permutation generation tool written in golang

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

HTTP fuzzer engine security oriented

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

📡 A python program to create a fake AP and sniff data.

An ongoing list of virtual cybersecurity conferences.

本脚本旨在生成各类畸形URL链接，进行探测使用的payload，尝试绕过服务端ssrf限制。

Operational Security utility and automator.

An introduction to security for developers.

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Backend logic implementation for Vulnerability Management System

Exploitation Framework for Embedded Devices

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Security challenges and CTFs created by the Penultimate team.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

RAS(RAndom Subdomain) Fuzzer

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

An automated target reconnaissance pipeline.

Extract server and IP address information from Browser SSRF

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

SEC分布式资产扫描系统

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

Nuclei templates for K8S security scanning

Awesome Node.js Security resources

Collection of several DDos tools.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Do some quick reconnaissance on a domain-based web-application

VirusTotal Wanna Be - Now with 100% more Hipster

GZip HTTP Bombing in Python for everyone

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

Badges for your GitHub tool presented at InfoSec Conference

Scan installed EDRs and AVs on Windows

Fully automated offensive security framework for reconnaissance and vulnerability scanning

A list to discover work of red team tooling and methodology for penetration testing and security assessment

Intentionally vulnerable Android application.

A curated list of awesome social engineering resources.

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

Side-channel file transfer between independent VMs or processes executed on the same physical host.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

This repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.

Kubernetes Scanner

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

This Python script can be used to bypass IP source restrictions using HTTP headers.

Running nuclei Continuously

Nuclei Templates to reproduce Cracking the lens's Research

Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.