366 Open source projects that are alternatives of or similar to Bugbounty Scans

Pentest: Subdomains enumeration tool for penetration testers.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

Python library and CLI for the Bug Bounty Recon API

AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.

Awesome Nmap Grep

Default signature for Jaeles Scanner

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Tutorials and Things to Do while Hunting Vulnerability.

Repositório com conteúdo sobre web hacking em português

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices

Awesome Vulnerable Applications

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Bluetooth client library for Android.

🎯 RFI/LFI Payload List

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Community curated list of public bug bounty and responsible disclosure programs.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Barcode scanner plugin for flutter. Supports barcode scanning for Android and iOS

SIEM Tactics, Techiques, and Procedures

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Full-python LiDAR SLAM using ICP and Scan Context

A tool to fastly get all javascript sources/files

🎯 Server Side Template Injection Payloads

🔥 2020年最好用的开源扫码，全方位优化，强烈推荐！！ 支持多种常规zxing无法扫出的码，用就完了！！ 🔥

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Biu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A passive subdomain finder

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Simple shell script for automated domain recognition with some tools

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Tool for catching and logging different types of requests.

Change monitoring app that checks the content of web pages in different periods.

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Awesome Writeups and POCs

Poor (rich?) man's bug bounty pipeline

A tool to automate the boring process of APK recon

🔺 Red Team Hardware Toolkit 🔺

A simple SSRF-testing sheriff written in Go

CVE-2017-9506 - SSRF

Decode All Bases - Base Scheme Decoder

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Automated All-in-One OS Command Injection Exploitation Tool.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Scanning APK file for URIs, endpoints & secrets.

An OSINT tool to find contacts in order to report security vulnerabilities.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Extracting URLs of a specific target based on the results of "commoncrawl.org"

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)