366 Open source projects that are alternatives of or similar to Bugbounty Scans

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Http request smuggling vulnerability scanner

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Cross Origin Resource Sharing MisConfiguration Scanner

Mass querying whois records

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Simple shell script for automated domain recognition with some tools

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

A Docker container for Openvas

Information Security Library

a rusty `scanf` (`scan!`) and inverse of `print!` (`read!`)

Open source document organizer with automatic OCR and full text search

Powerfull XSS Scanning and Parameter analysis tool&gem

Find endpoints on GitHub.

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Automated Red Team Infrastructure deployement using Docker

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

A tool to check a bunch of URLs that contain reflecting params.

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

DeFi Scan, everything one-stop location for DeFi Blockchain. Powered by jellyfish & ocean network.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Turn your VPS into an attack box

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Related subdomains finder

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Tool for catching and logging different types of requests.

Extract endpoints marked as disallow in robots files to generate wordlists.

Top disclosed reports from HackerOne

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Web Application recon automation

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

Intelligence tool but without API key

Gosint is a distributed asset information collection and vulnerability scanning platform

RAS(RAndom Subdomain) Fuzzer

Generates combination of domain names from the provided input.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

A code generator for array-based code on CPUs and GPUs

Nuclei Templates to reproduce Cracking the lens's Research

Change monitoring app that checks the content of web pages in different periods.

高效强大扫描分析iOS和Android项目里没有使用的类Mac开源工具，清理项目垃圾类，让项目结构干净清爽，升级维护得心应手. Efficient and powerful scanning analysis iOS and Android project no classes used in Mac open source tools, cleaning rubbish class project, make project structure clean and relaxed, upgrade maintenance

Extracting URLs of a specific target based on the results of "commoncrawl.org"

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)

Rockyou for web fuzzing

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

🔥 ZXing的精简版，优化扫码和生成二维码/条形码，内置闪光灯等功能。扫描风格支持：微信的线条样式，支付宝的网格样式。几句代码轻松拥有扫码功能 ，ZXingLite让集成更简单。（扫码识别速度快如微信）

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.