664 Open source projects that are alternatives of or similar to BugHunter

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

The unofficial HackerOne disclosure Timeline

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Awesome Vulnerable Applications

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Para pencari bug / celah kemanan bisa bergabung.

All about bug bounty (bypasses, payloads, and etc)

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Host Header Injection Checker

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

Notes and ideas to remember when I am a leader

Python environment comparison tool

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

Automatically add an issue or pull request to specific GitHub Project(s) when you create and/or label them.

Some of the projects i made when starting to learn c#, winfroms and wpf

Simple HTML & JS Tool to quickly test CORS locally.

HTTP fuzzer engine security oriented

Demo code and other hand-out materials for our Python for Decision Makers and Business Leaders course

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

Elixir Phoenix Stock Quotes API (IEX Trading)

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

A tool that suggests minimal PR size for contributors

An utility that help you to generate or add plugin to your Fastify project

OnceBuilder - managment tool, mange projects, templates, plugins in one place.

💻 SQLGitHub — Managing GitHub organization made easier

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Modern and intuitive POS web application written with the Laravel framework

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Framework for rapid development and reusable of security tools

commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists

HAL management console

Kubernetes Scanner

Microsoft's monolithic GitHub Management Portal enabling enterprise scale self-service powered by the GitHub API 🏔🧑‍💻🧰

🌐 Manager for portable applications

🍵 Tiny, easy and powerful React state management

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Knative Function Using the AWS Lambda Runtime API

My personal website & blog

Fastify CORS

🍰 Little package to do simple things with VirtualBox remotely using it's SOAP API

Running nuclei Continuously

A test application that helps illustrate CORS while both in a working state and a non-working state across simple and complex request scenarios.

Core integration plugins for Hawtio: Apache ActiveMQ, Camel, Karaf, OSGi, and Spring Boot

IDM project management repository

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Simultaneously execute various subdomain enumeration tools and aggregate results.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau

Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

sub domain wild card filtering tool