501 Open source projects that are alternatives of or similar to Galaxy-Bugbounty-Checklist

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

CloudFlare Checker written in Go

A tool for generating reverse shell payloads on the fly.

Credentials Checking Framework

DNS hijacking via dead records automation tool

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Para pencari bug / celah kemanan bisa bergabung.

Simple Script to install recommended Bug Bounty Hunting Tools In Your Linux Disto

BugBounty Tool

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

BugBounty_CheatSheet

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

A python tool to check subdomain takeover vulnerability

🦄🔒 Awesome list of secrets in environment variables 🖥️

Extract server and IP address information from Browser SSRF

Tutorials and Things to Do while Hunting Vulnerability.

No description or website provided.

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Full Nuclei automation script with logic explanation.

Good resources about web security that I have read.

Javascript error handling tool for Bugsnag. Monitor and report JavaScript bugs & errors.

[DEPRECATED] Please upgrade to our Universal JS notifier "@bugsnag/js" • https://github.com/bugsnag/bugsnag-js

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

HashExpoit is Great Tool For Cracking Hash

The all-in-one Red Team extension for Web Pentester 🛠

Running nuclei Continuously

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Awesome Vulnerable Applications

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

All about bug bounty (bypasses, payloads, and etc)

Template-Driven AV/EDR Evasion Framework

Automatic panic monitoring for Go and Go web frameworks, like negroni, gin, and revel

Shake to send a bug report!

Unique wordlist generator of unique wordlists.

JALSI - Just Another Lame Shellcode Injector

Hacking arsenal. This script download the latest tools, wordlists, releases and install common hacking tools

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

The unofficial HackerOne disclosure Timeline

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau

Just another useless C2 occupying space in some HDD somewhere.

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Octopus - Network Scan/Infos & Web Scan

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Official bugsnag error monitoring and error reporting for django, flask, tornado and other python apps.

A C2 post-exploitation framework

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

No description or website provided.