555 Open source projects that are alternatives of or similar to Legal Bug Bounty

All about bug bounty (bypasses, payloads, and etc)

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

A collection of resources/documentation/links/etc to help people learn about Infosec and break into the field.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

An information security preparedness tool to do adversarial simulation.

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

Top disclosed reports from HackerOne

被动式漏洞扫描系统

Bloodhound for Blue and Purple Teams

PowerShell framework to assess Azure security

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

🎯 SQL Injection Payload List

Dradis Framework: Colllaboration and reporting for IT Security teams

Hershell is a simple TCP reverse shell written in Go.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Fast web fuzzer written in Go

🌰 An onion url inspector for inspecting deep web links.

Malcom - Malware Communications Analyzer

👥😈 Infect a pc with badusb and establish a connection through telegram.

a recon tool that allows searching on URLs that are exposed via shortener services

A collection of various GitHub gists for hackers, pentesters and security researchers

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

DeimosC2 is a Golang command and control framework for post-exploitation.

Monitor Certificate Transparency Logs For Phishing Domains

Pentest Report Generator

Extract endpoints from APK files

OSINT Swiss Army Knife

Gorsair hacks its way into remote docker containers that expose their APIs

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab

A default credential scanner.

Generates combination of domain names from the provided input.

Idiomatic nmap library for go developers

An advanced tool for email reconnaissance

FAME Automates Malware Evaluation

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Links for the OSINT Team

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

🎯 Command Injection Payload List

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

WebMap-Nmap Web Dashboard and Reporting

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product

A tool for testing subdomain takeover possibilities at a mass scale.

A scanner for Moodle LMS

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Snyk's public vulnerability database

A collection of awesome security hardening guides, tools and other resources

WinAppDbg Debugger

Vulnerability Dashboard

Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.