555 Open source projects that are alternatives of or similar to Legal Bug Bounty

Do some quick reconnaissance on a domain-based web-application

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

InfoPath Phishing Repo Resource

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

The essential toolkit for reversing, malware analysis, and cracking

🌰 An onion url inspector for inspecting deep web links.

A memorial site for Hackers and Infosec people who have passed

a Go code to detect leaks in JS files via regex patterns

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Malcom - Malware Communications Analyzer

Send notifications on different channels such as Slack, Telegram, Discord etc.

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Mining parameters from dark corners of Web Archives

Most usable tools for iOS penetration testing

Automation for javascript recon in bug bounty.

🌒 Shell command obfuscation to avoid detection systems

Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

Multi source CVE/exploit parser.

A collection of all the data i could extract from 1 billion leaked credentials from internet.

Pentest Report Generator

TIGMINT: OSINT (Open Source Intelligence) GUI software framework

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

Monitor Certificate Transparency Logs For Phishing Domains

DNS hijacking via dead records automation tool

Subdomain takeover vulnerability checker

No description or website provided.

Monitoring GitHub for sensitive data shared publicly

OSINT Swiss Army Knife

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

RAS(RAndom Subdomain) Fuzzer

Gorsair hacks its way into remote docker containers that expose their APIs

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

This repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Generates combination of domain names from the provided input.

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

Designed to be installed on a fresh install of raspbian on a raspberry pi, by combining Respounder (Responder detection) and Artillery (port and service spoofing) for network deception, this tool allows you to detect an attacker on the network quickly by weeding out general noisy alerts with only those that matter.

DDTTX Tabletop Trainings

🖖 Fast, modern, easy-to-use network scanner

A training curriculum for teaching information security "champions" within small organisations and helping them conduct a basic assessment. (Work in progress)

An advanced tool for email reconnaissance

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Nozzlr is a bruteforce framework, trully modular and script-friendly

Leaked pentesting manuals given to Conti ransomware crooks

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

FAME Automates Malware Evaluation

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Modified Nuclei Templates Version to FUZZ Host Header

An integrated tool and a collection of snippets which helps in the various aspects of the terminal.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

An automated approach to performing recon for bug bounty hunting and penetration testing.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations