304 Open source projects that are alternatives of or similar to Nuclei Templates

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Top disclosed reports from HackerOne

Automatically brute force all services running on a target.

Intelligence tool but without API key

Command line tool for testing CRLF injection on a list of domains.

Generates combination of domain names from the provided input.

A tool for testing subdomain takeover possibilities at a mass scale.

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

Extract API keys from file or url using by magic of python and regex.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Some files for bruteforcing certain things.

Hacking tools

平常看到好的渗透hacking工具和多领域效率工具的集合

a recon tool that allows searching on URLs that are exposed via shortener services

Hetty is an HTTP toolkit for security research.

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

🎯 XML External Entity (XXE) Injection Payload List

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

The fastest dork scanner written in Go.

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.

Automation for javascript recon in bug bounty.

Gospider - Fast web spider written in Go

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

An automated target reconnaissance pipeline.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

This repository created for personal use and added tools from my latest blog post.

A curated list of various bug bounty tools

Awesome cloud enumerator

All about bug bounty (bypasses, payloads, and etc)

Pentest/BugBounty progress control with scanning modules

This challenge is Inon Shkedy's 31 days API Security Tips.

Extract server and IP address information from Browser SSRF

🎯 SQL Injection Payload List

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Security tool to quickly audit Public Box files and folders.

Multi Tool Subdomain Enumeration

🦄🔒 Awesome list of secrets in environment variables 🖥️

Do some quick reconnaissance on a domain-based web-application

🎯 Command Injection Payload List

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

Scans a list of websites for Cloudfront or S3 Buckets

a Go code to detect leaks in JS files via regex patterns

A Powerful Subdomain Takeover Tool

No description or website provided.

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

A collection of awesome one-liner scripts especially for bug bounty tips.

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Powerfull XSS Scanning and Parameter analysis tool&gem

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Secret and/ credential patterns used for gf.

Penetration tests guide based on OWASP including test cases, resources and examples.

Find exploits in local and online databases instantly

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF