ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-95.42%)
BrutexAutomatically brute force all services running on a target.
Stars: ✭ 974 (-28.06%)
MetabigorIntelligence tool but without API key
Stars: ✭ 424 (-68.69%)
Crlf Injection ScannerCommand line tool for testing CRLF injection on a list of domains.
Stars: ✭ 91 (-93.28%)
DnsgenGenerates combination of domain names from the provided input.
Stars: ✭ 389 (-71.27%)
TakeoverA tool for testing subdomain takeover possibilities at a mass scale.
Stars: ✭ 28 (-97.93%)
BugbountyguideBug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Stars: ✭ 338 (-75.04%)
ZileExtract API keys from file or url using by magic of python and regex.
Stars: ✭ 61 (-95.49%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (-75.78%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (-34.49%)
Bruteforce ListsSome files for bruteforcing certain things.
Stars: ✭ 320 (-76.37%)
Urlhuntera recon tool that allows searching on URLs that are exposed via shortener services
Stars: ✭ 934 (-31.02%)
HettyHetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+165.58%)
Differerdifferer finds how URLs are parsed by different languages in order to help bug hunters break filters
Stars: ✭ 56 (-95.86%)
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (-41.58%)
Go DorkThe fastest dork scanner written in Go.
Stars: ✭ 274 (-79.76%)
CspGiven a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
Stars: ✭ 89 (-93.43%)
Jsfscan.shAutomation for javascript recon in bug bounty.
Stars: ✭ 287 (-78.8%)
GospiderGospider - Fast web spider written in Go
Stars: ✭ 785 (-42.02%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+150.44%)
Pentesting BibleLearn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+563.29%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (-79.47%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (-43.35%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-79.99%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-80.21%)
AllaboutbugbountyAll about bug bounty (bypasses, payloads, and etc)
Stars: ✭ 758 (-44.02%)
Project BlackPentest/BugBounty progress control with scanning modules
Stars: ✭ 257 (-81.02%)
PriestExtract server and IP address information from Browser SSRF
Stars: ✭ 13 (-99.04%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (-93.72%)
Webhackersweapons⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 1,205 (-11%)
PandorasBoxSecurity tool to quickly audit Public Box files and folders.
Stars: ✭ 56 (-95.86%)
DomainedMulti Tool Subdomain Enumeration
Stars: ✭ 688 (-49.19%)
Pcwt Stars: ✭ 46 (-96.6%)
quick-recon.pyDo some quick reconnaissance on a domain-based web-application
Stars: ✭ 13 (-99.04%)
gitls🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
Stars: ✭ 39 (-97.12%)
Aws ScannerScans a list of websites for Cloudfront or S3 Buckets
Stars: ✭ 93 (-93.13%)
jsleaka Go code to detect leaks in JS files via regex patterns
Stars: ✭ 111 (-91.8%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (-55.17%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-97.19%)
BurpbountyBurp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (-24.22%)
AndroidSecNotesAn actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.
Stars: ✭ 140 (-89.66%)
authz0🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Stars: ✭ 248 (-81.68%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (-14.03%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (-56.94%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+0.22%)
Gf SecretsSecret and/ credential patterns used for gf.
Stars: ✭ 96 (-92.91%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (-2.81%)
FindsploitFind exploits in local and online databases instantly
Stars: ✭ 1,160 (-14.33%)
Legal Bug Bounty#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Stars: ✭ 42 (-96.9%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+2330.5%)