441 Open source projects that are alternatives of or similar to Public Bugbounty Programs

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Cross Origin Resource Sharing MisConfiguration Scanner

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Automated NoSQL database enumeration and web application exploitation tool.

A simple SSRF-testing sheriff written in Go

Accurately Locate Smartphones using Social Engineering

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

Introduce failures into HTTP requests via a proxy server

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

Tutorials and Things to Do while Hunting Vulnerability.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Tool for catching and logging different types of requests.

A note-taking macOS app for penetration-testers.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

OSINT tool - gets data from services like shodan, censys etc. in one app

Default signature for Jaeles Scanner

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

Decode All Bases - Base Scheme Decoder

Your Google Recon is Now Automated

The unofficial HackerOne disclosure Timeline

An OSINT tool to find contacts in order to report security vulnerabilities.

Automating XSS using Bash

The Chaos Programming Language

One way to continuously monitor sensitive information that could be exposed on Github

A tool to check a bunch of URLs that contain reflecting params.

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

DNS-Discovery is a multithreaded subdomain bruteforcer.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Python library and CLI for the Bug Bounty Recon API

Collection of Facebook Bug Bounty Writeups

Web Application recon automation

OSINT Framework

Rockyou for web fuzzing

HTTP mocking to test API services for chaos scenarios

Poor (rich?) man's bug bounty pipeline

Parse NTLM challenge messages over HTTP and SMB

A Chaos Engineering Bootcamp

Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"

A Github organization reconnaissance tool.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A container repository for my public web hacks!

🔺 Red Team Hardware Toolkit 🔺

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Chaos Engineering Working Group

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A curated list of various bug bounty tools

Secret and/ credential patterns used for gf.

Chaos testing, network emulation, and stress testing tool for containers

Hacking tools

chaoskube periodically kills random pods in your Kubernetes cluster.

CVE-2017-9506 - SSRF

Scan for open AWS S3 buckets and dump the contents

Scans a list of websites for Cloudfront or S3 Buckets

👀 Some of my favorite OSINT tools.

Penetration tests guide based on OWASP including test cases, resources and examples.

Collection of AWS SSM Documents to perform Chaos Engineering experiments