441 Open source projects that are alternatives of or similar to Public Bugbounty Programs

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Advanced and easy to use penetration testing framework 💣🔎

Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock

Tools for the exploration of chaos and nonlinear dynamics

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

A (partial) Python rewriting of PowerSploit's PowerView

A Python module implementing some standard algorithms used in nonlinear time series analysis

Automation for javascript recon in bug bounty.

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Security tool to quickly audit Public Box files and folders.

Extract API keys from file or url using by magic of python and regex.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Awesome Vulnerable Applications

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Open Redirect scanner - (out of date)

PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

A DNS reconnaissance tool for locating non-contiguous IP space.

Yet Another PHP Shell - The most complete PHP reverse shell

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Scanning APK file for URIs, endpoints & secrets.

Subdomain Takeover tool written in Go

Subdomain takeover vulnerability checker

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Misc. Public Reports of Penetration Testing and Security Audits.

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

An OSINT tool to gather information about the real owner of a phone number

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

GitHub Recon — and what you can achieve with it!

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🎯 Server Side Template Injection Payloads

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.

Automated NoSQL database enumeration and web application exploitation tool.

BugBounty Tool

A simple SSRF-testing sheriff written in Go

Reconness Agents Script

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Pentesting/Bugbounty Dockerfiles.

Accurately Locate Smartphones using Social Engineering

Nuubi Tools (Information-ghatering|Scanner|Recon.)

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

List of Awesome Asset Discovery Resources

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

Introduce failures into HTTP requests via a proxy server

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

Awesome cloud enumerator

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Find exploits in local and online databases instantly

PHP Security Check List [ EN ] 🌋 ☣️

Pentest/BugBounty progress control with scanning modules