441 Open source projects that are alternatives of or similar to Public Bugbounty Programs

Simultaneously execute various subdomain enumeration tools and aggregate results.

Automatically brute force all services running on a target.

sub domain wild card filtering tool

Tool for catching and logging different types of requests.

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

An OSINT tool to gather information about the real owner of a phone number

A note-taking macOS app for penetration-testers.

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

Code from my old page ge.mine.nu

Para pencari bug / celah kemanan bisa bergabung.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

HTTP fuzzer engine security oriented

Dump exposed HTTP .git fast

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

OSINT tool - gets data from services like shodan, censys etc. in one app

Kubernetes Scanner

Simulating shitty network connections so you can build better systems.

Default signature for Jaeles Scanner

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🎯 Server Side Template Injection Payloads

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

Automated script to run all modules for a specified list of domains, netblocks or company name

a recon tool that allows searching on URLs that are exposed via shortener services

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

A toolkit for testing TiDB

Reconnaissance tool of Penetration test & Bug Bounty

Modified Nuclei Templates Version to FUZZ Host Header

Decode All Bases - Base Scheme Decoder

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

Docker-based utility for testing network failures and partitions in distributed applications

Chaotic attractors (Lorenz, Rossler, Rikitake etc.)

Your Google Recon is Now Automated

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Full Nuclei automation script with logic explanation.

XSS Payload without Anything.

Gospider - Fast web spider written in Go

This document proposes a way of standardising the structure, language, and grammar used in security policies.

The unofficial HackerOne disclosure Timeline

Astra is a tool to find URLs and secrets inside a webpage/files

🆕 The Multi-Tool Web Vulnerability Scanner.

Signatures for jaeles scanner by @j3ssie

An OSINT tool to find contacts in order to report security vulnerabilities.

Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

Cellular Automata Simulator

Chaos engineering tool for simulating real-world distributed system failures

Scan secrets from Continuous Integration Build Logs

The Chaos Programming Language

Awesome cloud enumerator

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Find exploits in local and online databases instantly

PHP Security Check List [ EN ] 🌋 ☣️

Pentest/BugBounty progress control with scanning modules

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

A tool to find redirection chains in multiple URLs

🎯 SQL Injection Payload List