ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-70.19%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-79.33%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+3383.65%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-12.5%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-31.73%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1553.37%)
S3ScanScript to spider a website and find publicly open S3 buckets
Stars: ✭ 21 (-89.9%)
NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+2757.21%)
Passphrase WordlistPassphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Stars: ✭ 556 (+167.31%)
pentest-reportsCollection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
Stars: ✭ 111 (-46.63%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+391.35%)
Red Team Curation ListA list to discover work of red team tooling and methodology for penetration testing and security assessment
Stars: ✭ 68 (-67.31%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-71.15%)
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-92.79%)
BusterAn advanced tool for email reconnaissance
Stars: ✭ 387 (+86.06%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+15721.63%)
PwndocPentest Report Generator
Stars: ✭ 417 (+100.48%)
ChangemeA default credential scanner.
Stars: ✭ 928 (+346.15%)
LyricpassPassword wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.
Stars: ✭ 58 (-72.12%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (+225.96%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-22.12%)
SmogcloudFind cloud assets that no one wants exposed 🔎 ☁️
Stars: ✭ 168 (-19.23%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-10.1%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-8.65%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (-9.13%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+1762.02%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+1900.96%)
Awesome InfosecA curated list of awesome infosec courses and training resources.
Stars: ✭ 3,779 (+1716.83%)
NmapIdiomatic nmap library for go developers
Stars: ✭ 391 (+87.98%)
SonarsearchA MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (+42.79%)
Dradis CeDradis Framework: Colllaboration and reporting for IT Security teams
Stars: ✭ 443 (+112.98%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+105.29%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+1530.29%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+129.81%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+268.75%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (-72.12%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+265.38%)
AwsbucketdumpSecurity Tool to Look For Interesting Files in S3 Buckets
Stars: ✭ 1,021 (+390.87%)
RoadmapGitBook: OSCP RoadMap
Stars: ✭ 89 (-57.21%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+1437.5%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-32.69%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+826.92%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+1225.96%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (-12.02%)
M4ngl3m3Common password pattern generator using strings list
Stars: ✭ 103 (-50.48%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-72.12%)
crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (-53.85%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-88.94%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+41.35%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-84.13%)
PandorasBoxSecurity tool to quickly audit Public Box files and folders.
Stars: ✭ 56 (-73.08%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-86.06%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+532.69%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+1234.13%)
PyParser-CVEMulti source CVE/exploit parser.
Stars: ✭ 25 (-87.98%)