1. Contact.sh
An OSINT tool to find contacts in order to report security vulnerabilities.
2. Can I Take Over Xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
3. Proof Of Concepts
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
4. Csp
Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
5. Bug Bounty Responses
A collection of response templates for invalid bug bounty reports.
6. Legal Bug Bounty
#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
7. Bugbountyguide
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
8. Bugbounty Cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
9. Megplus
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
10. security-policy-specification-standard
This document proposes a way of standardising the structure, language, and grammar used in security policies.
11. h1-cli
A CLI tool to interact with hackerone.com. This was my submission for HackerOne's Summer 2018 Hack Day.
1-11 of 11 user projects