Bug Bounty's repositories
arsenal
Arsenal is just a quick inventory and launcher for hacking programs
awesome-bugbounty-builder
Awesome Bug bounty builder Project
awesome-industrial-control-system-security
A curated list of resources related to Industrial Control System (ICS) security.
Certipy
Tool for Active Directory Certificate Services enumeration and abuse
dsq
Commandline tool for running SQL queries against JSON, CSV, Excel, Parquet, and more.
ffuf
Fast web fuzzer written in Go
Findomain
The complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.
flan
A pretty sweet vulnerability scanner
fuzz.txt
Potentially dangerous files
goop
Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.
HOUDINI
Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.
ICS-Pentesting-Tools
A curated list of tools related to Industrial Control System (ICS) security and Penetration Testing
icsmaster
ICS/SCADA Security Resource(整合工控安全相关资源)
iris-web
Incident Response collaborative platform
kctf
kCTF is a Kubernetes-based infrastructure for CTF competitions. For documentation, see
log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Network-segmentation-cheat-sheet
Best practices for segmentation of the corporate network of any company
noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
owasp-checklist-v4
OWASP Web Security Testing Checklist - Assessment # 01
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pivpn
The Simplest VPN installer, designed for Raspberry Pi
QuickXSS
Automating XSS using Bash
S3Scanner
Scan for open S3 buckets and dump the contents
subdomains_wordlist
Subdomains wordlist generted from subdomains of public bug bounty programs
Subdominator
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
unimap
Scan only once by IP address and reduce scan times with Nmap for large amounts of data.
zgrab2
Fast Go Application Scanner