sn1ks0h

hardhat-simple-storage-fcc

awesome-bugbounty-tools

A curated list of various bug bounty tools

bounty-targets-data

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

bounty-targets

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

bountyplz

Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)

h1domains

HackerOne "in scope" domains

gpt-engineer

Platform to experiment with the AI Software Engineer. Terminal based. NOTE: Very different from https://gptengineer.app

jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript

get_schemas

Print out URL schemas from an Android app

ShadowClone

Unleash the power of cloud

houdini

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

CVE-2020-12800

POC Script for CVE-2020-12800: RCE through Unrestricted File Type Upload

public-bugbounty-programs

Community curated list of public bug bounty and responsible disclosure programs.

Blind-SSRF

Nuclei Templates to reproduce Cracking the lens's Research

opensshd_user_enumeration

OpenSSHD 7.2p2 - User Enumeration: CVE 2016-6210

gau

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Sublist3r

Fast subdomains enumeration tool for penetration testers

OneListForAll

Rockyou for web fuzzing

reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bbrf-client

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

fresh-resolvers

List of fresh DNS resolvers updated daily

nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

amass

In-depth attack surface mapping and asset discovery

subscraper

Subdomain and target enumeration tool built for offensive security testing

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF