bug-bounty

There are 187 repositories under bug-bounty topic.

• Hack-with-Github / Awesome-Hacking

  A collection of various awesome lists for hackers, pentesters and security researchers

  hackingsecuritybug-bountyawesomeandroidfuzzingpenetration-testingpentesting-windowsreverse-engineering
  86839

• maurosoria / dirsearch

  Web path scanner

  appsecbrutebug-bountybugbountydirsearchenumerationfuzzerfuzzinghackinghacking-toolinfosecpenetration-testingpentest-toolpentestingpythonred-teamingredteamscannersecuritywordlist
  Language:Python 12343

• nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

  A list of resources for those interested in getting started in bug bounties

  bug-bountybug-bounty-huntersbugbountyeducationhackershackinglearn2hackpentestssrfweb-securityxss
  10838
• rengine

  yogeshojha / rengine

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

  security-toolsosintreconrecon-enginereconnaissancescannerscanner-webrengineinformation-gatheringbugbountyhackingscanningpentestingbug-bountyinfosecpenetration-testing
  Language:HTML 7594
• HackTools

  LasCC / HackTools

  The all-in-one browser extension for offensive security professionals 🛠

  reverse-shellhackinghack-toolschrome-extensionfirefox-addonhacktoolspayloadsxss-payloadsweb-pentestershackmsfvenommetasploithackbarcheatsheetpurpleteamredteambug-bountyhackingtools
  Language:TypeScript 5869
• reconftw

  six2dez / reconftw

  reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

  bug-bountybugbountydnsfuzzinghackingnucleiosintpenetration-testingpentestpentest-toolpentestingreconreconnaissancescannersecuritysecurity-toolssubdomainvulnerabilities
  Language:Shell 5817
• osmedeus

  j3ssie / osmedeus

  A Workflow Engine for Offensive Security

  scanningreconnaissancepenetration-testingsecurity-toolspentest-toolhacking-toolinformation-gatheringhackingosintbugbountypentestinggolangsecuritygobug-bountyattack-surfaceattack-surface-management
  Language:Go 5398

• pry0cc / axiom

  The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

  hacking-vpsbug-bountytmuxaxiommasscangowitnessmassdnsffufgaudnsxshufflednsnucleisubfindernmaphttpxhttprobednsgenmeg
  Language:Shell 4081

• skerkour / black-hat-rust

  Applied offensive security with Rust - https://kerkour.com/black-hat-rust

  rustsecuritypentestpentestingoffensive-securityred-teamauditbeaconc2bug-bountybug-huntingwasmshellcodesscannerphishingtrojanvirushackinginfosecsecurity-tools
  Language:Rust 3906

• zan8in / afrog

  A Security Tool for Bug Bounty, Pentest and Red Teaming.

  vulnerability-scannerpocpenetration-testingafrogvulnerability-scanning-toolsbug-bountypentestred-teaming
  Language:Go 3555

• dwisiswant0 / awesome-oneliner-bugbounty

  A collection of awesome one-liner scripts especially for bug bounty tips.

  awesomebashbug-bountybugbountybugbountytipshacktoberfestliner-scriptsone-linersrecon
  2727

• inonshk / 31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  pentestapi-pentestbug-bountyapi-securitysecuritybugbountytipsbugbountyinfosec
  2109
• sn0int

  kpcyrd / sn0int

  Semi-automatic OSINT framework and package manager

  osintintelligenceosint-frameworkcertificate-transparencyrustsecuritysecurity-auditsecurity-scannerinvestigationreconnaissancereconluapentestinglocationbug-bounty
  Language:Rust 2094

• tom0li / collection-document

  Collection of quality safety articles. Awesome articles.

  awesomebounty-huntersbug-bountyclouddnsfuzzgithubhackerhackingjavalistpentestredteamresearchsecsecuritysrcwafwebxss
  2024

• haccer / subjack

  Subdomain Takeover tool written in Go

  bug-bountybugbountygogolanghostileinfosecpentestingsecuritysubdomainsubdomain-takeovertakeover
  Language:Go 1921

• danieldurnea / FBI-tools

  🕵️ OSINT Tools for gathering information and actions forensics 🕵️

  forensicsosintcybersecurityhackingsecurity-automationsecurity-toolsinfosecawesome-listincident-responsepenetration-testingreconnaissancesecurityawesomepentestingbug-bounty
  1767
• SubDomainizer

  nsonaniya2010 / SubDomainizer

  A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

  bug-bountybugbountycloud-storage-servicesexternal-javascriptsfind-secretsfind-subdomainsmadeinindiapython3s3-buckets3-bucketssecretfindersecretssecuritysecurity-automationsecurity-toolssubdomain-enumerationsubdomain-scanner
  Language:Python 1749

• wagiro / BurpBounty

  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

  bugbountyburp-extensionsburpsuitebug-bountyvulnerability-scannervulnerability-detection
  Language:Java 1686
• dumpall

  0xHJK / dumpall

  一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

  dumpallpython3pentestingsecurityhackingtoolsscannerspiderbug-bountygithacksvn
  Language:Python 1404

• Cyber-Guy1 / API-SecurityEmpire

  API Security Project aims to present unique attack & defense methods in API Security field

  cybersecuritypenetration-testingapisecurityinformation-securitybugbountyapibug-bountyinfoseccybersectipsbugbountytips
  1364

• xalgord / Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

  A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

  bugbountyresourceshackingowaspowasp-top-10bug-bountybugbountytipsxalgordcollectionethical-hacking
  1354

• trickest / inventory

  Asset inventory of over 800 public bug bounty programs.

  securitybugbountybugbountytipsinfosecreconnaissancereconpentestinghackingsecurity-toolsred-teampenetration-testingsoftware-securitypentest-toolosintosint-toolosint-resourcesthreat-intelligencebug-bountyfuzzing
  Language:Shell 1283
• metabigor

  j3ssie / metabigor

  OSINT tools and more but without API key

  asnbug-bountybugbountybugbounty-toolsbugbountytipsinfosecip-osintip-rangeosintpentestingreconreconnaissancesecuritysecurity-toolssubdomainsubdomains
  Language:Go 1278

• 0xPugal / One-Liners

  A collection of one-liners for bug bounty hunting.

  bugbountyonliner-scriptssubdomain-enumerationbug-bountyenumeration
  1249

• Uniswap / v3-periphery

  🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3

  ethereumsmart-contractsautomated-market-makerperipheryuniswapbug-bounty
  Language:TypeScript 1216

• payloadbox / xxe-injection-payload-list

  🎯 XML External Entity (XXE) Injection Payload List

  xxexxe-injectionxxe-payloadsxxe-examplexmlwebsecuritywebsecurity-referenceinfosecbugbountybug-bountyweb-application-securitycybersecuritycyber-securityinformation-securityxml-entitypayloadxxe-payloadxxe-payload-listpayloadshacking
  1110

• nikitastupin / clairvoyance

  Obtain GraphQL API schema even if the introspection is disabled

  bug-bountygraphqlpenetration-testingsecurity
  Language:Python 1081

• h4r5h1t / webcopilot

  An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

  bug-bountybugbountyenumerationreconreconnaissance
  Language:Shell 1068

• taielab / awesome-hacking-lists

  平常看到好的渗透hacking工具和多领域效率工具的集合

  awesome-listbounty-huntersbug-bountybugbountybugbounty-toolhackerhackinghacking-toolhacking-toolskali-scriptspentest-scriptspentesting-toolsweb
  1023

• yassineaboukir / sublert

  Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

  reconnaissancesublertpenetration-testingpentestsecuritycertificate-transparencybug-bountypythonmonitoring-toolcertificate-transparency-logshackinginformation-gathering
  Language:Python 991
• diodb

  disclose / diodb

  Open-source vulnerability disclosure and bug bounty program database

  security-researchsafe-harbor-frameworkresponsible-disclosurevulnerability-disclosuredisclosure-policysimplicitylegalsafetybug-bountyhackersbug-bounty-huntersdata
  Language:Python 989

• Ice3man543 / SubOver

  A Powerful Subdomain Takeover Tool

  subdomain-takeoversubdomainsubdomainsbug-bountybugbountytakeover-subdomainhostilehostile-subdomain-takeovertakeoverpentesting
  Language:Go 937

• ehrishirajsharma / SwiftnessX

  A cross-platform note-taking & target-tracking app for penetration testers.

  electronjssecurity-toolspenetration-testingbug-bountychecklist
  Language:JavaScript 892

• bl4de / security-tools

  My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

  pentestinghackingpythonbugbountyitsecurityctfctf-toolsinfosecwebappsecscannersecurity-toolssecurity-testingbug-bountybug-bountiesstatic-analysis
  Language:Python 866

• alexbieber / Bug_Bounty_writeups

  BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔

  bugbug-bountybug-bounty-huntersbug-bounty-huntingbug-bounty-reconbugbountybugcrowdfacebookgooglehackeronebug-bounty-pocbug-pocintegritialexbieber
  Language:Python 828
• DataSurgeon

  Drew-Alleman / DataSurgeon

  Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

  cybersecurityincident-responserustsearchsecurity-toolsbug-bountyemailhackingip-addresspentestingreconreconnaissancerust-langfile-searchregexctf-toolssearch-toolsinfosecosintwindows
  Language:Rust 760