There are 285 repositories under bugbounty topic.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Web path scanner
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
A list of interesting payloads, tips and tricks for bug bounty hunters.
A Workflow Engine for Offensive Security
Tutorials and Things to Do while Hunting Vulnerability.
httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
Automated All-in-One OS Command Injection Exploitation Tool.
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Scanning APK file for URIs, endpoints & secrets.
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
All about bug bounty (bypasses, payloads, and etc)
Automated NoSQL database enumeration and web application exploitation tool.
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
🎯 SQL Injection Payload List
🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
Penetration tests guide based on OWASP including test cases, resources and examples.
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
This challenge is Inon Shkedy's 31 days API Security Tips.
The Swiss Army knife for automated Web Application Testing
A collection of awesome one-liner scripts especially for bug bounty tips.