bugbounty

There are 285 repositories under bugbounty topic.

• PayloadsAllTheThings

  swisskyrepo / PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application
  Language:Python 38438
• PENTESTING-BIBLE

  blaCCkHatHacEEkr / PENTESTING-BIBLE

  Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

  awesomeawesome-listbugbountycsrfdorkhackinghacking-toolinformation-gatheringkali-linuxlinuxmalwaremalware-analysisosintosint-resourcespentestingredteamresourcessql-injectionwindowsxxe
  9835

• maurosoria / dirsearch

  Web path scanner

  appsecbrutebug-bountybugbountydirsearchenumerationfuzzerfuzzinghackinghacking-toolinfosecpenetration-testingpentest-toolpentestingpythonscannersecuritywordlist
  Language:Python 8121

• projectdiscovery / subfinder

  Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

  bugbountyhackingosintreconnaissancesubdomain-enumerationsubdomains
  Language:Go 5744
• OneForAll

  shmilylty / OneForAll

  OneForAll是一款功能强大的子域收集工具

  subdomainsubdomain-scannersubdomain-enumerationsubdomain-bruteforcingsubdomain-collectionsubdomian-findsubdomain-takeoversubdomain-crawleroneforallpythonosintbugbountypentest-toolinformation-gatheringzone-transfersaltnamereconnseccontent-security-policycrossdomainxml
  Language:Python 5007

• projectdiscovery / nuclei-templates

  Community curated list of templates for the nuclei engine to find security vulnerabilities.

  nuclei-templatesnucleibugbountysecuritynuclei-checksexploitsexploit-developmentvulnerability-detectionfingerprint
  4551
• wstg

  OWASP / wstg

  The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

  best-practicesguideowaspbugbountypenetration-testingpentestingapplication-securitysecurityhacktoberfest
  Language:Dockerfile 4503
• hetty

  dstotijn / hetty

  An HTTP toolkit for security research.

  bugbountyhttpinfosecmitmpentestingproxy
  Language:Go 4372
• rengine

  yogeshojha / rengine

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

  security-toolsosintreconrecon-enginereconnaissancescannerscanner-webrengineinformation-gatheringbugbountyhackingscanningpentestingbug-bountyinfosecpenetration-testing
  Language:JavaScript 4244

• EdOverflow / bugbounty-cheatsheet

  A list of interesting payloads, tips and tricks for bug bounty hunters.

  bugbountyinfosecpayloadssecurity
  4225

• j3ssie / osmedeus

  A Workflow Engine for Offensive Security

  scanningreconnaissancepenetration-testingsecurity-toolspentest-toolhacking-toolinformation-gatheringhackingosintosmedeusbugbountypentestinggolangsecuritygobug-bounty
  Language:Go 3894

• KathanP19 / HowToHunt

  Tutorials and Things to Do while Hunting Vulnerability.

  vulnerabilitytutorialsbughunting-methodologybugbountybugbountytips
  3770

• projectdiscovery / httpx

  httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

  bugbountycybersecurityhacktoberfesthttposintpentest-toolpipelinessl-certificate
  Language:Go 3319
• commix

  commixproject / commix

  Automated All-in-One OS Command Injection Exploitation Tool.

  pythoncommand-injectiondetectionexploitationpentestingvulnerability-scannerbugbountyopensourcetakeover
  Language:Python 3316

• payloadbox / xss-payload-list

  🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

  bugbountycross-site-scriptingdom-basedpayloadpayloadsreflected-xss-vulnerabilitiesself-xsswebsecuritywebsite-vulnerabilityxssxss-attacksxss-detectionxss-exploitationxss-injectionxss-payloadxss-payloadsxss-pocxss-scannerxss-scannersxss-vulnerability
  3286
• can-i-take-over-xyz

  EdOverflow / can-i-take-over-xyz

  "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

  bugbountyinfoseclistsecuritysubdomainsubdomain-takeovers
  3136
• apkleaks

  dwisiswant0 / apkleaks

  Scanning APK file for URIs, endpoints & secrets.

  mobile-securityandroid-securityreverse-engineeringbugbountystatic-analysisapkscanning-apkapk-parser
  Language:Python 3029

• 1N3 / IntruderPayloads

  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

  burpsuiteintruderpayloadsfuzz-listsfuzzingfuzzinjectionburpsuite-engagementburpsuite-intruderattacksql-injectionbugbounty
  Language:BlitzBasic 2970
• hakrawler

  hakluke / hakrawler

  Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

  bugbountycrawlinghackingosintpentestingreconreconnaissance
  Language:Go 2792
• reconftw

  six2dez / reconftw

  reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

  bugbountyhackingreconpentestsubdomainnucleiraspberryvulnerabilitiesscannerfuzzinginfosecosintpenetration-testingpentestingreconnaissance
  Language:Shell 2781

• TophantTechnology / ARL

  ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

  arlasset-reconnaissance-lighthousebugbountypentest-toolpythonreconsecurity-tools
  Language:Python 2726

• devanshbatham / Awesome-Bugbounty-Writeups

  A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

  bugbountybugbountytipsbughuntingbugbounty-writeupssecurity-writeupsbugbounty-blogsbugbounty-yahoobugbounty-facebookbughunting-methodologybughunting-writeups
  Language:Python 2673

• ihebski / DefaultCreds-cheat-sheet

  One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

  blueteambugbountycheatsheetcredentials-gatheringcybersecuritydefault-passwordexploitinfosecoffensive-securitypentestpentesting
  Language:Jupyter Notebook 2509

• daffainfo / AllAboutBugBounty

  All about bug bounty (bypasses, payloads, and etc)

  bugbugbountybugbountytipsbypasshackingpayloadpayloadspenetration-testingreconnaissancesecurityvulnerability
  2375

• codingo / NoSQLMap

  Automated NoSQL database enumeration and web application exploitation tool.

  nosqlnosql-databasespenetration-testingscannersecurity-auditsecurity-toolssecurity-toolsetoffensive-securityenumerationdatabasesmongodbcouchdbweb-application-securitybugbountyredismongodb-databasesql-injectionhackinghacking-toolhacktoberfest
  Language:Python 2082
• WebHackersWeapons

  hahwul / WebHackersWeapons

  ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

  bugbountybugbountytipshackingwebhackingsecuritytoolsscannerawesome-list
  Language:Go 2033

• vaib25vicky / awesome-mobile-security

  An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

  pentestingiosios-securityandroidsecurity-toolsawesomeredteamhacking-toolshackingmobilemobile-securityandroid-securityawesome-listresourcesbugbountyreverse-engineering
  1976

• payloadbox / sql-injection-payload-list

  🎯 SQL Injection Payload List

  sql-injectionattackersql-injection-attackssql-injection-proofsql-injection-exploitationsql-injectionssql-injection-payloadsinjection-payloadssql-injection-filterersql-injection-attackowasp-top-10payloadspayloadwebsecuritybugbountysecurity-researchhackingsql-injectinjection-attacksinjection
  1885
• dalfox

  hahwul / dalfox

  🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

  xsssecuritybugbountybugbounty-toolgolangxss-scannerdevsecopscicd-pipelinevulnerabilityxss-detectionxss-bruteforcexss-exploit
  Language:Go 1848

• sa7mon / S3Scanner

  Scan for open S3 buckets and dump the contents

  s3awsinfosecbugbountys3scanner
  Language:Python 1816
• pentest-guide

  Voorivex / pentest-guide

  Penetration tests guide based on OWASP including test cases, resources and examples.

  pentestbugbountyowasp-testspenetration-testingvulnerabilitypayloadbypasswriteup
  1805
• malicious-pdf

  jonaslejon / malicious-pdf

  💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

  bugbountybugbounty-toolpdfpdf-generationpenetration-testpenetration-testingpenetrationtestingpentestingpentesting-tools
  Language:Python 1739

• opsdisk / pagodo

  pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

  google-dorksgoogle-hacking-databasepythongoogledorkosintosint-pythonghdbgoogle-dorkyagooglesearchbugbounty
  Language:Python 1654

• inonshk / 31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  pentestapi-pentestbug-bountyapi-securitysecuritybugbountytipsbugbountyinfosec
  1651

• jaeles-project / jaeles

  The Swiss Army knife for automated Web Application Testing

  bugbountygolanghackinginfosecjaelesscannersecurity-toolsvulnerabilitiesweb-scanner
  Language:Go 1559

• dwisiswant0 / awesome-oneliner-bugbounty

  A collection of awesome one-liner scripts especially for bug bounty tips.

  bugbountybugbountytipsbashone-linersawesomebug-bountyliner-scriptsreconhacktoberfest
  1553