There are 49 repositories under bugbounty-tool topic.
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Tips and Tutorials for Bug Bounty and also Penetration Tests.
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
The fastest dork scanner written in Go.
平常看到好的渗透hacking工具和多领域效率工具的集合
Automation for javascript recon in bug bounty.
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
挖掘国内外漏洞平台必备的自动化捡钱赏金技巧,看了并去做了捡钱如喝水。
A python tool to check subdomain takeover vulnerability
Discover new target domains using Content Security Policy
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
BugBounty_CheatSheet
An online handy-recon tool
CloudFlare Checker written in Go
Subdomains analysis and generation tool. Reveal the hidden!
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.
Tools & Resources for Cyber Security Operations
Cross Origin Resource Sharing MisConfiguration Scanner
A web hacking toolkit (docker image).
A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.
R3C0Nizer is the first ever CLI based menu-driven web application B-Tier recon framework.
A Python script designed to monitor bug bounty programs for any changes and promptly notify users.