bugbountytips

There are 52 repositories under bugbountytips topic.

• KathanP19 / HowToHunt

  Collection of methodology and test case for various web vulnerabilities.

  vulnerabilitytutorialsbughunting-methodologybugbountybugbountytips
  5608

• daffainfo / AllAboutBugBounty

  All about bug bounty (bypasses, payloads, and etc)

  bugbountybugbountytipsbypasspayloadsreconnaissancebughackingsecuritypayloadpenetration-testingvulnerabilityinfosecpentest
  5439

• devanshbatham / Awesome-Bugbounty-Writeups

  A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

  bugbountybugbountytipsbughuntingbugbounty-writeupssecurity-writeupsbugbounty-blogsbugbounty-yahoobugbounty-facebookbughunting-methodologybughunting-writeups
  Language:Python 4401
• WebHackersWeapons

  hahwul / WebHackersWeapons

  ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

  bugbountybugbountytipshackingwebhackingsecuritytoolsscannerawesome-list
  Language:Ruby 3674

• gwen001 / pentest-tools

  A collection of custom security tools for quick needs.

  auditbugbountyenumerationhackingnmappentestingreconsectoolssecuritysecurity-toolsbugbountytipsbashphppython
  Language:Python 3046

• dwisiswant0 / awesome-oneliner-bugbounty

  A collection of awesome one-liner scripts especially for bug bounty tips.

  bugbountybugbountytipsbashone-linersawesomebug-bountyliner-scriptsreconhacktoberfest
  2449

• inonshk / 31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  pentestapi-pentestbug-bountyapi-securitysecuritybugbountytipsbugbountyinfosec
  2064

• insightglacier / Dictionary-Of-Pentesting

  Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

  pentestingfuzzingbruteforcebugbountydictionarywebsecurityiot-securitypasswordpentestregex-patterndnssubdomaindatabasewifibugbountytipsbughunting-methodologyfingerprintrcespring-bootpayloads
  Language:Shell 1824
• HolyTips

  HolyBugx / HolyTips

  A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

  securitywebwebappwebsecuritybugbountybugbountytipsbugbounty-writeupspentestpentestingwriteupsapiapi-securitychecklist
  1734
• top25-parameter

  lutfumertceylan / top25-parameter

  For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

  vulnerability-detectionvulnerability-researchbugbountypentestingpentest-toolbugbountytipssecurityinfosecxss-detection
  1615
• learn365

  harsh-bothra / learn365

  This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

  bugbountycommunityinfosecvulnerabilitiesbugbountytipspentestingpentesting-toolslearningapplication-security
  1526

• 0xmaximus / Galaxy-Bugbounty-Checklist

  Tips and Tutorials for Bug Bounty and also Penetration Tests.

  bugbountybughackeronebugbountytricksbugbounty-toolbugbountytipsbugbounty-reportsbugbounty-checklistbugcrowdbugsethical-hackingethical-hackerred-teamred-teamingvulnerabilitiesvulnerability
  1328

• Cyber-Guy1 / API-SecurityEmpire

  API Security Project aims to present unique attack & defense methods in API Security field

  cybersecuritypenetration-testingapisecurityinformation-securitybugbountyapibug-bountyinfoseccybersectipsbugbountytips
  1290

• xalgord / Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

  bugbountyresourceshackingowaspowasp-top-10bug-bountybugbountytipsxalgordcollectionethical-hacking
  1192
• metabigor

  j3ssie / metabigor

  OSINT tools and more but without API key

  osintsecuritypentestinginfosecbugbountyip-osintip-rangeasnreconnaissancesubdomainsecurity-toolsbugbounty-toolsbugbountytipssubdomainsbug-bountyrecon
  Language:Go 1148

• Viralmaniar / BigBountyRecon

  BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

  osintreconreconnaissancecybersecurityoffensive-securitypentestingpentest-toolbugbountybugbounty-toolbugbountytipsred-teamred-teamingblue-teampurple-teampurple-teams
  Language:C# 1134

• trickest / inventory

  Asset inventory of over 800 public bug bounty programs.

  securitybugbountybugbountytipsinfosecreconnaissancereconpentestinghackingsecurity-toolsred-teampenetration-testingsoftware-securitypentest-toolosintosint-toolosint-resourcesthreat-intelligencebug-bountyfuzzing
  Language:Shell 1128
• XSpear

  hahwul / XSpear

  🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

  xsshackingbugbountypentestscannertoolgemrubylibraryscanning-xssseleniumbugbountytipswebhacking
  Language:Ruby 1117

• random-robbie / bruteforce-lists

  Some files for bruteforcing certain things.

  bruteforcedirbusterbugbountybugbountytipsbruteforce-wordlistwordlistwordlist-attackwordlists
  1012
• BugBountyBooks

  akr3ch / BugBountyBooks

  A collection of PDF/books about the modern web application security and bug bounty.

  bugbountybugbountybooksbugbountypdfbugbountytipscheatsheetshackingbooks
  810

• R0X4R / Garud

  An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

  bugbountybugbountytipsbugbounty-toolreconnaissancesubdomain-takeovergolangbash-scriptpenetration-testingpenetration-testing-toolsgarudgf-patternsassetfindervulnerabilityvulnerability-scanner
  Language:Shell 750

• indianajson / can-i-take-over-dns

  "Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones

  dnsdns-takeoversubdomain-takeoverdomain-takeovernameserversdangling-dnsinfosecbugbountybugbountytipstakeover-subdomainhackinghacking-tooldns-hijacking
  735
• findom-xss

  dwisiswant0 / findom-xss

  A fast DOM based XSS vulnerability scanner with simplicity.

  bugbountybugbountytipsxssxss-scannerpentestpentestingfindom-xss
  Language:Shell 718
• MobileHackersWeapons

  hahwul / MobileHackersWeapons

  Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

  androidawesome-listbugbountybugbountytipshackingiosmobilehacksscannersecuritytools
  Language:Go 643

• payloadbox / ssti-payloads

  🎯 Server Side Template Injection Payloads

  server-side-template-injectionsstiinjectionpayloadpayloadspayloadboxbugbountybountybugbountytipswebsecuritywebsecuritysecurity-auditsourcecodesource-code-analysiscode-security
  568
• ppfuzz

  dwisiswant0 / ppfuzz

  A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

  rust-toolsprototype-pollutionbugbountybugbounty-toolbugbountytipsvulnerability-scannersrustsecuritysecurity-toolschromium
  Language:Rust 546

• tuhin1729 / Bug-Bounty-Methodology

  These are my checklists which I use during my hunting.

  bugbountycybersecurityethical-hackinginfosecpenetration-testingpentestingvulnerabilitybugbountytips
  Language:HTML 483

• taielab / Taie-Bugbounty-killer

  挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

  bugbountybugbounty-toolbugbountytips
  399

• Puliczek / CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera

  🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

  securityexploithackingcybersecuritywriteupsbugbountycvepentestpayloadred-teambugbountytipsbugbounty-writeupssecurity-writeupspentestingcve-2022-0337
  Language:HTML 325

• edoardottt / missing-cve-nuclei-templates

  Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

  cvenucleinuclei-templatesbug-bountybugbountysecurityautomationbug-huntingbugbounty-toolcve-scanninghackingsecurity-toolsbugbountytipspenetration-testingpentestingvulnerability-detectionvulnerability-scannersnuclei-engineprojectdiscovery
  Language:Shell 280
• Subrake

  hash3liZer / Subrake

  🚀 A DNS automated scanner and tool 🖱️ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).

  bugbountytipsreconnaissancesubdomain-bruteforcingsubdomain-enumerationsubdomain-scannersubdomain-takeoverdns-takeoverzone-transferszone-takeover
  Language:CSS 275

• trickest / mksub

  Generate tens of thousands of subdomain combinations in a matter of seconds

  bugbountybugbountytipsenumerationinfosecinfosectoolspenetration-testingpenetration-testing-toolspentestingpentesting-toolsreconreconnaissancesecuritysecurity-toolssubdomainsubdomain-enumerationsubdomain-findersubdomain-scanner
  Language:Go 245

• Neelakandan-A / BugBounty_CheatSheet

  BugBounty_CheatSheet

  bugbountytipsbugbounty-writeupsbugbountytricksbugbounty-tool
  240
• learn365

  dn0m1n8tor / learn365

  This repository is about @AnubhavSingh_'s 365 days of Learning Tweets collection.

  application-securitybugbountybugbountytipscommunityinfoseclearningpentestingpentesting-toolsvulnerabilities
  228

• dwisiswant0 / cf-check

  CloudFlare Checker written in Go

  gogolangscannerip-scannercloudflarebugbountybugbountytipsbugbounty-tool
  Language:Go 217

• serain / bbrecon

  Python library and CLI for the Bug Bounty Recon API

  bug-bounty-reconbugbountybugbountytipsbugcrowdcybersecurityfederacyhackenproofhackeronehackingosintreconsecurityweb-securityyeswehack
  Language:Python 215