There are 8 repositories under bughunting topic.
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Making Favicon.ico based Recon Great again !
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.
ANTLR v4 grammar-based test generator
A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Here I gather all the resources about hacking that I find interesting
Tools for BugHunting
Tools of "The Bug Hunters Methodology V2 by @jhaddix"
Fuzzinator Random Testing Framework
Hunt down the secrets from the WebArchives for Fun and Profit
Docker Remote API Scanner and Exploit
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
R3C0Nizer is the first ever CLI based menu-driven web application B-Tier recon framework.
Hacking tools
Weaponizing Live CT logs for automated monitoring of assets
Describe how to use ffuf different options with examples
Java bytecode analyzer customizable via JSON rules
Chart-Of-Wordlist helps to create your own custom wordlist. Also in one repository, you can find a list of awesome wordlist.
Hackliner: Cybersec/Bughunting Oneliners
subfalcon is a subdomain enumeration tool that allows you to discover and monitor subdomains for a given list of domains. It fetches subdomains from various sources [crtsh, hackertargetapi, anubis, alienvault, rappiddns, urlscan ] , saves them to a SQLite database, and can notify updates via Discord.
هذا المستودع هي محاولة منا لاثراء المحتوي العربي بخصوص البج بونتي ومايحتويه من انواع ثغرات الي تقنيات مختلفة الي مصادر متعددة
I provide educational resources in this repository for starting bug hunting from scratch. The content will be updated over time! Also, I would be happy if you introduce new resources to be added
ParamWizard is a powerful Python-based tool designed for extracting and identifying URLs with parameters from a specified website. It provides a comprehensive way to discover hidden parameters within a web application by crawling and analyzing the URLs of the domain.
The official OWASP BLT App repository/ Heist 'em bugs!
this is an guide for people aspiring to enter the world of cybersecurity
Extract parameters/paths from urls
'SWEETMON' is a fuzzer monitoring service based python3 + django. User can check their fuzzers and crashes on the web. It can reduce repetitive work for fuzz testers. This is a legacy sweetmon. The new sweetmon is now being developed https://github.com/sweetchipsw/sweetmon2