xalgord

Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

My-Methodologies

Tools and methods that I personally use for Recon and Exploitations

eWPT-preparation

For my Personal Preparation.

python

python projects

LFIgo

A faster LFI Fuzzer.

SQLiDetector

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

basic-automations

For Personal Use Only.

dat-web

A company registration website.

diodb

Open-source vulnerability disclosure and bug bounty program database

formcrawler

crawl the URLs having forms

Mass-ParamSpider

(Mass) Mining parameters from dark corners of Web Archives

My-Notes-for-eJPTv2

NucleiFuzzer

NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications

spyhunt

recon for bug hunters

automation

bbht

A script to set up a quick Ubuntu 17.10 x64 box with tools I use.

extractioner

Extract the links from text files

feroxtioner

A Bash script to run feroxbuster on multiple urls

Gsec

Web Security Scanner

Gxss

A tool to check a bunch of URLs that contain reflecting params.

Projects

public-bugbounty-programs

Community curated list of public bug bounty and responsible disclosure programs.

Recon-Flask-App

Sn1per

Attack Surface Management Platform

something

split-files

Splits a single text file into mutiple text files.

SSTImap

Automatic SSTI detection tool with interactive interface

SubDomz

An Automated Subdomain Enumeration Tool

Useful-Resources

xalgord

Config files for my GitHub profile.