#Bug-bounty

Showing 60 of 305 repositories tagged #bug-bounty, ranked by stars

Hack-with-Github
Hack-with-Github
Awesome-Hacking

A collection of various awesome lists for hackers, pentesters and security researchers

Score
100
โ˜… 115.8k โ‘‚ 10.5k +179/day
usestrix
usestrix
strix

Open-source AI penetration testing tool to find and fix your appโ€™s vulnerabilities.

Score
100
โ˜… 39.8k โ‘‚ 4.2k +443/day
Python
maurosoria
maurosoria
dirsearch

Web path scanner

Score
86
โ˜… 14.5k โ‘‚ 2.4k +7/day
Python
nahamsec
nahamsec
Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

Score
97
โ˜… 12.1k โ‘‚ 2.0k +7/day
yogeshojha
yogeshojha
rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Score
100
โ˜… 8.7k โ‘‚ 1.3k +11/day
HTML
six2dez
six2dez
reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Score
100
โ˜… 7.8k โ‘‚ 1.2k +60/day
Shell
LasCC
LasCC
HackTools

The all-in-one browser extension for offensive security professionals ๐Ÿ› 

Score
93
โ˜… 6.8k โ‘‚ 769 +69/day
TypeScript
skerkour
skerkour
black-hat-rust

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Score
50
โ˜… 4.4k โ‘‚ 434 โ€”
Rust
zan8in
zan8in
afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Score
100
โ˜… 4.3k โ‘‚ 474 +3/day
Go
shuvonsec
shuvonsec
claude-bug-bounty

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

Score
99
โ˜… 3.9k โ‘‚ 692 +42/day
Python
Astrosp
Astrosp
Awesome-OSINT-List

๐Ÿ“ก Comprehensive collection of OSINT tools for cybersecurity professionals, researchers, and bug bounty hunters. Topics: information gathering, reverse search, red team, trust & safety, AI.

Score
99
โ˜… 3.7k โ‘‚ 480 +31/day
Shell
danieldurnea
danieldurnea
FBI-tools

๐Ÿ•ต๏ธ OSINT Tools for gathering information and actions forensics ๐Ÿ•ต๏ธ

Score
85
โ˜… 2.6k โ‘‚ 369 +9/day
kpcyrd
kpcyrd
sn0int

Semi-automatic OSINT framework and package manager

Score
100
โ˜… 2.5k โ‘‚ 222 +2/day
Rust
inonshk
inonshk
31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

Score
84
โ˜… 2.2k โ‘‚ 350 โ€”
DanOps-1
DanOps-1
Gpt-Agreement-Payment

ChatGPT Plus/Team/Pro ่ฎข้˜…ๅ่ฎฎ็ซฏๅˆฐ็ซฏ้‡ๆ”พๅทฅๅ…ท้›† ยท hCaptcha ่ง†่ง‰ๆฑ‚่งฃๅ™จ ยท ๅๆฌบ่ฏˆๆœบๅˆถๅฎž่ฏ็ ”็ฉถ / End-to-end protocol replay toolkit for ChatGPT Plus/Team/Pro subscription with from-scratch hCaptcha solver and empirical anti-fraud research

Score
100
โ˜… 2.1k โ‘‚ 9 +6/day
Python
tom0li
tom0li
collection-document

Collection of quality safety articles. Awesome articles.

Score
84
โ˜… 2.1k โ‘‚ 508 โ€”
haccer
haccer
subjack

DNS Takeover tool written in Go

Score
92
โ˜… 2.1k โ‘‚ 350 โ€”
Go
Armur-Ai
Armur-Ai
Pentest-Swarm-AI

Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with ReAct reasoning โ€” supports bug bounty, continuous monitoring, and CTF modes. Built with Go, Claude API, and 7+ native security tools.

Score
98
โ˜… 2.0k โ‘‚ 401 +24/day
Go
0xSteph
0xSteph
pentest-ai-agents

Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.

Score
98
โ˜… 2.0k โ‘‚ 388 +30/day
Shell
nsonaniya2010
nsonaniya2010
SubDomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Score
57
โ˜… 1.9k โ‘‚ 236 โ€”
Python
xalgord
xalgord
Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

Score
87
โ˜… 1.8k โ‘‚ 297 โ€”
j3ssie
j3ssie
metabigor

OSINT tools and more but without API key

Score
98
โ˜… 1.6k โ‘‚ 188 +30/day
Go
trickest
trickest
inventory

Asset inventory of over 800 public bug bounty programs.

Score
80
โ˜… 1.6k โ‘‚ 282 โ€”
Shell
0xHJK
0xHJK
dumpall

ไธ€ๆฌพไฟกๆฏๆณ„ๆผๅˆฉ็”จๅทฅๅ…ท๏ผŒ้€‚็”จไบŽ.git/.svn/.DS_Storeๆณ„ๆผๅ’Œ็›ฎๅฝ•ๅˆ—ๅ‡บ

Score
43
โ˜… 1.6k โ‘‚ 151 โ€”
Python
Autumn-27
Autumn-27
ScopeSentry

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

Score
97
โ˜… 1.5k โ‘‚ 214 +5/day
Go
nikitastupin
nikitastupin
clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

Score
92
โ˜… 1.5k โ‘‚ 134 +3/day
Python
Cyber-Guy1
Cyber-Guy1
API-SecurityEmpire

API Security Project aims to present unique attack & defense methods in API Security field

Score
78
โ˜… 1.4k โ‘‚ 251 โ€”
taielab
taielab
awesome-hacking-lists

A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!

Score
92
โ˜… 1.4k โ‘‚ 264 +5/day
Uniswap
Uniswap
v3-periphery

๐Ÿฆ„ ๐Ÿฆ„ ๐Ÿฆ„ Peripheral smart contracts for interacting with Uniswap v3

Score
71
โ˜… 1.3k โ‘‚ 1.2k โ€”
TypeScript
0xSteph
0xSteph
pentest-ai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

Score
97
โ˜… 1.3k โ‘‚ 246 +26/day
Python
CyberStrikeus
CyberStrikeus
CyberStrike

AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.

Score
96
โ˜… 1.2k โ‘‚ 192 +75/day
TypeScript
yassineaboukir
yassineaboukir
sublert

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Score
76
โ˜… 1.0k โ‘‚ 165 โ€”
Python
trickest
trickest
resolvers

The most exhaustive list of reliable DNS resolvers.

Score
96
โ˜… 1.0k โ‘‚ 113 +2/day
Ice3man543
Ice3man543
SubOver

A Powerful Subdomain Takeover Tool

Score
31
โ˜… 966 โ‘‚ 198 โ€”
Go
reconmap
reconmap
reconmap

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling endโ€‘toโ€‘end engagement management, from reconnaissance through execution and reporting. With built-in command automation, output parsing, and AIโ€‘assisted summaries, it delivers faster, more structured, and highโ€‘quality security assessments.

Score
95
โ˜… 938 โ‘‚ 133 +1/day
JavaScript
bl4de
bl4de
security-tools

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

Score
71
โ˜… 922 โ‘‚ 182 โ€”
Python
Chocapikk
Chocapikk
wpprobe

A fast WordPress plugin enumeration tool

Score
85
โ˜… 916 โ‘‚ 119 โ€”
Go
ehrishirajsharma
ehrishirajsharma
SwiftnessX

A cross-platform note-taking & target-tracking app for penetration testers.

Score
74
โ˜… 915 โ‘‚ 128 โ€”
JavaScript
securitytemplates
securitytemplates
sectemplates

Open source templates you can use to bootstrap your security programs

Score
90
โ˜… 909 โ‘‚ 128 +1/day
intigriti
intigriti
misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Score
77
โ˜… 904 โ‘‚ 76 โ€”
Go
Drew-Alleman
Drew-Alleman
DataSurgeon

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

Score
0
โ˜… 902 โ‘‚ 72 โ€”
Rust
ivan-sincek
ivan-sincek
penetration-testing-cheat-sheet

Work in progress...

Score
94
โ˜… 829 โ‘‚ 165 โ€”
PHP
utkusen
utkusen
socialhunter

crawls the website and finds broken social media links that can be hijacked

Score
15
โ˜… 775 โ‘‚ 81 +1/day
Go
aaaguirrep
aaaguirrep
offensive-docker

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Score
72
โ˜… 768 โ‘‚ 160 โ€”
Dockerfile
vigolium
vigolium
vigolium

Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision

Score
69
โ˜… 766 โ‘‚ 120 +8/day
Go
B3nac
B3nac
InjuredAndroid

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Score
75
โ˜… 755 โ‘‚ 163 โ€”
Kotlin
uphiago
uphiago
recon-skills

156 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with browser fingerprint evasion, anti-bot bypass, hardcoded credential hunting, SCADA/ICS enumeration.

Score
95
โ˜… 723 โ‘‚ 138 +146/day
Python
hueristiq
hueristiq
xurlfind3r

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

Score
46
โ˜… 706 โ‘‚ 78 โ€”
Go
r3curs1v3-pr0xy
r3curs1v3-pr0xy
vajra

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Score
72
โ˜… 703 โ‘‚ 158 โ€”
JavaScript
xalgord
xalgord
xalgorix

Xalgorix - Autonomous AI Pentesting Agents

Score
94
โ˜… 701 โ‘‚ 123 +1/day
Go
momenbasel
momenbasel
keyFinder

Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.

Score
93
โ˜… 692 โ‘‚ 120 +2/day
JavaScript
MindPatch
MindPatch
scant3r

ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )

Score
95
โ˜… 685 โ‘‚ 150 โ€”
Python
AnLoMinus
AnLoMinus
Bug-Bounty

Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More

Score
82
โ˜… 642 โ‘‚ 109 +2/day
Shell
eslam3kl
eslam3kl
SQLiDetector

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

Score
93
โ˜… 635 โ‘‚ 113 โ€”
Clojure
phra
phra
rustbuster

A Comprehensive Web Fuzzer and Content Discovery Tool

Score
67
โ˜… 559 โ‘‚ 64 +1/day
Rust
ivan-sincek
ivan-sincek
wifi-penetration-testing-cheat-sheet

Work in progress...

Score
69
โ˜… 545 โ‘‚ 87 โ€”
EnableSecurity
EnableSecurity
awesome-rtc-hacking

a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE

Score
91
โ˜… 545 โ‘‚ 52 +3/day
MyuriKanao
MyuriKanao
src-hunter-skill

ๅฎžๆˆ˜ SRC / ไผ—ๆต‹ / Bug bounty ๆผๆดžๆŒ–ๆŽ˜ Claude Code skill โ€” 19 ไธชๆ”ปๅ‡ป็ฑป playbookใ€305 ไธช็ป“ๆž„ๅŒ– payloadใ€263 ไธช WAF/EDR ็ป•่ฟ‡ใ€2887 ไปฝ HackerOne ็œŸๅฎžๆกˆไพ‹ใ€88,636 WooYun ๆกˆไพ‹็ปŸ่ฎก

Score
91
โ˜… 539 โ‘‚ 69 +23/day
ByCh4n
ByCh4n
BCHackTool

๐Ÿ”ฅ Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.

Score
86
โ˜… 531 โ‘‚ 88 +1/day
Shell
cc1a2b
cc1a2b
JShunter

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.

Score
62
โ˜… 528 โ‘‚ 59 +2/day
Go
Related Topics
#security#penetration-testing#pentesting#hacking#bugbounty#infosec#security-tools#osint#cybersecurity#reconnaissance#pentest#recon

ยฉ 2026 GitRepoTrend ยท GitHub repositories by topic ยท Updated weekly