#Bug-bounty
Showing 60 of 305 repositories tagged #bug-bounty, ranked by stars
A collection of various awesome lists for hackers, pentesters and security researchers
Open-source AI penetration testing tool to find and fix your appโs vulnerabilities.
Web path scanner
A list of resources for those interested in getting started in bug bounties
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
The all-in-one browser extension for offensive security professionals ๐
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
A Security Tool for Bug Bounty, Pentest and Red Teaming.
AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.
๐ก Comprehensive collection of OSINT tools for cybersecurity professionals, researchers, and bug bounty hunters. Topics: information gathering, reverse search, red team, trust & safety, AI.
๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
Semi-automatic OSINT framework and package manager
This challenge is Inon Shkedy's 31 days API Security Tips.
ChatGPT Plus/Team/Pro ่ฎข้ ๅ่ฎฎ็ซฏๅฐ็ซฏ้ๆพๅทฅๅ ท้ ยท hCaptcha ่ง่งๆฑ่งฃๅจ ยท ๅๆฌบ่ฏๆบๅถๅฎ่ฏ็ ็ฉถ / End-to-end protocol replay toolkit for ChatGPT Plus/Team/Pro subscription with from-scratch hCaptcha solver and empirical anti-fraud research
Collection of quality safety articles. Awesome articles.
DNS Takeover tool written in Go
Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with ReAct reasoning โ supports bug bounty, continuous monitoring, and CTF modes. Built with Go, Claude API, and 7+ native security tools.
Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
OSINT tools and more but without API key
Asset inventory of over 800 public bug bounty programs.
ไธๆฌพไฟกๆฏๆณๆผๅฉ็จๅทฅๅ ท๏ผ้็จไบ.git/.svn/.DS_Storeๆณๆผๅ็ฎๅฝๅๅบ
ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes
Obtain GraphQL API schema even if the introspection is disabled
API Security Project aims to present unique attack & defense methods in API Security field
A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!
๐ฆ ๐ฆ ๐ฆ Peripheral smart contracts for interacting with Uniswap v3
Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
The most exhaustive list of reliable DNS resolvers.
A Powerful Subdomain Takeover Tool
Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling endโtoโend engagement management, from reconnaissance through execution and reporting. With built-in command automation, output parsing, and AIโassisted summaries, it delivers faster, more structured, and highโquality security assessments.
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
A fast WordPress plugin enumeration tool
A cross-platform note-taking & target-tracking app for penetration testers.
Open source templates you can use to bootstrap your security programs
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
Work in progress...
crawls the website and finds broken social media links that can be hijacked
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
156 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with browser fingerprint evasion, anti-bot bypass, hardcoded credential hunting, SCADA/ICS enumeration.
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Xalgorix - Autonomous AI Pentesting Agents
Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.
ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More
Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.
A Comprehensive Web Fuzzer and Content Discovery Tool
Work in progress...
a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
ๅฎๆ SRC / ไผๆต / Bug bounty ๆผๆดๆๆ Claude Code skill โ 19 ไธชๆปๅป็ฑป playbookใ305 ไธช็ปๆๅ payloadใ263 ไธช WAF/EDR ็ป่ฟใ2887 ไปฝ HackerOne ็ๅฎๆกไพใ88,636 WooYun ๆกไพ็ป่ฎก
๐ฅ Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.