#Bugbounty
Showing 60 of 592 repositories tagged #bugbounty, ranked by stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Web path scanner
Fast passive subdomain enumeration tool.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
A list of resources for those interested in getting started in bug bounties
An HTTP toolkit for security research.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
The recursive internet scanner for hackers. π§‘
OneForAllζ―δΈζ¬Ύεθ½εΌΊε€§ηεεζΆιε·₯ε ·
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
All about bug bounty (bypasses, payloads, and etc)
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password π‘οΈ
A list of interesting payloads, tips and tricks for bug bounty hunters.
A Modern Orchestration Engine for Security
Top disclosed reports from HackerOne
Scanning APK file for URIs, endpoints & secrets.
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( Ν‘Β° ΝΚ Ν‘Β°)...
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Automated All-in-One OS Command Injection Exploitation Tool
"Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.
ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
βοΈ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
An OOB interaction gathering server and client library
Knock Subdomain Scan
π Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
An step by step fuzzing tutorial. A GitHub Security Lab initiative
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
Automated NoSQL database enumeration and web application exploitation tool.
A collection of custom security tools for quick needs.
Rockyou for web fuzzing
Quickly discover exposed hosts on the internet using multiple search engines.
Gospider - Fast web spider written in Go
Penetration tests guide based on OWASP including test cases, resources and examples.
Web Fuzzing Box - Web 樑η³ζ΅θ―εε ΈδΈδΈδΊPayloads
π Caido releases, wiki and roadmap
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
The Swiss Army knife for automated Web Application Testing
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Automatically brute force all services running on a target.
This challenge is Inon Shkedy's 31 days API Security Tips.
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
OWASP Web Application Security Testing Checklist
DNS Takeover tool written in Go
Hidden parameters discovery suite
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. π‘οΈβοΈπ§
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
π« Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Metlo is an open-source API security platform.