#Bugbounty

Showing 60 of 592 repositories tagged #bugbounty, ranked by stars

swisskyrepo
swisskyrepo
PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Score
100
β˜… 79.0k β‘‚ 17.2k +72/day
Python
maurosoria
maurosoria
dirsearch

Web path scanner

Score
98
β˜… 14.5k β‘‚ 2.4k +7/day
Python
projectdiscovery
projectdiscovery
subfinder

Fast passive subdomain enumeration tool.

Score
100
β˜… 14.0k β‘‚ 1.6k +14/day
Go
projectdiscovery
projectdiscovery
nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Score
100
β˜… 12.6k β‘‚ 3.6k +13/day
JavaScript
nahamsec
nahamsec
Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

Score
96
β˜… 12.1k β‘‚ 2.0k +7/day
dstotijn
dstotijn
hetty

An HTTP toolkit for security research.

Score
97
β˜… 11.7k β‘‚ 746 +148/day
Go
edoardottt
edoardottt
awesome-hacker-search-engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Score
100
β˜… 10.9k β‘‚ 1.0k +16/day
Shell
projectdiscovery
projectdiscovery
httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Score
93
β˜… 10.1k β‘‚ 1.1k +8/day
Go
blacklanternsecurity
blacklanternsecurity
bbot

The recursive internet scanner for hackers. 🧑

Score
95
β˜… 10.1k β‘‚ 876 +17/day
Python
shmilylty
shmilylty
OneForAll

OneForAllζ˜―δΈ€ζ¬ΎεŠŸθƒ½εΌΊε€§ηš„ε­εŸŸζ”Άι›†ε·₯ε…·

Score
93
β˜… 9.9k β‘‚ 1.4k +23/day
Python
OWASP
OWASP
wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Score
100
β˜… 9.6k β‘‚ 1.6k +16/day
yogeshojha
yogeshojha
rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Score
99
β˜… 8.7k β‘‚ 1.3k +11/day
HTML
six2dez
six2dez
reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Score
99
β˜… 7.8k β‘‚ 1.2k +60/day
Shell
daffainfo
daffainfo
AllAboutBugBounty

All about bug bounty (bypasses, payloads, and etc)

Score
93
β˜… 6.8k β‘‚ 1.3k +14/day
ihebski
ihebski
DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password πŸ›‘οΈ

Score
90
β˜… 6.6k β‘‚ 780 +3/day
Python
EdOverflow
EdOverflow
bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

Score
94
β˜… 6.5k β‘‚ 1.6k +4/day
j3ssie
j3ssie
osmedeus

A Modern Orchestration Engine for Security

Score
90
β˜… 6.5k β‘‚ 1.0k +2/day
Go
reddelexc
reddelexc
hackerone-reports

Top disclosed reports from HackerOne

Score
88
β˜… 6.3k β‘‚ 1.1k +14/day
Python
dwisiswant0
dwisiswant0
apkleaks

Scanning APK file for URIs, endpoints & secrets.

Score
66
β˜… 6.1k β‘‚ 580 +21/day
Python
GhostTroops
GhostTroops
scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( Ν‘Β° ΝœΚ– Ν‘Β°)...

Score
57
β˜… 6.1k β‘‚ 716 β€”
Go
devanshbatham
devanshbatham
Awesome-Bugbounty-Writeups

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Score
63
β˜… 6.0k β‘‚ 1.2k +15/day
Python
commixproject
commixproject
commix

Automated All-in-One OS Command Injection Exploitation Tool

Score
85
β˜… 5.8k β‘‚ 934 +10/day
Python
EdOverflow
EdOverflow
can-i-take-over-xyz

"Can I take over XYZ?" β€” a list of services and how to claim (sub)domains with dangling DNS records.

Score
61
β˜… 5.7k β‘‚ 803 +1/day
Python
hahwul
hahwul
dalfox

πŸŒ™πŸ¦Š Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Score
100
β˜… 5.1k β‘‚ 542 +4/day
Rust
hakluke
hakluke
hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Score
50
β˜… 5.1k β‘‚ 537 +3/day
Go
hahwul
hahwul
WebHackersWeapons

βš”οΈ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Score
99
β˜… 4.9k β‘‚ 823 +10/day
Ruby
projectdiscovery
projectdiscovery
interactsh

An OOB interaction gathering server and client library

Score
87
β˜… 4.4k β‘‚ 467 +7/day
Go
guelfoweb
guelfoweb
knockpy

Knock Subdomain Scan

Score
99
β˜… 4.2k β‘‚ 882 +1/day
Python
jonaslejon
jonaslejon
malicious-pdf

πŸ’€ Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh

Score
83
β˜… 4.1k β‘‚ 542 β€”
Python
antonio-morales
antonio-morales
Fuzzing101

An step by step fuzzing tutorial. A GitHub Security Lab initiative

Score
99
β˜… 3.8k β‘‚ 422 +3/day
Findomain
Findomain
Findomain

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

Score
86
β˜… 3.8k β‘‚ 394 +4/day
Rust
Az0x7
Az0x7
vulnerability-Checklist

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Score
90
β˜… 3.6k β‘‚ 843 β€”
vaib25vicky
vaib25vicky
awesome-mobile-security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Score
71
β˜… 3.5k β‘‚ 376 β€”
edoardottt
edoardottt
cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Score
83
β˜… 3.4k β‘‚ 294 +1/day
Go
opsdisk
opsdisk
pagodo

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

Score
80
β˜… 3.4k β‘‚ 547 β€”
Python
codingo
codingo
NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

Score
98
β˜… 3.3k β‘‚ 625 β€”
Python
gwen001
gwen001
pentest-tools

A collection of custom security tools for quick needs.

Score
59
β˜… 3.3k β‘‚ 785 β€”
Python
six2dez
six2dez
OneListForAll

Rockyou for web fuzzing

Score
98
β˜… 3.2k β‘‚ 540 +7/day
Go
projectdiscovery
projectdiscovery
uncover

Quickly discover exposed hosts on the internet using multiple search engines.

Score
100
β˜… 3.0k β‘‚ 273 +1/day
Go
jaeles-project
jaeles-project
gospider

Gospider - Fast web spider written in Go

Score
43
β˜… 3.0k β‘‚ 335 β€”
Go
Voorivex
Voorivex
pentest-guide

Penetration tests guide based on OWASP including test cases, resources and examples.

Score
87
β˜… 2.8k β‘‚ 575 +2/day
gh0stkey
gh0stkey
Web-Fuzzing-Box

Web Fuzzing Box - Web ζ¨‘η³Šζ΅‹θ―•ε­—ε…ΈδΈŽδΈ€δΊ›Payloads

Score
97
β˜… 2.8k β‘‚ 442 β€”
HTML
caido
caido
caido

πŸš€ Caido releases, wiki and roadmap

Score
98
β˜… 2.5k β‘‚ 131 +3/day
Shell
terjanq
terjanq
Tiny-XSS-Payloads

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Score
84
β˜… 2.4k β‘‚ 219 +3/day
JavaScript
jaeles-project
jaeles-project
jaeles

The Swiss Army knife for automated Web Application Testing

Score
80
β˜… 2.4k β‘‚ 334 +1/day
Go
ssl
ssl
ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Score
98
β˜… 2.3k β‘‚ 386 +4/day
PHP
1N3
1N3
BruteX

Automatically brute force all services running on a target.

Score
86
β˜… 2.3k β‘‚ 642 +4/day
Shell
inonshk
inonshk
31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

Score
84
β˜… 2.2k β‘‚ 350 β€”
d3mondev
d3mondev
puredns

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Score
96
β˜… 2.2k β‘‚ 191 +4/day
Go
0xRadi
0xRadi
OWASP-Web-Checklist

OWASP Web Application Security Testing Checklist

Score
85
β˜… 2.2k β‘‚ 412 +3/day
haccer
haccer
subjack

DNS Takeover tool written in Go

Score
77
β˜… 2.1k β‘‚ 350 β€”
Go
Sh1Yo
Sh1Yo
x8

Hidden parameters discovery suite

Score
71
β˜… 2.1k β‘‚ 194 +1/day
Rust
HolyBugx
HolyBugx
HolyTips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Score
83
β˜… 2.0k β‘‚ 335 +1/day
nsonaniya2010
nsonaniya2010
SubDomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Score
56
β˜… 1.9k β‘‚ 236 β€”
Python
lutfumertceylan
lutfumertceylan
top25-parameter

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. πŸ›‘οΈβš”οΈπŸ§™

Score
82
β˜… 1.8k β‘‚ 280 β€”
xalgord
xalgord
Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

Score
88
β˜… 1.8k β‘‚ 297 β€”
devploit
devploit
nomore403

🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

Score
73
β˜… 1.8k β‘‚ 209 +1/day
Go
doyensec
doyensec
inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Score
97
β˜… 1.8k β‘‚ 188 +4/day
Kotlin
wallarm
wallarm
gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Score
82
β˜… 1.8k β‘‚ 257 β€”
Go
metlo-labs
metlo-labs
metlo

Metlo is an open-source API security platform.

Score
81
β˜… 1.8k β‘‚ 105 β€”
TypeScript
Related Topics
#security#hacking#pentesting#penetration-testing#security-tools#infosec#osint#recon#pentest#reconnaissance#bug-bounty

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly