#Bugbounty-tool

Showing 60 of 76 repositories tagged #bugbounty-tool, ranked by stars

six2dez
six2dez
reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Score
100
β˜… 7.8k β‘‚ 1.2k +60/day
Shell
hahwul
hahwul
dalfox

πŸŒ™πŸ¦Š Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Score
100
β˜… 5.1k β‘‚ 542 +4/day
Rust
jonaslejon
jonaslejon
malicious-pdf

πŸ’€ Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh

Score
100
β˜… 4.1k β‘‚ 542 β€”
Python
doyensec
doyensec
inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Score
98
β˜… 1.8k β‘‚ 188 +4/day
Kotlin
Viralmaniar
Viralmaniar
BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Score
84
β˜… 1.6k β‘‚ 290 +4/day
C#
Autumn-27
Autumn-27
ScopeSentry

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

Score
97
β˜… 1.5k β‘‚ 214 +5/day
Go
taielab
taielab
awesome-hacking-lists

A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!

Score
93
β˜… 1.4k β‘‚ 264 +5/day
dwisiswant0
dwisiswant0
go-dork

The fastest dork scanner written in Go.

Score
82
β˜… 1.3k β‘‚ 140 +1/day
Go
bitquark
bitquark
shortscan

An IIS short filename enumeration tool

Score
80
β˜… 1.2k β‘‚ 115 +2/day
Go
sh377c0d3
sh377c0d3
AppSec-Payloads

AppSec Payloads Arsenal for Pentration Tester and Bug Bounty Hunters

Score
95
β˜… 938 β‘‚ 194 β€”
PHP
R0X4R
R0X4R
Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Score
100
β˜… 810 β‘‚ 181 β€”
Shell
dwisiswant0
dwisiswant0
ppfuzz

A fast tool to scan client-side prototype pollution vulnerability written in Rust. πŸ¦€

Score
0
β˜… 667 β‘‚ 72 β€”
Rust
KathanP19
KathanP19
Gxss

A tool to check a bunch of URLs that contain reflecting params.

Score
60
β˜… 601 β‘‚ 86 +1/day
Go
kleiton0x00
kleiton0x00
ppmap

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

Score
72
β˜… 520 β‘‚ 72 β€”
Go
edoardottt
edoardottt
csprecon

Discover new target domains using Content Security Policy

Score
80
β˜… 515 β‘‚ 52 β€”
Go
edoardottt
edoardottt
missing-cve-nuclei-templates

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

Score
92
β˜… 439 β‘‚ 50 β€”
Shell
ghostvectoracademy
ghostvectoracademy
DLLHijackHunter

Automated DLL Hijacking Discovery, Validation, and Confirmation. Turning local misconfigurations into weaponized, confirmed attack paths.

Score
90
β˜… 393 β‘‚ 45 +1/day
C#
ImAyrix
ImAyrix
cut-cdn

βœ‚οΈ Removing CDN IPs from the list of IP addresses

Score
69
β˜… 348 β‘‚ 53 β€”
Go
blackhatethicalhacking
blackhatethicalhacking
TerminatorZ

TerminatorZ is a highly sophisticated and efficient Offensive CVE Exploitation Framework that scans for top potential vulnerabilities with known CVEs in your web applications.

Score
87
β˜… 329 β‘‚ 47 β€”
Shell
InfosecHouse
InfosecHouse
InfosecHouse

Tools & Resources for Cyber Security Operations

Score
85
β˜… 297 β‘‚ 61 β€”
Maniesh-Neupane
Maniesh-Neupane
BugBounty-Recon-Methodology

BugBounty-Recon-Methodology

Score
89
β˜… 294 β‘‚ 74 +2/day
blackhatethicalhacking
blackhatethicalhacking
Nucleimonst3r

Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.

Score
62
β˜… 259 β‘‚ 43 β€”
Shell
drak3hft7
drak3hft7
VPS-Bug-Bounty-Tools

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

Score
66
β˜… 231 β‘‚ 60 +2/day
Shell
Static-Flow
Static-Flow
gofingerprint

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

Score
57
β˜… 209 β‘‚ 36 β€”
Go
ShivamRai2003
ShivamRai2003
Reconky-Automated_Bash_Script

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Score
59
β˜… 204 β‘‚ 42 β€”
Shell
RossGeerlings
RossGeerlings
webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

Score
48
β˜… 157 β‘‚ 19 β€”
Python
trickest
trickest
insiders

Archive of Potential Insider Threats

Score
49
β˜… 154 β‘‚ 24 β€”
RikunjSindhwad
RikunjSindhwad
Task-Ninja

Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!

Score
67
β˜… 154 β‘‚ 25 β€”
Go
Alaa-abdulridha
Alaa-abdulridha
CloudSniffer

CloudSniffer is a powerful tool designed to aid in the discovery of the real IP address of a website protected by Cloudflare. It leverages brute force techniques by testing a list of IP addresses and analyzing the status codes returned by the server to uncover the actual IP address of the target website.

Score
56
β˜… 148 β‘‚ 61 β€”
Python
aydinnyunus
aydinnyunus
PassDetective

PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

Score
74
β˜… 147 β‘‚ 9 β€”
Go
Spix0r
Spix0r
writeup-miner

This is a useful Python script for extracting bug bounty or any other write-ups from every RSS.

Score
70
β˜… 145 β‘‚ 16 β€”
Python
AlecBlance
AlecBlance
S3BucketList

Chrome and Firefox extension that lists Amazon S3 Buckets while browsing

Score
77
β˜… 133 β‘‚ 13 β€”
TypeScript
t0thkr1s
t0thkr1s
frida

Frida scripts for mobile application dynamic-analysis.

Score
46
β˜… 124 β‘‚ 35 β€”
Python
1N3
1N3
AttackSurfaceManagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Score
39
β˜… 105 β‘‚ 21 β€”
Shell
gerosecurity
gerosecurity
gerobug

The First Open Source Bug Bounty Platform

Score
79
β˜… 101 β‘‚ 23 β€”
HTML
dwisiswant0
dwisiswant0
wadl-dumper

Dump all available paths and/or endpoints on WADL file.

Score
40
β˜… 98 β‘‚ 19 β€”
Go
BLACK-SCORP10
BLACK-SCORP10
Email-Vulnerability-Checker

Find Email Spoofing Vulnerablity of domains

Score
100
β˜… 97 β‘‚ 13 β€”
Shell
i5nipe
i5nipe
nipejs

Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

Score
0
β˜… 95 β‘‚ 20 β€”
Go
aufzayed
aufzayed
HydraRecon

All In One, Fast, Easy Recon Tool

Score
36
β˜… 90 β‘‚ 16 β€”
Python
hahwul
hahwul
gee

🏡 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go

Score
20
β˜… 87 β‘‚ 14 β€”
Go
securi3ytalent
securi3ytalent
acunetix-13-kali-linux

acunetix-13 install in kali linux

Score
41
β˜… 82 β‘‚ 38 +1/day
DEMON1A
DEMON1A
Discord-Recon

Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server

Score
0
β˜… 82 β‘‚ 19 β€”
Python
alpernae
alpernae
AIHTTPAnalyzer

AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues.

Score
0
β˜… 77 β‘‚ 20 +1/day
Java
x0rr-dan
x0rr-dan
s1c0n

simple recon tool to help you for searching vulnerability on web server

Score
50
β˜… 75 β‘‚ 12 β€”
Python
xcapri
xcapri
subdosec

Subdosec is a fast, accurate subdomain takeover scanner with no false positives. It also offers a database of sites vulnerable to subdomain takeover (public results), along with detailed metadata like IP, CNAME, TITLE, and STATUS CODE for reconnaissance to identify potential new vulnerabilities.

Score
75
β˜… 64 β‘‚ 21 +1/day
Python
codingo
codingo
dooked

DNS and Target HTTP History Local Storage and Search

Score
34
β˜… 62 β‘‚ 28 β€”
C++
th3cyb3rhub
th3cyb3rhub
hackliner

HackLiners: CyberSec/BugHunting OneLiners

Score
31
β˜… 62 β‘‚ 14 β€”
who0xac
who0xac
Pinakastra

AI-powered pentesting framework with automated recon and exploitation. Multi-source subdomain discovery, active vuln testing (XSS/SQLi/SSRF/IDOR), AI-driven payload generation, local inference, structured reporting. For pentesters and bug bounty hunters.

Score
64
β˜… 60 β‘‚ 7 β€”
Go
darklotuskdb
darklotuskdb
SSTI-XSS-Finder

XSS Finder Via SSTI

Score
30
β˜… 59 β‘‚ 12 β€”
Shell
dwisiswant0
dwisiswant0
continuous-nuclei

Running nuclei Continuously

Score
0
β˜… 57 β‘‚ 16 β€”
Shell
kabilan1290
kabilan1290
grapX

grapX will iterate through the URLs and grep the endpoints with all possible extensions.

Score
33
β˜… 55 β‘‚ 22 β€”
Python
MataKucing-OFC
MataKucing-OFC
NemesisTools

NemesisTools PowerFull Hacking Tools

Score
28
β˜… 52 β‘‚ 13 β€”
Python
Alikhalkhali
Alikhalkhali
active-ip

πŸ•΅οΈβ€β™‚οΈπŸ” A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.

Score
25
β˜… 52 β‘‚ 11 β€”
Go
eslam3kl
eslam3kl
3klector

3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company

Score
26
β˜… 47 β‘‚ 14 β€”
Python
securi3ytalent
securi3ytalent
bug-bounty-tips

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Online tips and explain the commands, for the better understanding of new hunters..

Score
23
β˜… 36 β‘‚ 11 β€”
Python
ZishanAdThandar
ZishanAdThandar
HackerProxyPro

Burp Suite Proxy Toggler Lite Add-on for Mozilla Firefox.

Score
51
β˜… 36 β‘‚ 7 β€”
JavaScript
cyinnove
cyinnove
paramx

ParamX is a tool designed to extract and categorize interesting subdomains and parameters from URLs.

Score
38
β˜… 33 β‘‚ 9 β€”
Go
S1N6H
S1N6H
Barcha

Barcha is your Swiss‑Army knife for SQL Injection reconnaissance πŸ”. Written in Go, it automates: Shodan enumeration of SSL hosts πŸ•΅οΈβ€β™‚οΈ Liveness & redirect checks (ignores bad certs) πŸ”„ Automated Ghauri tests for each host πŸ›‘οΈ SQLite logging of every scan πŸ”–

Score
18
β˜… 33 β‘‚ 5 +1/day
Go
mikaww1
mikaww1
Subdomain-Takeover-Checker

A tool for detecting subdomain takeover vulnerabilities by checking DNS records

Score
61
β˜… 32 β‘‚ 1 β€”
HTML
thecyberneh
thecyberneh
inside403

Inside403 is a powerful and versatile web security testing tool designed to assess the robustness of web pages and directories against 403 Forbidden errors. This tool is specifically crafted for security professionals, penetration testers, and ethical hackers who seek to identify potential vulnerabilities in web applications.

Score
21
β˜… 31 β‘‚ 10 β€”
Shell
Related Topics
#bugbounty#hacking#penetration-testing#security-tools#security#bugbountytips#cybersecurity#bug-bounty#pentesting#infosec#recon#reconnaissance

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly