#Bugbounty-tools

Showing 15 of 15 repositories tagged #bugbounty-tools, ranked by stars

GhostTroops
GhostTroops
scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Score
0
★ 6.1k ⑂ 716
Go
metlo-labs
metlo-labs
metlo

Metlo is an open-source API security platform.

Score
85
★ 1.8k ⑂ 105
TypeScript
j3ssie
j3ssie
metabigor

OSINT tools and more but without API key

Score
100
★ 1.6k ⑂ 188 +30/day
Go
edoardottt
edoardottt
secfiles

My useful files for penetration tests, security assessments, bug bounty and other security related stuff

Score
92
★ 210 ⑂ 26
Shell
ShivamRai2003
ShivamRai2003
Reconky-Automated_Bash_Script

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Score
46
★ 204 ⑂ 42
Shell
AlecBlance
AlecBlance
S3BucketList

Chrome and Firefox extension that lists Amazon S3 Buckets while browsing

Score
69
★ 133 ⑂ 13
TypeScript
Talyx66
Talyx66
WEBFANG

WEBFANG, is my first CLI, a modular OSINT & Reconnaissance toolkit curated for Ethical Hackers and Red-Teamers. Sink fangs into web targets using a passive intel gathering approach, active Spidering, DNS/WHOIS lookups & Shodan, All in a lightweight package. Choose your weapon & happy hunting.

Score
77
★ 114 ⑂ 25
Python
Alikhalkhali
Alikhalkhali
active-ip

🕵️‍♂️🔍 A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.

Score
31
★ 52 ⑂ 11
Go
DotNetRussell
DotNetRussell
CyberDeck

Hackers Cookbook - Tons of hacker cli recipes ready to search and use when you need them

Score
62
★ 52 ⑂ 7 +1/day
Python
securi3ytalent
securi3ytalent
bug-bounty-tips

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Online tips and explain the commands, for the better understanding of new hunters..

Score
23
★ 36 ⑂ 11
Python
S1N6H
S1N6H
Barcha

Barcha is your Swiss‑Army knife for SQL Injection reconnaissance 🔍. Written in Go, it automates: Shodan enumeration of SSL hosts 🕵️‍♂️ Liveness & redirect checks (ignores bad certs) 🔄 Automated Ghauri tests for each host 🛡️ SQLite logging of every scan 🔖

Score
15
★ 33 ⑂ 5 +1/day
Go
jsmonhq
jsmonhq
apiffuf

API URL fuzzer that cross-joins hosts and paths into normalized URLs, probes them over HTTP, and reports responding endpoints.

Score
54
★ 27 ⑂ 5
Go
d3mondev
d3mondev
crossjoin

Generate a cross join, also known as a Cartesian product, from the lines of the specified files. This process is useful for creating fuzzing payloads.

Score
8
★ 21 ⑂ 2
Go
imhego
imhego
pointer

Pointer is a Fast Simple Lightweight Tool for Endpoint Discovery.

Score
0
★ 14 ⑂ 1
Shell
expl0itlab
expl0itlab
ReconOPS

A structured recon-only framework for bug bounty hunters, from DNS basics to JS mining, API discovery, and automation pipelines.

Score
38
★ 11 ⑂ 0
Shell
Related Topics
#bugbounty#bugbounty-tool#recon#bug-bounty#hacking#penetration-testing#security-tools#cybersecurity#security#bugbountytips#infosec#pentesting

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly