#Bugbountytips
Showing 60 of 83 repositories tagged #bugbountytips, ranked by stars
All about bug bounty (bypasses, payloads, and etc)
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
βοΈ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
A collection of custom security tools for quick needs.
This challenge is Inon Shkedy's 31 days API Security Tips.
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. π‘οΈβοΈπ§
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
OSINT tools and more but without API key
Asset inventory of over 800 public bug bounty programs.
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
API Security Project aims to present unique attack & defense methods in API Security field
π± Powerfull XSS Scanning and Parameter analysis tool&gem
Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
"Can I take over DNS?" β a list of DNS providers and how to claim vulnerable domains.
These are my checklists which I use during my hunting.
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
π₯π Awesome MCP (Model Context Protocol) Security π₯οΈ
A fast tool to scan client-side prototype pollution vulnerability written in Rust. π¦
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
π© π€π» [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
Generate tens of thousands of subdomain combinations in a matter of seconds
GarudRecon automates domain recon with top open-source tools to discover assets, enumerate subdomains, and detect XSS, SQLi, LFI, RCE & more.
Cyber Security Notes, Methodology, Resources and Tips
Python library and CLI for the Bug Bounty Recon API
π±βπ» π Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
Make URL path combinations using a wordlist
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
Archive of Potential Insider Threats
Custom wordlist, updated regularly
CloudSniffer is a powerful tool designed to aid in the discovery of the real IP address of a website protected by Cloudflare. It leverages brute force techniques by testing a list of IP addresses and analyzing the status codes returned by the server to uncover the actual IP address of the target website.
PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.
This repo Gathers all available cve exploits from github.β οΈ Be careful Malware.
Chrome and Firefox extension that lists Amazon S3 Buckets while browsing
π° Managing command snippets for hackers/bug bounty hunters. with pet.
Dump all available paths and/or endpoints on WADL file.
An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)
All In One, Fast, Easy Recon Tool
acunetix-13 install in kali linux
Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.
Webapp to search tips on Twitter through #bugbountytips
Subdosec is a fast, accurate subdomain takeover scanner with no false positives. It also offers a database of sites vulnerable to subdomain takeover (public results), along with detailed metadata like IP, CNAME, TITLE, and STATUS CODE for reconnaissance to identify potential new vulnerabilities.
The OSINT Framework is a powerful collection of tools and methods designed for open-source intelligence gathering. This framework covers a wide range of categories to help security researchers, investigators, and analysts uncover crucial information effectively.
This repo contains different variants of Bug Bounty & Security & Pentest & Tech related Articles
XSS Finder Via SSTI
Juniper Firewalls CVE-2023-36845 - RCE
grapX will iterate through the URLs and grep the endpoints with all possible extensions.
XSSRecon automates the process of testing URL parameters for reflection of a test payload rix4uni and further checks how special characters are handled (allowed, blocked, or converted).
A powerful subdomain enumeration tool that aggregates data from multiple sources to create comprehensive lists of root subdomains.
A collaborative hub for Nuclei templates. Contribute, share, and explore powerful vulnerability detection tools!
A powerful Go tool for finding origin IPs of domains by querying multiple security APIs and validating results with built-in HTTP client.
Get 10k subdomains in securitytrails using cookie without apikey.
This repo collects nuclei template from 600+ github repos, updates every 6 hours.
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Online tips and explain the commands, for the better understanding of new hunters..
All the members of bugbounty and infosec. If you don't know who to follow, see!
My bug bounty notes
A high-performance domain scanner that discovers active domains by testing multiple Top-Level Domains (TLDs) for given domain names.
Barcha is your SwissβArmy knife for SQL Injection reconnaissance π. Written in Go, it automates: Shodan enumeration of SSL hosts π΅οΈββοΈ Liveness & redirect checks (ignores bad certs) π Automated Ghauri tests for each host π‘οΈ SQLite logging of every scan π
High-speed Go email scraper that crawls sites and internal links concurrently to collect email addresses for reconnaissance, research, or sales intelligence.