Trending repositories for topic bugbounty
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Community curated list of templates for the nuclei engine to find security vulnerabilities.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A collection of awesome one-liner scripts especially for bug bounty tips.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
The OSINT Framework is a powerful collection of tools and methods designed for open-source intelligence gathering. This framework covers a wide range of categories to help security researchers, invest...
A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analy...
Social Engineering Tactics contains real-world social engineering tactics used for manipulation, persuasion, and deception. Stay aware and stay secure!
All cheetsheets with main information from HTB CBBH role path in one place.
OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to ...
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of ...
GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analy...
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
The OSINT Framework is a powerful collection of tools and methods designed for open-source intelligence gathering. This framework covers a wide range of categories to help security researchers, invest...
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
Social Engineering Tactics contains real-world social engineering tactics used for manipulation, persuasion, and deception. Stay aware and stay secure!
OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to ...
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
Automated way to extract juicy info with subfinder and waybackurls
All cheetsheets with main information from HTB CBBH role path in one place.
Collection of Combination of 👨🏻💻Ethical Hacking, 🐧Linux, Cyber security, 💰Bug Bounty, Penetration testing, Networking and more IT Related Books
Tools and methods that I personally use for Recon and Exploitations
ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes
Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skil...
DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.
OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to ...
The OSINT Framework is a powerful collection of tools and methods designed for open-source intelligence gathering. This framework covers a wide range of categories to help security researchers, invest...
A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analy...
Social Engineering Tactics contains real-world social engineering tactics used for manipulation, persuasion, and deception. Stay aware and stay secure!
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Community curated list of templates for the nuclei engine to find security vulnerabilities.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
This is my personal repo, which includes bug bounty tips, a collection of tools, one-liners, and other resources I personally prefer while hunting. It is still under development, so feel free to contr...
AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerabi...
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
Collection of Combination of 👨🏻💻Ethical Hacking, 🐧Linux, Cyber security, 💰Bug Bounty, Penetration testing, Networking and more IT Related Books
A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc
An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)
The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket
Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities
All cheetsheets with main information from HTB CBBH role path in one place.
Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
Automated way to extract juicy info with subfinder and waybackurls
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
An insane list of all dorks taken from everywhere from various different sources.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
HackerToolkit offers a curated selection of tools designed to enhance your hacking capabilities. This repository not only organizes these tools but provides information about them. Easily install all ...
Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket
A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
A powerful JavaScript monitoring tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfaces, and stay ahead of security vulnerabilities.
Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to ...
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Community curated list of templates for the nuclei engine to find security vulnerabilities.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
An step by step fuzzing tutorial. A GitHub Security Lab initiative
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
A list of resources for those interested in getting started in bug bounties
ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.
An insane list of all dorks taken from everywhere from various different sources.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
All cheetsheets with main information from HTB CBBH role path in one place.
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...
A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...
This is my personal repo, which includes bug bounty tips, a collection of tools, one-liners, and other resources I personally prefer while hunting. It is still under development, so feel free to contr...
collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.
A powerful JavaScript monitoring tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfaces, and stay ahead of security vulnerabilities.
Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges
Community curated list of templates for the nuclei engine to find security vulnerabilities.