Trending repositories for topic bugbounty

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

The recursive internet scanner for hackers. 🧡

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Fast passive subdomain enumeration tool.

Web path scanner

OneForAll是一款功能强大的子域收集工具

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...

A curated list of various bug bounty tools

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A list of resources for those interested in getting started in bug bounties

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

🎯 SQL Injection Payload List

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

Scanning APK file for URIs, endpoints & secrets.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Get related domains / subdomains by looking at Google Analytics IDs

This is a useful Python script for extracting bug bounty or any other write-ups from Medium.com and other websites (soon).

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点

Command line tool for testing CRLF injection on a list of domains.

The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries 📦📀 for Soar: The true, simple & suckless Linux User Repository/Package Manager:: https://github.com/pkgforge/soar [repo=pkgforg...

🚀 Caido releases, wiki and roadmap

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

A heavily armed customizable phishing tool for educational purpose only

PwnMachine is a self hosting solution based on docker aiming to provide an easy to use pwning station for bug hunters.

The recursive internet scanner for hackers. 🧡

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The recursive internet scanner for hackers. 🧡

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Web path scanner

Fast passive subdomain enumeration tool.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

OneForAll是一款功能强大的子域收集工具

A curated list of various bug bounty tools

A list of resources for those interested in getting started in bug bounties

🚀 Caido releases, wiki and roadmap

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Scanning APK file for URIs, endpoints & secrets.

Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...

Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

All-sources tool to search websites by favicons

𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗥𝗼𝗮𝗱𝗺𝗮𝗽 🎯

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.

Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...

This is a useful Python script for extracting bug bounty or any other write-ups from Medium.com and other websites (soon).

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

[Custom || Automated] Curation & Collection of BugBounty Wordlists

YesWeHack Api Extension for Burp

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点

All cheetsheets with main information from HTB CBBH role path in one place.

[Automated | UpToDate] Daily Dumps of CertStream Certificate Logs Subdomains Data (SAN || CN)

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

Basic Recon For Bug Bounty Hunter - "HuntTheBug" is Basic Scripts For Sub Domain Enumeration> Live Domain Enumeration > Sub Domain Hijack > URL + JavaScript Scan > Dir Brute Forcing > Open Port Check ...

The recursive internet scanner for hackers. 🧡

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Fast passive subdomain enumeration tool.

Web path scanner

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

A curated list of various bug bounty tools

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.

OneForAll是一款功能强大的子域收集工具

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.

A fast subdomain takeover tool

All-sources tool to search websites by favicons

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗥𝗼𝗮𝗱𝗺𝗮𝗽 🎯

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges

Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...

Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities

The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.

Find subdomains on GitLab.

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

The recursive internet scanner for hackers. 🧡

Custom wordlist, updated regularly

All cheetsheets with main information from HTB CBBH role path in one place.

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

An insane list of all dorks taken from everywhere from various different sources.

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

Complete Roadmap for Penetration Testing

The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.

HackerToolkit offers a curated selection of tools designed to enhance your hacking capabilities. This repository not only organizes these tools but provides information about them. Easily install all ...

All-sources tool to search websites by favicons

Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...

SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.

𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗥𝗼𝗮𝗱𝗺𝗮𝗽 🎯

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts

A tool for extract Endpoints, URLs and Secrets from contents

This is the open sourced code for the extension, EndPointer

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The recursive internet scanner for hackers. 🧡

Community curated list of templates for the nuclei engine to find security vulnerabilities.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Fast passive subdomain enumeration tool.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Web path scanner

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...

Top disclosed reports from HackerOne

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A list of resources for those interested in getting started in bug bounties

OneForAll是一款功能强大的子域收集工具

A curated list of various bug bounty tools

An step by step fuzzing tutorial. A GitHub Security Lab initiative

🎯 SQL Injection Payload List

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

All about bug bounty (bypasses, payloads, and etc)

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

All-sources tool to search websites by favicons

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.

An insane list of all dorks taken from everywhere from various different sources.

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

A tool for extract Endpoints, URLs and Secrets from contents

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries 📦📀 for Soar: The true, simple & suckless Linux User Repository/Package Manager:: https://github.com/pkgforge/soar [repo=pkgforg...

Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

SRC资产探测平台、整理收录国内外赏金厂商相关的互联网资产。

Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skil...

Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties

Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!

Community curated list of templates for the nuclei engine to find security vulnerabilities.