Trending repositories for topic bugbounty
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Community curated list of templates for the nuclei engine to find security vulnerabilities.
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment. It comes preconfigured with all essential tools and utilities...
A curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skil...
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.
Community curated list of search queries for various products across multiple search engines.
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
The EXCLUSIVE Collection of 50,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.
Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Community curated list of templates for the nuclei engine to find security vulnerabilities.
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment. It comes preconfigured with all essential tools and utilities...
A list of resources for those interested in getting started in bug bounties
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
A collection of PDF/books about the modern web application security and bug bounty.
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment. It comes preconfigured with all essential tools and utilities...
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
Dive into a handpicked selection of tools, guides, and tips tailored for beginners in Bug Bounty and Penetration Testing. 🐛🛡️
[Custom || Automated] Curation & Collection of BugBounty Wordlists
Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skil...
The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.
A curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A list of resources for those interested in getting started in bug bounties
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...
Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges
This is a resource for anyone looking to learn bug hunting and provides guidance during the study and learning phase.
This repo contains different variants of Bug Bounty & Security & Pentest & Tech related Articles
All cheetsheets with main information from HTB CBBH role path in one place.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Tool to download IPv4 and IPv6 ranges of CDN providers for bug bounties
Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment. It comes preconfigured with all essential tools and utilities...
jailbreakme.xyz is an open-source decentralized app (dApp) where users are challenged to try and jailbreak pre-existing LLMs in order to find weaknesses and be rewarded. 🏆
Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
An insane list of all dorks taken from everywhere from various different sources.
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vuln...
The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.
HackerToolkit offers a curated selection of tools designed to enhance your hacking capabilities. This repository not only organizes these tools but provides information about them. Easily install all ...
Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...
SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.
A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.
Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded ou...
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Community curated list of templates for the nuclei engine to find security vulnerabilities.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
An step by step fuzzing tutorial. A GitHub Security Lab initiative
A list of resources for those interested in getting started in bug bounties
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
An insane list of all dorks taken from everywhere from various different sources.
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabilities, and potential risks within JavaScript files on websi...
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...
Dive into a handpicked selection of tools, guides, and tips tailored for beginners in Bug Bounty and Penetration Testing. 🐛🛡️
Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...
A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges
OSINT tools for Information gathering, Cybersecurity, Reverse searching, bugbounty, trust and safety, red team oprations and more.