Trending repositories for topic bugbounty

A recursive internet scanner for hackers.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

OneForAll是一款功能强大的子域收集工具

Fast passive subdomain enumeration tool.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

A curated list of various bug bounty tools

All-sources tool to search websites by favicons

Community curated list of templates for the nuclei engine to find security vulnerabilities.

🎯 SQL Injection Payload List

All about bug bounty (bypasses, payloads, and etc)

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

A list of resources for those interested in getting started in bug bounties

Collection of methodology and test case for various web vulnerabilities.

CLI tool for fetching URLs from Wayback Machine, Common Crawl, and VirusTotal.

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

All-sources tool to search websites by favicons

CLI tool for fetching URLs from Wayback Machine, Common Crawl, and VirusTotal.

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

A recursive internet scanner for hackers.

𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗥𝗼𝗮𝗱𝗺𝗮𝗽 🎯

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

ThreatTracer - A python Script to identify CVE by name & version by @FR13ND0x7F

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

Bug Bounty Vps Setup Tools

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.

Community curated list of search queries for various products across multiple search engines.

Official (pkgforge-edge) Repo 📦📀 & The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries (incl. Build Scripts) & Package Manager (rust) :: https://github.com/pkgforge/soar

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Complete Roadmap for Penetration Testing

A recursive internet scanner for hackers.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

Fast passive subdomain enumeration tool.

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

OneForAll是一款功能强大的子域收集工具

All-sources tool to search websites by favicons

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Web path scanner

CLI tool for fetching URLs from Wayback Machine, Common Crawl, and VirusTotal.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

🎯 SQL Injection Payload List

Top disclosed reports from HackerOne

All about bug bounty (bypasses, payloads, and etc)

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

All-sources tool to search websites by favicons

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗥𝗼𝗮𝗱𝗺𝗮𝗽 🎯

A recursive internet scanner for hackers.

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...

acunetix-13 install in kali linux

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

ThreatTracer - A python Script to identify CVE by name & version by @FR13ND0x7F

All cheetsheets with main information from HTB CBBH role path in one place.

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

Complete Roadmap for Penetration Testing

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Community curated list of search queries for various products across multiple search engines.

CloudSniffer is a powerful tool designed to aid in the discovery of the real IP address of a website protected by Cloudflare. It leverages brute force techniques by testing a list of IP addresses and ...

All-sources tool to search websites by favicons

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

CLI tool for fetching URLs from Wayback Machine, Common Crawl, and VirusTotal.

A recursive internet scanner for hackers.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Fast passive subdomain enumeration tool.

Web path scanner

Community curated list of templates for the nuclei engine to find security vulnerabilities.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

OneForAll是一款功能强大的子域收集工具

A curated list of various bug bounty tools

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A list of interesting payloads, tips and tricks for bug bounty hunters.

🎯 SQL Injection Payload List

A list of resources for those interested in getting started in bug bounties

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

All-sources tool to search websites by favicons

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in python, ruby, rust, c++, go and c.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗥𝗼𝗮𝗱𝗺𝗮𝗽 🎯

Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

A recursive internet scanner for hackers.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

All cheetsheets with main information from HTB CBBH role path in one place.

This script is used to search for cloud certificate entities such as Amazon, Azure, and others that have been extracted by the kaeferjaeger.gay provider.

Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #recon p...

The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

acunetix-13 install in kali linux

Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins

Custom wordlist, updated regularly

Official (pkgforge-edge) Repo 📦📀 & The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries (incl. Build Scripts) & Package Manager (rust) :: https://github.com/pkgforge/soar

A curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

An insane list of all dorks taken from everywhere from various different sources.

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

GitHub Attack Toolkit - Extreme Edition

Complete Roadmap for Penetration Testing

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.

HackerToolkit offers a curated selection of tools designed to enhance your hacking capabilities. This repository not only organizes these tools but provides information about them. Easily install all ...

SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.

Toxic MD is a powerful WhatsApp crash and bug bot developed by Joker, designed for managing and automating various bot-related functions. Whether you're testing crash bugs or exploring custom bot conf...

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts

A tool for extract Endpoints, URLs and Secrets from contents

Certina is an OSINT tool for red teamers and bug hunters to discover subdomains from web certificate data

All-sources tool to search websites by favicons

Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.

This is the open sourced code for the extension, EndPointer

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A recursive internet scanner for hackers.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Fast passive subdomain enumeration tool.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Web path scanner

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A list of resources for those interested in getting started in bug bounties

Top disclosed reports from HackerOne

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

OneForAll是一款功能强大的子域收集工具

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A curated list of various bug bounty tools

An step by step fuzzing tutorial. A GitHub Security Lab initiative

🎯 SQL Injection Payload List

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

All about bug bounty (bypasses, payloads, and etc)

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...

Official (pkgforge-edge) Repo 📦📀 & The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries (incl. Build Scripts) & Package Manager (rust) :: https://github.com/pkgforge/soar

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.

An insane list of all dorks taken from everywhere from various different sources.

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

A tool for extract Endpoints, URLs and Secrets from contents

Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties

All-sources tool to search websites by favicons

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skil...

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

SRC资产探测平台、整理收录国内外赏金厂商相关的互联网资产。

Hunt SSL Certificates for interesting keywords on major cloud service providers / internet

Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

Tool for automate bug hunting process 🔍 --> 🍭