Trending repositories for topic bugbounty
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Practical resources for offensive CI/CD security research.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
A list of resources for those interested in getting started in bug bounties
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Practical resources for offensive CI/CD security research.
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Practical resources for offensive CI/CD security research.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Practical resources for offensive CI/CD security research.
A list of resources for those interested in getting started in bug bounties
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
Practical resources for offensive CI/CD security research.
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
📦 1000+ Statically Linked Binaries & Build Scripts for Android (arm64-v8a), Linux (aarch64 | x86-64), Windows (AMD64) :: https://bin.ajam.dev
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skil...
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
Community curated list of search queries for various products across multiple search engines.
Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
Practical resources for offensive CI/CD security research.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Community curated list of templates for the nuclei engine to find security vulnerabilities.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A list of resources for those interested in getting started in bug bounties
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
Practical resources for offensive CI/CD security research.
Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded ou...
An powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
📦 1000+ Statically Linked Binaries & Build Scripts for Android (arm64-v8a), Linux (aarch64 | x86-64), Windows (AMD64) :: https://bin.ajam.dev
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
⚔️ A compiled list of companies who have active programs for responsible disclosure
A powerful and sophisticated tool for detecting and exploiting open redirect vulnerabilities using the sed utility and a selected list of carefully crafted payloads with encoding techniques.
This repository stores various roadmap(Mindmaps) for bug bounty Hunter, pentester, offensive(red team), defensive(blue team) and security Professional people
Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skil...
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Fast and customizable vulnerability scanner For JIRA written in Python
An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities
Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.
Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
The goal of this guide is very simple - to teach anyone interested in cyber security, regardless of their knowledge level, how to make the most of Netlas.io.
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp...
Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
Gaining the most elusive of tips. Add your input and let's collect them all!
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
Nodesub is a command-line tool for finding subdomains in bug bounty programs
A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Community curated list of templates for the nuclei engine to find security vulnerabilities.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A list of resources for those interested in getting started in bug bounties
The goal of this guide is very simple - to teach anyone interested in cyber security, regardless of their knowledge level, how to make the most of Netlas.io.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do...
A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skil...
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp...
Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind ...
This is a useful Python script for extracting bug bounty or any other write-ups from Medium.com and other websites (soon).
PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of ...
Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF
Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
GoogleDorker an advance level of cli based Google Dorking Tool