Pinned Repositories
bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
cook
An overpower wordlist generator, splitter, merger, finder & create words permutation and combinations. Also frustration and crunch killer. Customizable!
crawler
Crawl website extract links
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Mind-Maps
Mind-Maps of Several Things
pmg
Extract parameters/paths from urls
truffleHog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
vulnerability-Checklist
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
WordList
mominul0x01's Repositories
mominul0x01/truffleHog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
mominul0x01/31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
mominul0x01/3klector
3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company
mominul0x01/Acomplete-guide-to-dir-brute-force-admin-panel-and-API-endpoints
mominul0x01/altdns
Generates permutations, alterations and mutations of subdomains and then resolves them
mominul0x01/API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
mominul0x01/awesome-bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
mominul0x01/bashbounty
Bash bounty is a tool to automation the process of advance recon in bug bounty
mominul0x01/BBTz
BBT - Bug Bounty Tools
mominul0x01/be-a-hacker
mominul0x01/BountyTricks
mominul0x01/Bug-bounty
Ressources for bug bounty hunting
mominul0x01/bug-bounty-noob
mominul0x01/Burp-Wordlist-Generator
This Burp extension extracts various data (path, parameter keys, parameter values, subdomains, etc.) from the sitemap. This data is used to create custom wordlists for directory/dns/parameter brute-forcing.
mominul0x01/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
mominul0x01/CertificateTransparencyLogs
mominul0x01/Demystifying-Cookies-and-Tokens-Security
Learn Cookies and Tokens Security in Practice.
mominul0x01/fuzz.txt
Potentially dangerous files
mominul0x01/github-search
Tools to perform basic search on GitHub.
mominul0x01/Github_Dorks_Tips
This is GitHub_Dorks and some tips i collect from different resources.Recon_Api is tip when you find token or api without knowing what to do
mominul0x01/HolyTips
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
mominul0x01/Microsoft365_devicePhish
Phishing Abusing Microsoft 365 OAuth Authorization Flow
mominul0x01/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
mominul0x01/pentest-book
mominul0x01/R3CON
Just some bash scripting to help your recon.
mominul0x01/SecurityTesting
mominul0x01/unew
A tool for append URLs, skipping duplicates/paths & combine parameters.
mominul0x01/waybackMachine
mominul0x01/Web-Application-Pentest-Checklist
mominul0x01/Wordlist404
Wordlist for brute-forcing and discover hidden things