richeeta's Stars
xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
trickest/inventory
Asset inventory of over 800 public bug bounty programs.
j3ssie/metabigor
OSINT tools and more but without API key
Viralmaniar/BigBountyRecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Karanxa/Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
roottusk/vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
caido/caido
🚀 Caido releases, wiki and roadmap
devploit/nomore403
Tool to bypass 403/40X response codes.
payloadbox/xxe-injection-payload-list
🎯 XML External Entity (XXE) Injection Payload List
SpiderLabs/HostHunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
akr3ch/BugBountyBooks
A collection of PDF/books about the modern web application security and bug bounty.
yeswehack/PwnFox
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
h4r5h1t/webcopilot
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
projectdiscovery/public-bugbounty-programs
Community curated list of public bug bounty and responsible disclosure programs.
vavkamil/awesome-vulnerable-apps
Awesome Vulnerable Applications
taielab/awesome-hacking-lists
平常看到好的渗透hacking工具和多领域效率工具的集合
Proviesec/google-dorks
Useful Google Dorks for WebSecurity and Bug Bounty
yeswehack/vulnerable-code-snippets
Twitter vulnerable snippets
ayoubfathi/leaky-paths
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
topscoder/nuclei-wordfence-cve
The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.
KathanP19/JSFScan.sh
Automation for javascript recon in bug bounty.
sh377c0d3/Payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
chvancooten/BugBountyScanner
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Hackmanit/Web-Cache-Vulnerability-Scanner
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
0xsha/CloudBrute
Awesome cloud enumerator
Puliczek/awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
bl4de/security-tools
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
vincentcox/StaCoAn
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
hahwul/jwt-hack
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
richeeta/r3c0nkthx
A Recon Tool for Bug Bounty Hunters and Security Researchers