Pinned Repositories
awesome-bugbounty-tools
A curated list of various bug bounty tools
BigBountyRecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
BlackDragon
An Adavnced Automation Tool For Web-Recon Developed For Linux Systems
cf-bypass
dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
getJS
A tool to fastly get all javascript sources/files
HowToHunt
Tutorials and Things to Do while Hunting Vulnerability.
jaeles
The Swiss Army knife for automated Web Application Testing
katana
A next-generation crawling and spidering framework.
LogMePwn
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
spongyB's Repositories
spongyB/BlackDragon
An Adavnced Automation Tool For Web-Recon Developed For Linux Systems
spongyB/dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
spongyB/jaeles
The Swiss Army knife for automated Web Application Testing
spongyB/katana
A next-generation crawling and spidering framework.
spongyB/mantra
「🔑」A tool used to hunt down API key leaks in JS files and pages
spongyB/ParamSpider
Mining parameters from dark corners of Web Archives
spongyB/reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
spongyB/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
spongyB/ars0n-framework
A Modern Framework for Bug Bounty Hunting
spongyB/bugbountytools-methodology
Bug Bounty Tools used on Twitch - Recon
spongyB/Burp-Suite
|| Activate Burp Suite Pro with Key-Generator and Key-Loader ||
spongyB/CoffinCNt
spongyB/DDoS-Layer7-bheh
An Advanced Layer 7 DDoS tool written by Black Hat Ethical Hacking
spongyB/feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
spongyB/frogy
My subdomain enumeration script. It's unique in the way it is built upon.
spongyB/Gh0stR3c0n
All in one web Recon app
spongyB/Jeeves
Jeeves SQLI Finder
spongyB/KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
spongyB/naabu
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
spongyB/NucleiMonst3r
Nucleimonst3r is a powerful vulnerability scanner that provides red-teamers with quick and accurate results.
spongyB/OneListForAll
Rockyou for web fuzzing
spongyB/OpenRediWrecked
A powerful and sophisticated tool for detecting and exploiting open redirect vulnerabilities using the sed utility and a selected list of carefully crafted payloads with encoding techniques.
spongyB/pimpmykali
Kali Linux Fixes for Newly Imported VM's
spongyB/ReconAIzer
A Burp Suite extension to add OpenAI to Burp to help you with your Bug Bounty recon!
spongyB/sns
IIS shortname scanner written in Go
spongyB/SQLMutant
SQLMutant is a comprehensive SQL injection testing tool that provides several features to test for SQL injection vulnerabilities in web applications, uses various techniques to detect vulnerabilities, including pattern matching, error analysis, and timing attacks. The integration of Waybackurls and Arjun allows the tool to find additional
spongyB/Subenum_deep_subdomain_enumeration
In this repo, I have created a subdomain enumeration function that grab subdomains in deep.
spongyB/truffleHog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
spongyB/xnLinkFinder
A python tool used to discover endpoints (and potential parameters) for a given target
spongyB/XSSRocket
XSS Rocket is written by Black Hat Ethical Hacking with the help of #ChatGPT as experimentation, with a lot of hours spent modifying the code generated by ChatGPT, and is designed for Offensive Security and XSS (Cross-Site Scripting) attacks.