bug-bounty-tools

There are 33 repositories under bug-bounty-tools topic.

  • hueristiq/xurlfind3r

    A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

    Language:Go57482166
  • AnLoMinus/Bug-Bounty

    Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More

    Language:Shell39210184
  • hueristiq/xsubfind3r

    A command-line utility designed to discover subdomains for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

    Language:Go107419
  • pr0xh4ck/web-recon

    All About Web Recon & OSINT

  • hueristiq/xcrawl3r

    A command-line interface (CLI) based utility to recursively crawl webpages. It is designed to systematically browse webpages' URLs and follow links to discover linked webpages' URLs.

    Language:Go96157
  • kljunowsky/XXElixir

    This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

    Language:Python72106
  • Subhunter

    umutcamliyurt/Subhunter

    A fast subdomain takeover tool

    Language:Go703022
  • DotNetRussell/Ensemble

    A Bug Bounty Platform that allows hunters to issue commands over a geo-distributed cluster. The ideal user is someone who is attempting to scan multiple bug bounty programs simultaneously, on a recurring basis.

    Language:Python473118
  • paulveillard/cybersecurity-bug-bounty

    An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Bug Bounty in Cybersecurity.

    Language:Shell382010
  • karrni/sparrot

    Discover related domains using Whois data from whoxy.com

    Language:Python14100
  • r3conwhal3

    LiterallyEthical/r3conwhal3

    r3conwhale aims to develop a multifunctional recon chain for web applications, intelligently interpreting collected data, and optimizing performance and resource consumption through a concurrency-based approach.

    Language:Go12102
  • Hashtag-AMIN/hashtag-fuzz

    The nightmare of WAFs & CDNs, Use multi tricks for bypass ratelimit of WAFs & CDNs & Webservers.

    Language:Python6200
  • fooster1337/google-dorking

    Automatic Google Dorker And Support Proxy

    Language:Python5101
  • topscoder/oldhost

    oldhost is a tool for bug bounty hunters to discover old hosts that are no longer available, but might still be present on different known and related servers.

    Language:Go5102
  • c0brabaghdad1/cve_Directory

    This script take a URL or list of subdomain and the required DIR for specific CVE and give the response code for each url

    Language:Perl4102
  • gkcodez/bug-bounty-reports-hackerone

    Complete collection of bug bounty reports from Hackerone.

    Language:Python410
  • ReymoRed/platforms-scopes

    platforms-scopes

    Language:Python4203
  • richardschwabe/JSFinder2

    Find subdomains and urls in Javascript files

    Language:Python4100
  • ropwareJB/jwtfuzz

    Library for fuzzing & attacking JSON Web Tokens (JWTs). Bindings for other languages included.

    Language:Haskell41140
  • BLACK-BUG-HKRS/XAT

    XXE Attack Tool

    Language:Go3001
  • n0kovo/random-agent

    Simply output a random user-agent. Use it with tools that don't have a --random-agent flag. Like `random-agent` or $(random-agent)

    Language:Go310
  • Aviksaikat/Bug-bounty-essentials

    All the tools you need for webapp pentesting & bug bouty hunting

    Language:Shell2201
  • DarkSuite/DarkScout

    DarkScout is a simple, nimble subdomain enumeration tool written in Rust language. It is designed to help bug bounty hunters, security professionals and penetration testers discover subdomains of a given target domain.

    Language:Rust2000
  • JeninSutradhar/bug-bounty-command-arsenal

    A comprehensive collection of 100 essential commands for ethical hacking and bug bounty hunting. This arsenal covers various aspects of security testing, including domain enumeration, vulnerability scanning, and more.

    Language:HTML2100
  • Qyfashae/Bug_Bounty_Scripts

    My private bug bounty scripts i have written under the years for real time projects within bug bounty hunting and penetration testing(red team).

    Language:JavaScript2100
  • supplyshark/npm_poc

    npm PoC packages

    Language:JavaScript2000
  • topscoder/domainer

    Domainer is a Go script that allows you to extract the root domains from a list of domains based on the ARPANET RFC's for (top-level) domains (TLDs). It removes the scheme (if present) from the input domains and extracts the last label before the TLD to produce the root domain. The extracted root domains are then printed as output.

    Language:Go2100
  • DEMON1A/Walker

    Walker is a Go-based tool designed to help identify secrets within binary files

    Language:Go11
  • lgcarmo/wordgen

    Wordlist Generator

    Language:Python1200
  • UsamaAli-AR/BugBounty-Tools

    Bug Bounty Tool List Which are useful for Bug Hunting , Ethical Hacking & CyberSecurity

  • DrW3b/secfinder

    This script is designed to identify and extract potential sensitive information from the source code of given URLs. It employs regular expressions to search for patterns associated with various types of sensitive data, including API keys, access tokens, and private keys.

    Language:Python101
  • topscoder/analyticsrelationships

    Get related domains / subdomains by looking at Google Analytics IDs

    Language:Go001
  • Vigil5153/Directory-Brute-Forcer

    A simple Python script for brute-forcing directories using a wordlist.

    Language:Python