bug-bounty

There are 647 repositories under bug-bounty topic.

  • resolvers

    The most exhaustive list of reliable DNS resolvers.

    743
  • offensive-docker

    offensive-docker

    Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

    Language:Dockerfile741
  • socialhunter

    socialhunter

    crawls the website and finds broken social media links that can be hijacked

    Language:Go729
  • ipranges

    ipranges

    🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.

    Language:Shell710

  • vajra

    Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

    Language:JavaScript696

  • penetration-testing-cheat-sheet

    Work in progress...

    Language:PHP694

  • InjuredAndroid

    A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

    Language:Kotlin689

  • scant3r

    ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )

    Language:Python682

  • misconfig-mapper

    Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

    Language:Go664

  • Facebook-BugBounty-Writeups

    Collection of Facebook Bug Bounty Writeups

    631

  • SQLiDetector

    Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

    Language:Clojure603

  • goop

    Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.

    Language:Go600

  • xurlfind3r

    A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

    Language:Go590

  • rfi-lfi-payload-list

    🎯 RFI/LFI Payload List

    567
  • awesome-bbht

    awesome-bbht

    A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

    Language:Shell563
  • rustbuster

    rustbuster

    A Comprehensive Web Fuzzer and Content Discovery Tool

    Language:Rust539

  • revsuit

    RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

    Language:Go531

  • ppmap

    A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

    Language:Go502

  • wifi-penetration-testing-cheat-sheet

    Work in progress...

    477
  • reaper

    reaper

    💀 Don't fear the Reaper 👻

    Language:Go471

  • gotator

    Gotator is a tool to generate DNS wordlists through permutations.

    Language:Go466

  • rekono

    Pentesting automation platform that combines hacking tools to complete assessments

    Language:Python461

  • DirDar

    DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

    Language:Go449

  • reconmap

    Vulnerability assessment and penetration testing automation and reporting platform for teams.

    Language:Smarty445

  • awesome-rtc-hacking

    a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE

    440

  • exifLooter

    ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap

    Language:Go436

  • cheat-sheets

    A list of cheat sheets for application security

    423

  • xss_vibes

    A modern tool written in Python that automates your xss findings.

    Language:Python414
  • hysp

    hysp

    📦 An independent package manager that every hacker deserves.

    Language:Rust413

  • Bug-Bounty

    Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More

    Language:Shell411

  • android-penetration-testing-cheat-sheet

    Work in progress...

    Language:JavaScript389

  • ax

    The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbitrary binaries and scripts using any of our eight supported cloud providers!

    Language:Shell361

  • lit-bb-hack-tools

    Little Bug Bounty & Hacking Tools⚔️

    Language:Go353

  • missing-cve-nuclei-templates

    Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

    Language:Shell349

  • sub404

    A python tool to check subdomain takeover vulnerability

    Language:Python331

  • ios-penetration-testing-cheat-sheet

    Work in progress...

    Language:JavaScript328