61 Open Source Bug Bounty Software Projects
Free and open source bug bounty code projects including engines, APIs, generators, and tools.
Hack With Github Awesome Hacking 41002 ⭐
A collection of various awesome lists for hackers, pentesters and security researchers
Resources For Beginner Bug Bounty Hunters 3782 ⭐
A list of resources for those interested in getting started in bug bounties
Subfinder 2945 ⭐
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Burpbounty 845 ⭐
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Sublert 652 ⭐
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Git Hound 540 ⭐
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Security Tools 482 ⭐
Collection of small security tools created mostly in Python. CTFs, pentests and so on
Injuredandroid 258 ⭐
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Aaaguirrep Pentest 240 ⭐
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Not Your Average Web Crawler 102 ⭐
A web crawler (for bug hunting) that gathers more than you can imagine.
Keye 98 ⭐
Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Ecommerce Website Security Checklist 88 ⭐
List of considerations for commerce site auditing and security teams. This is summary of action points and areas that need to be built into the Techinical Specific Document, or will be checked in the Security testing phases.
Subtake 90 ⭐
Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.
Sqli Query Tampering 90 ⭐
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Googledorker 79 ⭐
This is a simple tool to automate google hacking when doing web penetration testing or bug hunting.
Gouveaheitor Spellbook 53 ⭐
[Work in Progress] Micro-framework for rapid development of reusable security tools
Clickjacking Tester 55 ⭐
A python script designed to check if the website if vulnerable of clickjacking and create a poc
Codingo Bbr 115 ⭐
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Awesome Blockchain Bug Bounty 31 ⭐
A comprehensive curated list of available Blockchain Bug Bounty Programs.
Bucket Flaws 27 ⭐
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Awesome Bbht 26 ⭐
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain. Feel free to fork, and add your own tools.
Filter Var Sqli 16 ⭐
Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )
Tijme Detective 15 ⭐
A private detective that gathers information you're not supposed to know about.