289 Open Source Bugbounty Software Projects
Free and open source bugbounty code projects including engines, APIs, generators, and tools.
Payloadsallthethings 18441 ⭐
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Pentesting Bible 6899 ⭐
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Osmedeus 2671 ⭐
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Intruderpayloads 2390 ⭐
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Can I Take Over Xyz 2032 ⭐
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Wstg 1661 ⭐
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Awesome Mobile Security 1360 ⭐
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Nuclei 1523 ⭐
Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
Pentest Guide 1135 ⭐
Penetration tests guide based on OWASP including test cases, resources and examples.
Gitgraber 1063 ⭐
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Awesome Bugbounty Writeups 1098 ⭐
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Ezxss 939 ⭐
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Burpbounty 845 ⭐
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
1n3 Blackwidow 808 ⭐
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Naabu 834 ⭐
A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Vhostscan 706 ⭐
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stacoan 677 ⭐
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Bypass Firewalls By Dns History 670 ⭐
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Subdomainizer 696 ⭐
Sudomy 641 ⭐
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Webhackersweapons 721 ⭐
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Interlace 623 ⭐
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Assessment Mindset 530 ⭐
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Android Reports And Resources 526 ⭐
A big list of Android Hackerone disclosed reports and other resources.
Security Tools 482 ⭐
Collection of small security tools created mostly in Python. CTFs, pentests and so on
Nuclei Templates 546 ⭐
Community curated list of templates for the nuclei engine to find a security vulnerability in application.
Adhrit 371 ⭐
Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Flipkart Incubator Watchdog 324 ⭐
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Bxss 310 ⭐
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Bugbountyguide 305 ⭐
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Recon My Way 258 ⭐
This repository created for personal use and added tools from my latest blog post.
Osint_tips 275 ⭐
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of TIPS reach 1000 TIPS .Learn Ethical Hacking and penetration testing.and of course OSINT
Cloudscraper 257 ⭐
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Lazyrecon 236 ⭐
An automated approach to performing recon for bug bounty hunting and penetration testing.
Awesome Oneliner Bugbounty 248 ⭐
A collection of awesome one-liner scripts especially for bug bounty tips.
Crithit 174 ⭐
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Dnsprobe 189 ⭐
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Codingo Minesweeper 156 ⭐
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Mad Metasploit 167 ⭐
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
Qsfuzz 163 ⭐
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Proof Of Concepts 145 ⭐
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Shubhampathak Autosetup 132 ⭐
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stevemcilwain Quiver 133 ⭐
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Aaaguirrep Pentest 240 ⭐
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Rescope 133 ⭐
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.