289 Open Source Bugbounty Software Projects
Free and open source bugbounty code projects including engines, APIs, generators, and tools.
Payloadsallthethings 18441 ⭐
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Pentesting Bible 6899 ⭐
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Osmedeus 2671 ⭐
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Intruderpayloads 2390 ⭐
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Can I Take Over Xyz 2032 ⭐
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Wstg 1661 ⭐
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Awesome Mobile Security 1360 ⭐
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Nuclei 1523 ⭐
Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
Pentest Guide 1135 ⭐
Penetration tests guide based on OWASP including test cases, resources and examples.
Gitgraber 1063 ⭐
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Awesome Bugbounty Writeups 1098 ⭐
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Ezxss 939 ⭐
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Burpbounty 845 ⭐
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
1n3 Blackwidow 808 ⭐
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Naabu 834 ⭐
A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Vhostscan 706 ⭐
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stacoan 677 ⭐
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Bypass Firewalls By Dns History 670 ⭐
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Subdomainizer 696 ⭐
Sudomy 641 ⭐
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Webhackersweapons 721 ⭐
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Interlace 623 ⭐
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Assessment Mindset 530 ⭐
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Android Reports And Resources 526 ⭐
A big list of Android Hackerone disclosed reports and other resources.
Security Tools 482 ⭐
Collection of small security tools created mostly in Python. CTFs, pentests and so on
Nuclei Templates 546 ⭐
Community curated list of templates for the nuclei engine to find a security vulnerability in application.
Adhrit 371 ⭐
Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Flipkart Incubator Watchdog 324 ⭐
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Bxss 310 ⭐
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Bugbountyguide 305 ⭐
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Recon My Way 258 ⭐
This repository created for personal use and added tools from my latest blog post.
Osint_tips 275 ⭐
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of TIPS reach 1000 TIPS .Learn Ethical Hacking and penetration testing.and of course OSINT
Cloudscraper 257 ⭐
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Lazyrecon 236 ⭐
An automated approach to performing recon for bug bounty hunting and penetration testing.
Awesome Oneliner Bugbounty 248 ⭐
A collection of awesome one-liner scripts especially for bug bounty tips.
Crithit 174 ⭐
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Dnsprobe 189 ⭐
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Codingo Minesweeper 156 ⭐
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Mad Metasploit 167 ⭐
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
Qsfuzz 163 ⭐
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Proof Of Concepts 145 ⭐
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Shubhampathak Autosetup 132 ⭐
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stevemcilwain Quiver 133 ⭐
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Aaaguirrep Pentest 240 ⭐
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Rescope 133 ⭐
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Bl4de Research 113 ⭐
Hello and welcome to my GitHub account. If you'd like to know more about me, this is likely the best place to start
Public Bugbounty Programs 143 ⭐
Community curated list of public bug bounty and responsible disclosure programs.
Asnlookup 124 ⭐
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Reconness 106 ⭐
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Dictionary Of Pentesting 292 ⭐
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Xrcross 114 ⭐
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Edoverflow Csp 88 ⭐
Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
Vulnrepo 92 ⭐
VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted, security report maker, vulnerability report builder. Complete templates of issues, CWE, CVE, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog and statistics, vulnerability management.
Asnip 106 ⭐
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Sqli Query Tampering 90 ⭐
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Sitedorks 96 ⭐
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with different websites. A default list is already provided.
Inventus 75 ⭐
Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.
Gofingerprint 83 ⭐
GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Offensiveclouddistribution 72 ⭐
Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.
Crawlergo To Xray 60 ⭐
Ameenmaali Wordlistgen 62 ⭐
Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
S3reverse 58 ⭐
The format of various s3 buckets is convert in one format. for bugbounty and security testing.
Privatecollaborator 58 ⭐
A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
Bugbountyresources Resources 56 ⭐
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Watch and Star this repo for all latest guides, tools, methodology, platforms tips, and tricks curated by us.
Differer 55 ⭐
differer finds how URLs are parsed by different languages in order to help bug hunters break filters
H1 Search 49 ⭐
Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Jwtweak 47 ⭐
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Codingo Bbr 115 ⭐
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Knockknock 47 ⭐
A simple reverse whois lookup tool which returns a list of domains owned by people or companies
Awesome Reference 43 ⭐
Reference list of useful links to learn about programming, networking, hacking, cybersecurity, ctf, bounty bug write-up, and more
Urldedupe 44 ⭐
Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Legal Bug Bounty 40 ⭐
#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Softrams Bulwark 58 ⭐
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Crlf Injector 35 ⭐
A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
Si9int Screenshooter 35 ⭐
Convert your masscan/subdomain-scan results (80,443,8080) into screenshots for better analysis
Hae Java 31 ⭐
Open Sesame 30 ⭐
A python tool which runs to display random publicly disclosed Hackerone reports when bored. Automatically opens the report in browser.(Addtl. support for 700+ bug bounty writeups.)
Bountymachine About 28 ⭐
A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!
Bucket Flaws 27 ⭐
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Endpointdiff 27 ⭐
Hackerone Notifier 24 ⭐
Send notifications if a new program is published on HackerOne using Pushbullet
Wwwordlist 25 ⭐
Use wwwordlist to generate a wordlist from words based on HTML (extracted with BS4), URLs, JS/HTTP/input variables, quoted texts found in the supplied text and mail files.
Awesome Bbht 26 ⭐
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain. Feel free to fork, and add your own tools.
Rajappan 22 ⭐
The All in one Security project for Digital Privacy. A step towards a better & secure Internet
Security Policy Specification Standard 22 ⭐
This document proposes a way of standardising the structure, language, and grammar used in security policies.
Bounty Targets Alert 25 ⭐
It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.
Godzilla 21 ⭐
Godzilla is an automated scanner tool for bug hunters/pentesters that can scan website for vulnerabilities, Do Information gathering in Network range, exploit and attack network.
Qsinject 18 ⭐
qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.
Commandgeninterface 16 ⭐
Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.
Humblelad Needle 16 ⭐
Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
T1tl3 14 ⭐
A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title 😌
Kibanarec 15 ⭐
A Tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations for Bug Bounty.
Golookup 11 ⭐
GoLookup is a simple tool written in GoLang, which looks for CNAME(s) ,A and AAAA Records , TXT Records , NameServer(s) / MX Record of any domain
Russkiwlst 11 ⭐
Bundle of common passwords targeting RUSSIAN-speaking audience (parsed from big data leaks)
Tophanttechnology Arl 829 ⭐
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。
Bug_bounty_list 21 ⭐
Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.
Hetty 2395 ⭐
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
Garud 42 ⭐
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
Mainrecon 31 ⭐
mainRecon is an automated reconnaissance docker image for bugbounty hunter write in bash script.
bad-slug 13 ⭐
puredns is a subdomain bruteforcing tool that improves massdns to accurately handle wildcard subdomains and DNS poisoning. Easy to use and to integrate into workflows, it ensures the results obtained by public resolvers are clean.
bad-slug 11 ⭐