Awesome Open Source
Awesome Open Source
Combined Topics
bugbounty
x
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210
The Top 173 Bugbounty Open Source Projects
Categories
>
Software Quality
>
Bugbounty
Payloadsallthethings
⭐
23,393
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Pentesting Bible
⭐
7,949
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Oneforall
⭐
3,369
OneForAll是一款功能强大的子域收集工具
Bugbounty Cheatsheet
⭐
3,210
A list of interesting payloads, tips and tricks for bug bounty hunters.
Hetty
⭐
3,186
Hetty is an HTTP toolkit for security research.
Osmedeus
⭐
3,016
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Intruderpayloads
⭐
2,531
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Can I Take Over Xyz
⭐
2,370
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Wstg
⭐
2,362
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Howtohunt
⭐
2,345
Tutorials and Things to Do while Hunting Vulnerability.
Apkleaks
⭐
2,131
Scanning APK file for URIs, endpoints & secrets.
Awesome Bugbounty Writeups
⭐
1,909
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Xss Payload List
⭐
1,875
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Nosqlmap
⭐
1,670
Automated NoSQL database enumeration and web application exploitation tool.
Awesome Mobile Security
⭐
1,608
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Defaultcreds Cheat Sheet
⭐
1,570
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Nuclei Templates
⭐
1,487
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Arl
⭐
1,460
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
S3scanner
⭐
1,336
Scan for open AWS S3 buckets and dump the contents
Pentest Guide
⭐
1,330
Penetration tests guide based on OWASP including test cases, resources and examples.
Webhackersweapons
⭐
1,270
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Subjack
⭐
1,212
Subdomain Takeover tool written in Go
Gitgraber
⭐
1,185
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Findsploit
⭐
1,165
Find exploits in local and online databases instantly
31 Days Of Api Security Tips
⭐
1,152
This challenge is Inon Shkedy's 31 days API Security Tips.
Jaeles
⭐
1,103
The Swiss Army knife for automated Web Application Testing
Reconftw
⭐
1,083
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Burpbounty
⭐
1,042
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Ezxss
⭐
1,040
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Awsbucketdump
⭐
1,032
Security Tool to Look For Interesting Files in S3 Buckets
Tiny Xss Payloads
⭐
990
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Brutex
⭐
989
Automatically brute force all services running on a target.
Urlhunter
⭐
947
a recon tool that allows searching on URLs that are exposed via shortener services
Subdomainizer
⭐
943
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Blackwidow
⭐
897
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Sudomy
⭐
895
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Allaboutbugbounty
⭐
839
All about bug bounty (bypasses, payloads, and etc)
Paramspider
⭐
834
Mining parameters from dark corners of Web Archives
Dalfox
⭐
833
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Gospider
⭐
801
Gospider - Fast web spider written in Go
Privesc
⭐
792
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Interlace
⭐
779
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Vhostscan
⭐
777
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Bypass Firewalls By Dns History
⭐
770
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Sql Injection Payload List
⭐
749
🎯 SQL Injection Payload List
Stacoan
⭐
716
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Awesome Oneliner Bugbounty
⭐
700
A collection of awesome one-liner scripts especially for bug bounty tips.
Domained
⭐
692
Multi Tool Subdomain Enumeration
Command Injection Payload List
⭐
675
🎯 Command Injection Payload List
Security_whitepapers
⭐
644
Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Android Reports And Resources
⭐
626
A big list of Android Hackerone disclosed reports and other resources.
Subover
⭐
620
A Powerful Subdomain Takeover Tool
Redcloud
⭐
619
Automated Red Team Infrastructure deployement using Docker
Learn365
⭐
611
This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection
Assessment Mindset
⭐
610
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Xspear
⭐
605
Powerfull XSS Scanning and Parameter analysis tool&gem
Favfreak
⭐
573
Making Favicon.ico based Recon Great again !
Bigbountyrecon
⭐
556
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Dictionary Of Pentesting
⭐
532
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Security Tools
⭐
514
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Hackerone Reports
⭐
480
Top disclosed reports from HackerOne
Top25 Parameter
⭐
469
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Hosthunter
⭐
453
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Metabigor
⭐
438
Intelligence tool but without API key
Dnsgen
⭐
396
Generates combination of domain names from the provided input.
Watchdog
⭐
347
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Awesome Hacking Lists
⭐
343
平常看到好的渗透hacking工具和多领域效率工具的集合
Offensive Docker
⭐
342
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Bugbountyguide
⭐
341
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Bruteforce Lists
⭐
337
Some files for bruteforcing certain things.
Bxss
⭐
333
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
H2csmuggler
⭐
332
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Osint_tips
⭐
329
OSINT
Findom Xss
⭐
327
A fast DOM based XSS vulnerability scanner with simplicity.
Go Dork
⭐
317
The fastest dork scanner written in Go.
Sonarsearch
⭐
316
A MongoDB importer and API for Project Sonars DNS datasets
Xxe Injection Payload List
⭐
313
🎯 XML External Entity (XXE) Injection Payload List
Jsfscan.sh
⭐
302
Automation for javascript recon in bug bounty.
Subzy
⭐
295
Subdomain takeover vulnerability checker
Lazyrecon
⭐
287
An automated approach to performing recon for bug bounty hunting and penetration testing.
Cloudscraper
⭐
284
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Recon Pipeline
⭐
282
An automated target reconnaissance pipeline.
Recon My Way
⭐
273
This repository created for personal use and added tools from my latest blog post.
Megplus
⭐
271
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Cloudbrute
⭐
271
Awesome cloud enumerator
Public Bugbounty Programs
⭐
267
Community curated list of public bug bounty and responsible disclosure programs.
Php Security Check List
⭐
264
PHP Security Check List [ EN ] 🌋 ☣️
3klcon
⭐
261
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Project Black
⭐
259
Pentest/BugBounty progress control with scanning modules
Bugbounty Scans
⭐
251
aquatone results for sites with bug bountys
Cc.py
⭐
250
Extracting URLs of a specific target based on the results of "commoncrawl.org"
Awsome Security Write Ups And Pocs
⭐
247
Awesome Writeups and POCs
Sitedorks
⭐
246
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Autorecon
⭐
244
Simple shell script for automated domain recognition with some tools
Bugbountyscanner
⭐
238
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Keywords
⭐
230
Dnsprobe
⭐
224
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Ssrf Sheriff
⭐
223
A simple SSRF-testing sheriff written in Go
Puredns
⭐
219
puredns is a subdomain bruteforcing tool that improves massdns to accurately handle wildcard subdomains and DNS poisoning. Easy to use and to integrate into workflows, it ensures the results obtained by public resolvers are clean.
Onelistforall
⭐
218
Rockyou for web fuzzing
1-100 of 173 projects
Next >
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210