The Top 173 Bugbounty Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 173 Bugbounty Open Source Projects

Categories > Software Quality > Bugbounty

Payloadsallthethings ⭐ 23,393

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pentesting Bible ⭐ 7,949

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Oneforall ⭐ 3,369

OneForAll是一款功能强大的子域收集工具

Bugbounty Cheatsheet ⭐ 3,210

A list of interesting payloads, tips and tricks for bug bounty hunters.

Hetty ⭐ 3,186

Hetty is an HTTP toolkit for security research.

Osmedeus ⭐ 3,016

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Intruderpayloads ⭐ 2,531

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Can I Take Over Xyz ⭐ 2,370

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Howtohunt ⭐ 2,345

Tutorials and Things to Do while Hunting Vulnerability.

Apkleaks ⭐ 2,131

Scanning APK file for URIs, endpoints & secrets.

Awesome Bugbounty Writeups ⭐ 1,909

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Xss Payload List ⭐ 1,875

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Nosqlmap ⭐ 1,670

Automated NoSQL database enumeration and web application exploitation tool.

Awesome Mobile Security ⭐ 1,608

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Defaultcreds Cheat Sheet ⭐ 1,570

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Nuclei Templates ⭐ 1,487

Community curated list of templates for the nuclei engine to find security vulnerabilities.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

S3scanner ⭐ 1,336

Scan for open AWS S3 buckets and dump the contents

Pentest Guide ⭐ 1,330

Penetration tests guide based on OWASP including test cases, resources and examples.

Webhackersweapons ⭐ 1,270

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Subjack ⭐ 1,212

Subdomain Takeover tool written in Go

Gitgraber ⭐ 1,185

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Findsploit ⭐ 1,165

Find exploits in local and online databases instantly

31 Days Of Api Security Tips ⭐ 1,152

This challenge is Inon Shkedy's 31 days API Security Tips.

Jaeles ⭐ 1,103

The Swiss Army knife for automated Web Application Testing

Reconftw ⭐ 1,083

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Burpbounty ⭐ 1,042

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Ezxss ⭐ 1,040

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Awsbucketdump ⭐ 1,032

Security Tool to Look For Interesting Files in S3 Buckets

Tiny Xss Payloads ⭐ 990

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Automatically brute force all services running on a target.

Urlhunter ⭐ 947

a recon tool that allows searching on URLs that are exposed via shortener services

Subdomainizer ⭐ 943

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Blackwidow ⭐ 897

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Allaboutbugbounty ⭐ 839

All about bug bounty (bypasses, payloads, and etc)

Paramspider ⭐ 834

Mining parameters from dark corners of Web Archives

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Gospider ⭐ 801

Gospider - Fast web spider written in Go

Privesc ⭐ 792

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Interlace ⭐ 779

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Vhostscan ⭐ 777

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Bypass Firewalls By Dns History ⭐ 770

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Sql Injection Payload List ⭐ 749

🎯 SQL Injection Payload List

Stacoan ⭐ 716

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Awesome Oneliner Bugbounty ⭐ 700

A collection of awesome one-liner scripts especially for bug bounty tips.

Domained ⭐ 692

Multi Tool Subdomain Enumeration

Command Injection Payload List ⭐ 675

🎯 Command Injection Payload List

Security_whitepapers ⭐ 644

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Android Reports And Resources ⭐ 626

A big list of Android Hackerone disclosed reports and other resources.

Subover ⭐ 620

A Powerful Subdomain Takeover Tool

Redcloud ⭐ 619

Automated Red Team Infrastructure deployement using Docker

Learn365 ⭐ 611

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Assessment Mindset ⭐ 610

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Powerfull XSS Scanning and Parameter analysis tool&gem

Favfreak ⭐ 573

Making Favicon.ico based Recon Great again !

Bigbountyrecon ⭐ 556

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Dictionary Of Pentesting ⭐ 532

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Security Tools ⭐ 514

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Hackerone Reports ⭐ 480

Top disclosed reports from HackerOne

Top25 Parameter ⭐ 469

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Hosthunter ⭐ 453

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Metabigor ⭐ 438

Intelligence tool but without API key

Generates combination of domain names from the provided input.

Watchdog ⭐ 347

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Awesome Hacking Lists ⭐ 343

平常看到好的渗透hacking工具和多领域效率工具的集合

Offensive Docker ⭐ 342

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Bugbountyguide ⭐ 341

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

Bruteforce Lists ⭐ 337

Some files for bruteforcing certain things.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

H2csmuggler ⭐ 332

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Osint_tips ⭐ 329

Findom Xss ⭐ 327

A fast DOM based XSS vulnerability scanner with simplicity.

Go Dork ⭐ 317

The fastest dork scanner written in Go.

Sonarsearch ⭐ 316

A MongoDB importer and API for Project Sonars DNS datasets

Xxe Injection Payload List ⭐ 313

🎯 XML External Entity (XXE) Injection Payload List

Jsfscan.sh ⭐ 302

Automation for javascript recon in bug bounty.

Subdomain takeover vulnerability checker

Lazyrecon ⭐ 287

An automated approach to performing recon for bug bounty hunting and penetration testing.

Cloudscraper ⭐ 284

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Recon Pipeline ⭐ 282

An automated target reconnaissance pipeline.

Recon My Way ⭐ 273

This repository created for personal use and added tools from my latest blog post.

Megplus ⭐ 271

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Cloudbrute ⭐ 271

Awesome cloud enumerator

Public Bugbounty Programs ⭐ 267

Community curated list of public bug bounty and responsible disclosure programs.

Php Security Check List ⭐ 264

PHP Security Check List [ EN ] 🌋 ☣️

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Project Black ⭐ 259

Pentest/BugBounty progress control with scanning modules

Bugbounty Scans ⭐ 251

aquatone results for sites with bug bountys

Extracting URLs of a specific target based on the results of "commoncrawl.org"

Awsome Security Write Ups And Pocs ⭐ 247

Awesome Writeups and POCs

Sitedorks ⭐ 246

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

Autorecon ⭐ 244

Simple shell script for automated domain recognition with some tools

Bugbountyscanner ⭐ 238

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Keywords ⭐ 230

Dnsprobe ⭐ 224

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Ssrf Sheriff ⭐ 223

A simple SSRF-testing sheriff written in Go

Puredns ⭐ 219

puredns is a subdomain bruteforcing tool that improves massdns to accurately handle wildcard subdomains and DNS poisoning. Easy to use and to integrate into workflows, it ensures the results obtained by public resolvers are clean.

Onelistforall ⭐ 218

Rockyou for web fuzzing

1-100 of 173 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210