The Top 159 Bugbounty Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 159 Bugbounty Open Source Projects

Categories > Software Quality > Bugbounty

Payloadsallthethings ⭐ 20,998

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pentesting Bible ⭐ 7,455

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Sn1per ⭐ 4,152

Automated pentest framework for offensive security experts

Hetty ⭐ 3,069

Hetty is an HTTP toolkit for security research.

Oneforall ⭐ 3,024

OneForAll是一款功能强大的子域收集工具

Bugbounty Cheatsheet ⭐ 2,983

A list of interesting payloads, tips and tricks for bug bounty hunters.

Osmedeus ⭐ 2,857

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Intruderpayloads ⭐ 2,453

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Can I Take Over Xyz ⭐ 2,187

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Howtohunt ⭐ 1,698

Tutorials and Things to Do while Hunting Vulnerability.

Xss Payload List ⭐ 1,644

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Awesome Bugbounty Writeups ⭐ 1,624

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Nosqlmap ⭐ 1,606

Automated NoSQL database enumeration and web application exploitation tool.

Awesome Mobile Security ⭐ 1,497

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

S3scanner ⭐ 1,278

Scan for open AWS S3 buckets and dump the contents

Pentest Guide ⭐ 1,208

Penetration tests guide based on OWASP including test cases, resources and examples.

Defaultcreds Cheat Sheet ⭐ 1,207

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️🔥

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Subjack ⭐ 1,145

Subdomain Takeover tool written in Go

Gitgraber ⭐ 1,131

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Findsploit ⭐ 1,129

Find exploits in local and online databases instantly

Jaeles ⭐ 1,003

The Swiss Army knife for automated Web Application Testing

Awsbucketdump ⭐ 1,001

Security Tool to Look For Interesting Files in S3 Buckets

Webhackersweapons ⭐ 999

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Burpbounty ⭐ 991

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

31 Days Of Api Security Tips ⭐ 980

This challenge is Inon Shkedy's 31 days API Security Tips.

Automatically brute force all services running on a target.

Tiny Xss Payloads ⭐ 936

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Blackwidow ⭐ 863

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Urlhunter ⭐ 857

a recon tool that allows searching on URLs that are exposed via shortener services

Nuclei Templates ⭐ 829

Community curated list of templates for the nuclei engine to find a security vulnerability in application.

Subdomainizer ⭐ 825

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Privesc ⭐ 780

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Vhostscan ⭐ 743

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Paramspider ⭐ 739

Mining parameters from dark corners of Web Archives

Interlace ⭐ 718

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Bypass Firewalls By Dns History ⭐ 710

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Stacoan ⭐ 692

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Gospider ⭐ 692

Gospider - Fast web spider written in Go

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Domained ⭐ 669

Multi Tool Subdomain Enumeration

Security_whitepapers ⭐ 644

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Command Injection Payload List ⭐ 621

🎯 Command Injection Payload List

Sql Injection Payload List ⭐ 620

🎯 SQL Injection Payload List

Assessment Mindset ⭐ 585

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Subover ⭐ 577

A Powerful Subdomain Takeover Tool

Android Reports And Resources ⭐ 567

A big list of Android Hackerone disclosed reports and other resources.

Powerfull XSS Scanning and Parameter analysis tool&gem

Redcloud ⭐ 533

Automated Red Team Infrastructure deployement using Docker

Favfreak ⭐ 510

Making Favicon.ico based Recon Great again !

Security Tools ⭐ 501

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Awesome Oneliner Bugbounty ⭐ 483

A collection of awesome one-liner scripts especially for bug bounty tips.

Dictionary Of Pentesting ⭐ 417

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Metabigor ⭐ 394

Intelligence tool but without API key

Hosthunter ⭐ 379

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Generates combination of domain names from the provided input.

Hackerone Reports ⭐ 346

Top disclosed reports from HackerOne

Watchdog ⭐ 338

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Bugbountyguide ⭐ 328

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Apkleaks ⭐ 317

Scanning APK file for URIs, endpoints & secrets.

Offensive Docker ⭐ 304

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Osint_tips ⭐ 298

Bruteforce Lists ⭐ 293

Some files for bruteforcing certain things.

Awesome Hacking Lists ⭐ 273

平常看到好的渗透hacking工具和多领域效率工具的集合

Xxe Injection Payload List ⭐ 272

🎯 XML External Entity (XXE) Injection Payload List

Lazyrecon ⭐ 269

An automated approach to performing recon for bug bounty hunting and penetration testing.

Cloudscraper ⭐ 268

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Megplus ⭐ 267

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Recon My Way ⭐ 264

This repository created for personal use and added tools from my latest blog post.

Php Security Check List ⭐ 261

PHP Security Check List [ EN ] 🌋 ☣️

Recon Pipeline ⭐ 259

An automated target reconnaissance pipeline.

Findom Xss ⭐ 257

A fast DOM based XSS vulnerability scanner with simplicity.

Project Black ⭐ 255

Pentest/BugBounty progress control with scanning modules

H2csmuggler ⭐ 254

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Subdomain takeover vulnerability checker

Sonarsearch ⭐ 249

A MongoDB importer and API for Project Sonars DNS datasets

Extracting URLs of a specific target based on the results of "commoncrawl.org"

Bugbounty Scans ⭐ 243

aquatone results for sites with bug bountys

Cloudbrute ⭐ 243

Awesome cloud enumerator

Autorecon ⭐ 242

Simple shell script for automated domain recognition with some tools

Awsome Security Write Ups And Pocs ⭐ 234

Awesome Writeups and POCs

Jsfscan.sh ⭐ 232

Automation for javascript recon in bug bounty.

Dnsprobe ⭐ 216

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Contact.sh ⭐ 212

An OSINT tool to find contacts in order to report security vulnerabilities.

Ssrf Sheriff ⭐ 212

A simple SSRF-testing sheriff written in Go

Keywords ⭐ 208

Public Bugbounty Programs ⭐ 203

Community curated list of public bug bounty and responsible disclosure programs.

A passive subdomain finder

A tool to automate the boring process of APK recon

Mad Metasploit ⭐ 187

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Rfi Lfi Payload List ⭐ 177

🎯 RFI/LFI Payload List

Crithit ⭐ 177

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Basecrack ⭐ 175

Decode All Bases - Base Scheme Decoder

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

1-100 of 159 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210