Awesome Open Source
Awesome Open Source
Combined Topics
bugbounty
x
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210
The Top 159 Bugbounty Open Source Projects
Categories
>
Software Quality
>
Bugbounty
Payloadsallthethings
⭐
20,998
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Pentesting Bible
⭐
7,455
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Sn1per
⭐
4,152
Automated pentest framework for offensive security experts
Hetty
⭐
3,069
Hetty is an HTTP toolkit for security research.
Oneforall
⭐
3,024
OneForAll是一款功能强大的子域收集工具
Bugbounty Cheatsheet
⭐
2,983
A list of interesting payloads, tips and tricks for bug bounty hunters.
Osmedeus
⭐
2,857
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Intruderpayloads
⭐
2,453
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Can I Take Over Xyz
⭐
2,187
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Wstg
⭐
2,065
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Howtohunt
⭐
1,698
Tutorials and Things to Do while Hunting Vulnerability.
Xss Payload List
⭐
1,644
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Awesome Bugbounty Writeups
⭐
1,624
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Nosqlmap
⭐
1,606
Automated NoSQL database enumeration and web application exploitation tool.
Awesome Mobile Security
⭐
1,497
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
S3scanner
⭐
1,278
Scan for open AWS S3 buckets and dump the contents
Pentest Guide
⭐
1,208
Penetration tests guide based on OWASP including test cases, resources and examples.
Defaultcreds Cheat Sheet
⭐
1,207
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️🔥
Arl
⭐
1,200
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Subjack
⭐
1,145
Subdomain Takeover tool written in Go
Gitgraber
⭐
1,131
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Findsploit
⭐
1,129
Find exploits in local and online databases instantly
Jaeles
⭐
1,003
The Swiss Army knife for automated Web Application Testing
Awsbucketdump
⭐
1,001
Security Tool to Look For Interesting Files in S3 Buckets
Webhackersweapons
⭐
999
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Naabu
⭐
997
A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Burpbounty
⭐
991
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Ezxss
⭐
988
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
31 Days Of Api Security Tips
⭐
980
This challenge is Inon Shkedy's 31 days API Security Tips.
Brutex
⭐
951
Automatically brute force all services running on a target.
Tiny Xss Payloads
⭐
936
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Blackwidow
⭐
863
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Urlhunter
⭐
857
a recon tool that allows searching on URLs that are exposed via shortener services
Nuclei Templates
⭐
829
Community curated list of templates for the nuclei engine to find a security vulnerability in application.
Subdomainizer
⭐
825
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Privesc
⭐
780
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Sudomy
⭐
754
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Vhostscan
⭐
743
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Paramspider
⭐
739
Mining parameters from dark corners of Web Archives
Interlace
⭐
718
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Bypass Firewalls By Dns History
⭐
710
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Stacoan
⭐
692
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Gospider
⭐
692
Gospider - Fast web spider written in Go
Dalfox
⭐
685
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Domained
⭐
669
Multi Tool Subdomain Enumeration
Security_whitepapers
⭐
644
Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Command Injection Payload List
⭐
621
🎯 Command Injection Payload List
Sql Injection Payload List
⭐
620
🎯 SQL Injection Payload List
Assessment Mindset
⭐
585
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Subover
⭐
577
A Powerful Subdomain Takeover Tool
Android Reports And Resources
⭐
567
A big list of Android Hackerone disclosed reports and other resources.
Xspear
⭐
537
Powerfull XSS Scanning and Parameter analysis tool&gem
Redcloud
⭐
533
Automated Red Team Infrastructure deployement using Docker
Favfreak
⭐
510
Making Favicon.ico based Recon Great again !
Security Tools
⭐
501
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Awesome Oneliner Bugbounty
⭐
483
A collection of awesome one-liner scripts especially for bug bounty tips.
Dictionary Of Pentesting
⭐
417
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Metabigor
⭐
394
Intelligence tool but without API key
Hosthunter
⭐
379
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Dnsgen
⭐
351
Generates combination of domain names from the provided input.
Hackerone Reports
⭐
346
Top disclosed reports from HackerOne
Watchdog
⭐
338
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Bugbountyguide
⭐
328
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Bxss
⭐
321
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Apkleaks
⭐
317
Scanning APK file for URIs, endpoints & secrets.
Offensive Docker
⭐
304
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Osint_tips
⭐
298
OSINT
Bruteforce Lists
⭐
293
Some files for bruteforcing certain things.
Awesome Hacking Lists
⭐
273
平常看到好的渗透hacking工具和多领域效率工具的集合
Xxe Injection Payload List
⭐
272
🎯 XML External Entity (XXE) Injection Payload List
Lazyrecon
⭐
269
An automated approach to performing recon for bug bounty hunting and penetration testing.
Cloudscraper
⭐
268
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Megplus
⭐
267
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Recon My Way
⭐
264
This repository created for personal use and added tools from my latest blog post.
Php Security Check List
⭐
261
PHP Security Check List [ EN ] 🌋 ☣️
Recon Pipeline
⭐
259
An automated target reconnaissance pipeline.
Findom Xss
⭐
257
A fast DOM based XSS vulnerability scanner with simplicity.
Project Black
⭐
255
Pentest/BugBounty progress control with scanning modules
H2csmuggler
⭐
254
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Subzy
⭐
249
Subdomain takeover vulnerability checker
Sonarsearch
⭐
249
A MongoDB importer and API for Project Sonars DNS datasets
Cc.py
⭐
246
Extracting URLs of a specific target based on the results of "commoncrawl.org"
Bugbounty Scans
⭐
243
aquatone results for sites with bug bountys
Cloudbrute
⭐
243
Awesome cloud enumerator
Autorecon
⭐
242
Simple shell script for automated domain recognition with some tools
Awsome Security Write Ups And Pocs
⭐
234
Awesome Writeups and POCs
Jsfscan.sh
⭐
232
Automation for javascript recon in bug bounty.
Dnsprobe
⭐
216
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Contact.sh
⭐
212
An OSINT tool to find contacts in order to report security vulnerabilities.
Ssrf Sheriff
⭐
212
A simple SSRF-testing sheriff written in Go
Keywords
⭐
208
Public Bugbounty Programs
⭐
203
Community curated list of public bug bounty and responsible disclosure programs.
Pdlist
⭐
200
A passive subdomain finder
Slicer
⭐
194
A tool to automate the boring process of APK recon
Mad Metasploit
⭐
187
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
Qsfuzz
⭐
181
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Rfi Lfi Payload List
⭐
177
🎯 RFI/LFI Payload List
Crithit
⭐
177
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Basecrack
⭐
175
Decode All Bases - Base Scheme Decoder
Knary
⭐
172
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
1-100 of 159 projects
Next >
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210