The Top 964 Bugbounty Open Source Projects

Awesome Open Source

Awesome Open Source

Share On Twitter

Combined Topics

The Top 964 Bugbounty Open Source Projects

Categories > Software Quality > Bugbounty

Awesome Hacking ⭐ 52,513

A collection of various awesome lists for hackers, pentesters and security researchers

most recent commit 6 days ago

Payloadsallthethings ⭐ 38,586

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

most recent commit 6 days ago

Dirsearch ⭐ 8,101

Web path scanner

total releases 6most recent commit 15 days ago

Pentesting Bible ⭐ 8,066

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

most recent commit a year ago

Resources For Beginner Bug Bounty Hunters ⭐ 7,757

A list of resources for those interested in getting started in bug bounties

most recent commit 21 days ago

Scanners Box ⭐ 6,001

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

most recent commit a day ago

Subfinder ⭐ 5,770

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

total releases 115most recent commit 6 days ago

Oneforall ⭐ 5,064

OneForAll是一款功能强大的子域收集工具

most recent commit 2 days ago

Nuclei Templates ⭐ 4,601

Community curated list of templates for the nuclei engine to find security vulnerabilities.

most recent commit 3 hours ago

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

most recent commit 3 hours ago

Rengine ⭐ 4,268

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

most recent commit 4 days ago

Osmedeus ⭐ 3,878

A Workflow Engine for Offensive Security

most recent commit a month ago

Hetty ⭐ 3,758

An HTTP toolkit for security research.

total releases 18most recent commit 3 months ago

Howtohunt ⭐ 3,667

Tutorials and Things to Do while Hunting Vulnerability.

most recent commit 3 months ago

Httpx ⭐ 3,337

httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

dependent packages 4total releases 57most recent commit 8 days ago

Commix ⭐ 3,335

Automated All-in-One OS Command Injection Exploitation Tool.

most recent commit 3 days ago

Securedrop ⭐ 3,288

GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!

most recent commit 6 days ago

Bugbounty Cheatsheet ⭐ 3,247

A list of interesting payloads, tips and tricks for bug bounty hunters.

most recent commit a year ago

Awesome Bug Bounty ⭐ 3,202

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

most recent commit 3 months ago

Can I Take Over Xyz ⭐ 3,022

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

most recent commit 2 months ago

Apkleaks ⭐ 2,867

Scanning APK file for URIs, endpoints & secrets.

total releases 11most recent commit 4 months ago

Reconftw ⭐ 2,746

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

most recent commit 19 days ago

Axiom ⭐ 2,744

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

most recent commit 12 days ago

Hakrawler ⭐ 2,736

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

total releases 11most recent commit a month ago

Intruderpayloads ⭐ 2,687

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

most recent commit 9 months ago

Bug Bounty Reference ⭐ 2,631

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

most recent commit 9 months ago

Awesome Hacker Search Engines ⭐ 2,429

A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more

most recent commit 6 hours ago

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

most recent commit 4 months ago

Xss Payload List ⭐ 2,361

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

most recent commit 9 months ago

Defaultcreds Cheat Sheet ⭐ 2,338

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

most recent commit 2 months ago

Awesome Bugbounty Writeups ⭐ 2,292

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

most recent commit 10 months ago

Allaboutbugbounty ⭐ 2,172

All about bug bounty (bypasses, payloads, and etc)

most recent commit 14 days ago

Webhackersweapons ⭐ 2,021

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

most recent commit 17 days ago

Dalfox ⭐ 1,878

🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

total releases 71most recent commit 2 days ago

Black Hat Rust ⭐ 1,750

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

total releases 4most recent commit 15 days ago

Pentest Guide ⭐ 1,733

Penetration tests guide based on OWASP including test cases, resources and examples.

most recent commit 3 months ago

Nosqlmap ⭐ 1,691

Automated NoSQL database enumeration and web application exploitation tool.

most recent commit a year ago

Awesome Mobile Security ⭐ 1,684

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

most recent commit a year ago

Interactsh ⭐ 1,645

An OOB interaction gathering server and client library

dependent packages 7total releases 43most recent commit 12 days ago

S3scanner ⭐ 1,635

Scan for open S3 buckets and dump the contents

total releases 3most recent commit 4 months ago

Pagodo ⭐ 1,628

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

most recent commit a month ago

Awesome Oneliner Bugbounty ⭐ 1,525

A collection of awesome one-liner scripts especially for bug bounty tips.

most recent commit a month ago

Collection Document ⭐ 1,416

Collection of quality safety articles. Awesome articles.

most recent commit a year ago

Jaeles ⭐ 1,387

The Swiss Army knife for automated Web Application Testing

total releases 29most recent commit 6 months ago

Gospider ⭐ 1,385

Gospider - Fast web spider written in Go

total releases 17most recent commit 2 months ago

Web Fuzzing Box ⭐ 1,363

Web Fuzzing Box - Web 模糊测试字典与一些Payloads，主要包含：弱口令暴力破解、目录以及文件枚举、Web漏洞...字典

most recent commit a month ago

31 Days Of Api Security Tips ⭐ 1,353

This challenge is Inon Shkedy's 31 days API Security Tips.

most recent commit 10 months ago

Subjack ⭐ 1,336

Subdomain Takeover tool written in Go

most recent commit 9 months ago

Burpbounty ⭐ 1,311

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

most recent commit 2 months ago

Malicious Pdf ⭐ 1,291

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

most recent commit 2 months ago

Ezxss ⭐ 1,276

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

most recent commit a month ago

Brutex ⭐ 1,242

Automatically brute force all services running on a target.

most recent commit 4 months ago

Findsploit ⭐ 1,231

Find exploits in local and online databases instantly

most recent commit 9 months ago

Tiny Xss Payloads ⭐ 1,220

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

most recent commit 9 months ago

Gitgraber ⭐ 1,205

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

most recent commit 2 years ago

Awesome Bugbounty Tools ⭐ 1,184

A curated list of various bug bounty tools

most recent commit 9 days ago

Urlhunter ⭐ 1,157

a recon tool that allows searching on URLs that are exposed via shortener services

most recent commit 8 months ago

Fuzzing101 ⭐ 1,154

An step by step fuzzing tutorial. A GitHub Security Lab initiative

most recent commit 4 months ago

Sn0int ⭐ 1,150

Semi-automatic OSINT framework and package manager

dependent packages 2total releases 13most recent commit 3 months ago

cargo sn0int-common} Downloads

Dictionary Of Pentesting ⭐ 1,131

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

most recent commit 2 months ago

Awsbucketdump ⭐ 1,119

Security Tool to Look For Interesting Files in S3 Buckets

most recent commit 4 months ago

Subdomainizer ⭐ 1,105

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

most recent commit 8 months ago

Paramspider ⭐ 1,098

Mining parameters from dark corners of Web Archives

most recent commit 10 months ago

Src Experience ⭐ 1,098

工欲善其事，必先利其器

most recent commit 7 months ago

Onelistforall ⭐ 1,070

Rockyou for web fuzzing

most recent commit 17 days ago

Sudomy ⭐ 1,012

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

most recent commit a year ago

Learn365 ⭐ 1,006

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

most recent commit 6 months ago

Blackwidow ⭐ 986

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

most recent commit 9 months ago

Top25 Parameter ⭐ 983

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

most recent commit 2 months ago

Android Reports And Resources ⭐ 949

A big list of Android Hackerone disclosed reports and other resources.

most recent commit a month ago

Interlace ⭐ 939

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

most recent commit 2 months ago

Holytips ⭐ 928

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

most recent commit 10 months ago

Hackerone Reports ⭐ 908

Top disclosed reports from HackerOne

most recent commit 13 days ago

Awesome Rce Techniques ⭐ 882

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

most recent commit 2 days ago

Api Securityempire ⭐ 878

API Security Project aims to present unique attack & defense methods in API Security field

most recent commit 9 hours ago

Sql Injection Payload List ⭐ 873

🎯 SQL Injection Payload List

most recent commit a year ago

Git Hound ⭐ 851

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

total releases 2most recent commit 15 days ago

Open-source vulnerability disclosure and bug bounty program database.

most recent commit 2 days ago

Vhostscan ⭐ 800

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

most recent commit 2 years ago

Bypass Firewalls By Dns History ⭐ 789

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

most recent commit a year ago

Gotestwaf ⭐ 777

An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

total releases 14most recent commit 2 days ago

Swiftnessx ⭐ 775

A cross-platform note-taking & target-tracking app for penetration testers.

most recent commit 4 months ago

Favfreak ⭐ 723

Making Favicon.ico based Recon Great again !

most recent commit 6 months ago

Dumpall ⭐ 722

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

total releases 7most recent commit a day ago

Stacoan ⭐ 719

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

most recent commit a year ago

Awesome List Of Secrets In Environment Variables ⭐ 714

🦄🔒 Awesome list of secrets in environment variables 🖥️

most recent commit 13 days ago

Command Injection Payload List ⭐ 700

🎯 Command Injection Payload List

most recent commit a year ago

Domained ⭐ 697

Multi Tool Subdomain Enumeration

most recent commit a year ago

Sublert ⭐ 687

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

most recent commit a year ago

V3 Periphery ⭐ 684

🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3

total releases 31most recent commit 2 months ago

Hidden parameters discovery suite

total releases 24most recent commit a month ago

Redcloud ⭐ 677

Automated Red Team Infrastructure deployement using Docker

most recent commit 2 years ago

Metabigor ⭐ 670

Intelligence tool but without API key

total releases 13most recent commit a month ago

Assessment Mindset ⭐ 664

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

most recent commit 3 months ago

Reflutter ⭐ 640

Flutter Reverse Engineering Framework

total releases 62most recent commit a month ago

Subover ⭐ 631

A Powerful Subdomain Takeover Tool

most recent commit 2 years ago

Cve 2021 44228 Poc Log4j Bypass Words ⭐ 611

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

most recent commit 6 months ago

Awesome Hacking Lists ⭐ 605

平常看到好的渗透hacking工具和多领域效率工具的集合

most recent commit 3 months ago

Domlink ⭐ 599

A tool to link a domain with registered organisation names and emails, to other domains.

most recent commit a year ago

Puredns ⭐ 594

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

total releases 7most recent commit 7 months ago

1-100 of 964 projects

Categories

Advertising 📦 8

Application Programming Interfaces 📦 107

Applications 📦 174

Artificial Intelligence 📦 69

Blockchain 📦 66

Build Tools 📦 105

Cloud Computing 📦 68

Code Quality 📦 24

Collaboration 📦 27

Command Line Interface 📦 38

Community 📦 79

Companies 📦 60

Compilers 📦 59

Computer Science 📦 73

Configuration Management 📦 37

Content Management 📦 153

Control Flow 📦 187

Data Formats 📦 72

Data Processing 📦 249

Data Storage 📦 116

Economics 📦 56

Frameworks 📦 178

Graphics 📦 92

Hardware 📦 137

Integrated Development Environments 📦 43

Learning Resources 📦 139

Libraries 📦 117

Lists Of Projects 📦 19

Machine Learning 📦 313

Mapping 📦 57

Marketing 📦 15

Mathematics 📦 54

Messaging 📦 96

Networking 📦 292

Operating Systems 📦 71

Operations 📦 114

Package Managers 📦 50

Programming Languages 📦 173

Runtime Environments 📦 90

Science 📦 42

Security 📦 343

Social Media 📦 23

Software Architecture 📦 65

Software Development 📦 60

Software Performance 📦 53

Software Quality 📦 115

Text Editors 📦 40

Text Processing 📦 118

User Interface 📦 291

User Interface Components 📦 440

Version Control 📦 26

Virtualization 📦 63

Web Browsers 📦 35

Web Servers 📦 23

Web User Interface 📦 167

Top Programming Languages

Javascript (1,061,407)

Python (808,767)

Typescript (247,385)

C Plus Plus (239,139)

Shell (171,453)

C Sharp (164,394)

Golang (158,514)

Objective C (57,179)

Kotlin (46,582)

Matlab (31,200)

Language (30,054)

Haskell (20,393)

Clojure (19,147)

Powershell (19,055)

Coffeescript (17,288)

Elixir (16,662)

Assembly (14,704)

Processing (13,306)

Emacs Lisp (10,421)

Solidity (8,018)

Fortran (5,548)

Common Lisp (5,305)

Shell Script (4,657)

Python Library (4,459)

Crystal (4,388)

Scripting (4,209)

Top Projects

Freecodecamp ⭐ 348,506

996.icu ⭐ 262,763

Free Programming Books ⭐ 238,387

Coding Interview University ⭐ 223,024

Awesome ⭐ 207,496

Developer Roadmap ⭐ 199,319

Public Apis ⭐ 198,920

Vue ⭐ 197,460

React ⭐ 190,867

System Design Primer ⭐ 184,236

Tensorflow ⭐ 166,190

Bootstrap ⭐ 158,331

You Dont Know Js ⭐ 153,649

Cs Notes ⭐ 151,618

Ohmyzsh ⭐ 147,176

Build Your Own X ⭐ 146,712

Javascript Algorithms ⭐ 145,045

Flutter ⭐ 142,398

Python ⭐ 139,586

Gitignore ⭐ 134,927

Linux ⭐ 134,198

Vscode ⭐ 133,644

Awesome Python ⭐ 132,486

Javascript ⭐ 124,360

Javaguide ⭐ 124,215

Python 100 Days ⭐ 120,315

Computer Science ⭐ 118,540

Youtube Dl ⭐ 111,247

Fucking Algorithm ⭐ 107,431

The Art Of Command Line ⭐ 106,741

React Native ⭐ 103,623

Electron ⭐ 102,399

30 Seconds Of Code ⭐ 96,728

Create React App ⭐ 95,778

Axios ⭐ 94,331

Free Programming Books Zh_cn ⭐ 93,999

Awesome Selfhosted ⭐ 93,540

Kubernetes ⭐ 89,907

Next.js ⭐ 89,125

Node ⭐ 88,578

Terminal ⭐ 83,874

Deno ⭐ 83,698

Awesome Go ⭐ 83,387

Three.js ⭐ 83,348

Angular ⭐ 82,495

Typescript ⭐ 81,995

Ant Design ⭐ 80,954

Material Ui ⭐ 79,499

Privacy | About | Terms | Follow Us On Twitter

Downloads, Dependent Repos, Dependent Packages, Total Releases, Latest Releases data powered by Libraries.io.

Copyright 2018-2022 Awesome Open Source. All rights reserved.