The Top 803 Bugbounty Open Source Projects on Github

Awesome Open Source

Awesome Open Source

Combined Topics

Advertising 📦 9

Application Programming Interfaces 📦 120

Applications 📦 181

Artificial Intelligence 📦 72

Blockchain 📦 70

Build Tools 📦 111

Cloud Computing 📦 79

Code Quality 📦 28

Collaboration 📦 30

Command Line Interface 📦 48

Community 📦 81

Companies 📦 60

Compilers 📦 60

Computer Science 📦 74

Configuration Management 📦 39

Content Management 📦 167

Control Flow 📦 197

Data Formats 📦 77

Data Processing 📦 266

Data Storage 📦 132

Economics 📦 60

Frameworks 📦 198

Graphics 📦 103

Hardware 📦 148

Integrated Development Environments 📦 47

Learning Resources 📦 147

Libraries 📦 119

Lists Of Projects 📦 21

Machine Learning 📦 336

Mapping 📦 61

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 97

Networking 📦 304

Operating Systems 📦 84

Operations 📦 120

Package Managers 📦 52

Programming Languages 📦 229

Runtime Environments 📦 96

Science 📦 42

Security 📦 375

Social Media 📦 26

Software Architecture 📦 70

Software Development 📦 68

Software Performance 📦 57

Software Quality 📦 127

Text Editors 📦 45

Text Processing 📦 131

User Interface 📦 310

User Interface Components 📦 465

Version Control 📦 29

Virtualization 📦 68

Web Browsers 📦 38

Web Servers 📦 25

Web User Interface 📦 194

The Top 803 Bugbounty Open Source Projects on Github

Categories > Software Quality > Bugbounty

Awesome Hacking ⭐ 48,024

A collection of various awesome lists for hackers, pentesters and security researchers

Payloadsallthethings ⭐ 33,735

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pentesting Bible ⭐ 8,066

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Dirsearch ⭐ 7,415

Web path scanner

Resources For Beginner Bug Bounty Hunters ⭐ 6,877

A list of resources for those interested in getting started in bug bounties

Subfinder ⭐ 4,641

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

Oneforall ⭐ 4,227

OneForAll是一款功能强大的子域收集工具

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Hetty ⭐ 3,644

Hetty is an HTTP toolkit for security research.

Osmedeus ⭐ 3,580

A Workflow Engine for Offensive Security

Rengine ⭐ 3,523

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Nuclei Templates ⭐ 3,301

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Bugbounty Cheatsheet ⭐ 3,247

A list of interesting payloads, tips and tricks for bug bounty hunters.

Commix ⭐ 3,072

Automated All-in-One OS Command Injection Exploitation Tool.

Howtohunt ⭐ 3,037

Tutorials and Things to Do while Hunting Vulnerability.

Can I Take Over Xyz ⭐ 2,764

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Apkleaks ⭐ 2,730

Scanning APK file for URIs, endpoints & secrets.

Intruderpayloads ⭐ 2,687

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Axiom ⭐ 2,463

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Httpx ⭐ 2,454

httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

Xss Payload List ⭐ 2,361

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Awesome Bugbounty Writeups ⭐ 2,292

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Reconftw ⭐ 2,002

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Defaultcreds Cheat Sheet ⭐ 1,960

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Webhackersweapons ⭐ 1,794

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Nosqlmap ⭐ 1,691

Automated NoSQL database enumeration and web application exploitation tool.

Awesome Mobile Security ⭐ 1,684

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

S3scanner ⭐ 1,557

Scan for open S3 buckets and dump the contents

Allaboutbugbounty ⭐ 1,544

All about bug bounty (bypasses, payloads, and etc)

Dalfox ⭐ 1,515

🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

Pagodo ⭐ 1,429

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

Collection Document ⭐ 1,416

Collection of quality safety articles. Awesome articles.

Pentest Guide ⭐ 1,387

Penetration tests guide based on OWASP including test cases, resources and examples.

Jaeles ⭐ 1,387

The Swiss Army knife for automated Web Application Testing

31 Days Of Api Security Tips ⭐ 1,353

This challenge is Inon Shkedy's 31 days API Security Tips.

Subjack ⭐ 1,336

Subdomain Takeover tool written in Go

Black Hat Rust ⭐ 1,315

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Findsploit ⭐ 1,231

Find exploits in local and online databases instantly

Tiny Xss Payloads ⭐ 1,220

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Gitgraber ⭐ 1,205

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Burpbounty ⭐ 1,201

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Interactsh ⭐ 1,175

An OOB interaction gathering server and client library

Ezxss ⭐ 1,169

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Gospider ⭐ 1,166

Gospider - Fast web spider written in Go

Awesome Oneliner Bugbounty ⭐ 1,162

A collection of awesome one-liner scripts especially for bug bounty tips.

Urlhunter ⭐ 1,157

a recon tool that allows searching on URLs that are exposed via shortener services

Brutex ⭐ 1,138

Automatically brute force all services running on a target.

Malicious Pdf ⭐ 1,122

Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Subdomainizer ⭐ 1,105

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Paramspider ⭐ 1,098

Mining parameters from dark corners of Web Archives

Sn0int ⭐ 1,072

Semi-automatic OSINT framework and package manager

Awsbucketdump ⭐ 1,037

Security Tool to Look For Interesting Files in S3 Buckets

Sudomy ⭐ 1,012

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Learn365 ⭐ 1,006

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

Blackwidow ⭐ 986

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Dictionary Of Pentesting ⭐ 970

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Holytips ⭐ 928

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Interlace ⭐ 894

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Sql Injection Payload List ⭐ 873

🎯 SQL Injection Payload List

Android Reports And Resources ⭐ 862

A big list of Android Hackerone disclosed reports and other resources.

Privesc ⭐ 807

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Vhostscan ⭐ 800

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Open-source vulnerability disclosure and bug bounty program database.

Bypass Firewalls By Dns History ⭐ 789

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Favfreak ⭐ 723

Making Favicon.ico based Recon Great again !

Hackerone Reports ⭐ 722

Top disclosed reports from HackerOne

Stacoan ⭐ 719

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Command Injection Payload List ⭐ 700

🎯 Command Injection Payload List

Swiftnessx ⭐ 699

A cross-platform note-taking & target-tracking app for penetration testers.

Domained ⭐ 697

Multi Tool Subdomain Enumeration

Top25 Parameter ⭐ 690

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Sublert ⭐ 687

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Redcloud ⭐ 677

Automated Red Team Infrastructure deployement using Docker

Git Hound ⭐ 669

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

Subover ⭐ 631

A Powerful Subdomain Takeover Tool

Gotestwaf ⭐ 616

An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

Cve 2021 44228 Poc Log4j Bypass Words ⭐ 611

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Reflutter ⭐ 602

Flutter Reverse Engineering Framework

V3 Periphery ⭐ 598

🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3

Puredns ⭐ 594

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Bruteforce Lists ⭐ 583

Some files for bruteforcing certain things.

Security Tools ⭐ 580

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

Powerfull XSS Scanning and Parameter analysis tool&gem

Hosthunter ⭐ 560

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Metabigor ⭐ 552

Intelligence tool but without API key

Awesome Hacking Lists ⭐ 549

平常看到好的渗透hacking工具和多领域效率工具的集合

Assessment Mindset ⭐ 517

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Hidden parameters discovery suite

Go Dork ⭐ 490

The fastest dork scanner written in Go.

Leaky Paths ⭐ 489

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Generates combination of domain names from the provided input.

Public Bugbounty Programs ⭐ 484

Community curated list of public bug bounty and responsible disclosure programs.

Dumpall ⭐ 483

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Bigbountyrecon ⭐ 471

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Scant3r ⭐ 465

ScanT3r - Module based Bug Bounty Automation Tool

Sonarsearch ⭐ 447

A rapid API for the Project Sonar dataset

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Jsfscan.sh ⭐ 439

Automation for javascript recon in bug bounty.

1-100 of 803 projects

Related Projects

Python Bugbounty Projects (254)

Hacking Bugbounty Projects (208)

Security Bugbounty Projects (176)

Pentesting Bugbounty Projects (152)

Go Bugbounty Projects (125)

Bugbounty Recon Projects (121)

Bugbounty Infosec Projects (119)

Shell Bugbounty Projects (102)

Bugbounty Reconnaissance Projects (101)

Penetration Testing Bugbounty Projects (97)

Security Tools Bugbounty Projects (92)

Hacking Tool Bugbounty Projects (66)

Python Hacking Bugbounty Projects (64)

Bugbounty Pentest Projects (59)

Bugbounty Osint Projects (57)

Bugbounty Subdomain Projects (55)

Hacking Pentesting Bugbounty Projects (55)

Vulnerability Bugbounty Projects (53)

Security Bugbounty Infosec Projects (50)

Security Hacking Bugbounty Projects (48)

Security Pentesting Bugbounty Projects (48)

Bugbounty Bugbountytips Projects (48)

Bugbounty Reconnaissance Recon Projects (48)

Python Bugbounty Recon Projects (47)

Python Pentesting Bugbounty Projects (47)

Cybersecurity Bugbounty Projects (47)

Bugbounty Pentest Tool Projects (46)

Scanner Bugbounty Projects (46)

Bugbounty Xss Projects (44)

Python3 Bugbounty Projects (44)

Advertising 📦 9

Application Programming Interfaces 📦 120

Applications 📦 181

Artificial Intelligence 📦 72

Blockchain 📦 70

Build Tools 📦 111

Cloud Computing 📦 79

Code Quality 📦 28

Collaboration 📦 30

Command Line Interface 📦 48

Community 📦 81

Companies 📦 60

Compilers 📦 60

Computer Science 📦 74

Configuration Management 📦 39

Content Management 📦 167

Control Flow 📦 197

Data Formats 📦 77

Data Processing 📦 266

Data Storage 📦 132

Economics 📦 60

Frameworks 📦 198

Graphics 📦 103

Hardware 📦 148

Integrated Development Environments 📦 47

Learning Resources 📦 147

Libraries 📦 119

Lists Of Projects 📦 21

Machine Learning 📦 336

Mapping 📦 61

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 97

Networking 📦 304

Operating Systems 📦 84

Operations 📦 120

Package Managers 📦 52

Programming Languages 📦 229

Runtime Environments 📦 96

Science 📦 42

Security 📦 375

Social Media 📦 26

Software Architecture 📦 70

Software Development 📦 68

Software Performance 📦 57

Software Quality 📦 127

Text Editors 📦 45

Text Processing 📦 131

User Interface 📦 310

User Interface Components 📦 465

Version Control 📦 29

Virtualization 📦 68

Web Browsers 📦 38

Web Servers 📦 25

Web User Interface 📦 194

"GitHub" is a registered trademark of GitHub, Inc. Awesome Open Source is not affiliated with GitHub.

All non readme contents or Github based topics or project metadata copyright Awesome Open Source 2018-2022