The Top 194 Bugbounty Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 194 Bugbounty Open Source Projects

Categories > Software Quality > Bugbounty

Payloadsallthethings ⭐ 28,061

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pentesting Bible ⭐ 8,446

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Oneforall ⭐ 3,730

OneForAll是一款功能强大的子域收集工具

Hetty ⭐ 3,454

Hetty is an HTTP toolkit for security research.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Bugbounty Cheatsheet ⭐ 3,413

A list of interesting payloads, tips and tricks for bug bounty hunters.

Osmedeus ⭐ 3,176

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Commix ⭐ 2,790

Automated All-in-One OS Command Injection Exploitation Tool.

Howtohunt ⭐ 2,677

Tutorials and Things to Do while Hunting Vulnerability.

Intruderpayloads ⭐ 2,638

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Can I Take Over Xyz ⭐ 2,568

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Apkleaks ⭐ 2,451

Scanning APK file for URIs, endpoints & secrets.

Xss Payload List ⭐ 2,158

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Awesome Bugbounty Writeups ⭐ 2,142

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Nuclei Templates ⭐ 1,913

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Nosqlmap ⭐ 1,781

Automated NoSQL database enumeration and web application exploitation tool.

Httpx ⭐ 1,755

httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Awesome Mobile Security ⭐ 1,742

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Defaultcreds Cheat Sheet ⭐ 1,693

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Pentest Guide ⭐ 1,508

Penetration tests guide based on OWASP including test cases, resources and examples.

Webhackersweapons ⭐ 1,477

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

S3scanner ⭐ 1,468

Scan for open S3 buckets and dump the contents

Reconftw ⭐ 1,424

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

31 Days Of Api Security Tips ⭐ 1,333

This challenge is Inon Shkedy's 31 days API Security Tips.

Subjack ⭐ 1,282

Subdomain Takeover tool written in Go

Gitgraber ⭐ 1,256

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Jaeles ⭐ 1,223

The Swiss Army knife for automated Web Application Testing

Findsploit ⭐ 1,210

Find exploits in local and online databases instantly

Allaboutbugbounty ⭐ 1,168

All about bug bounty (bypasses, payloads, and etc)

Ezxss ⭐ 1,109

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Burpbounty ⭐ 1,109

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Brutex ⭐ 1,088

Automatically brute force all services running on a target.

Tiny Xss Payloads ⭐ 1,076

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Awsbucketdump ⭐ 1,068

Security Tool to Look For Interesting Files in S3 Buckets

Dalfox ⭐ 1,062

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Subdomainizer ⭐ 1,025

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Sudomy ⭐ 1,013

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Urlhunter ⭐ 978

a recon tool that allows searching on URLs that are exposed via shortener services

Blackwidow ⭐ 955

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Awesome Oneliner Bugbounty ⭐ 955

A collection of awesome one-liner scripts especially for bug bounty tips.

Sql Injection Payload List ⭐ 954

🎯 SQL Injection Payload List

Paramspider ⭐ 935

Mining parameters from dark corners of Web Archives

Gospider ⭐ 931

Gospider - Fast web spider written in Go

Holytips ⭐ 852

Tips and Tutorials on Bug Bounty Hunting and Web Application Security.

Learn365 ⭐ 832

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

Vhostscan ⭐ 831

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Interlace ⭐ 828

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Bypass Firewalls By Dns History ⭐ 808

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Privesc ⭐ 801

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Command Injection Payload List ⭐ 760

🎯 Command Injection Payload List

Android Reports And Resources ⭐ 757

A big list of Android Hackerone disclosed reports and other resources.

Stacoan ⭐ 730

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Dictionary Of Pentesting ⭐ 718

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Domained ⭐ 694

Multi Tool Subdomain Enumeration

Redcloud ⭐ 679

Automated Red Team Infrastructure deployement using Docker

Subover ⭐ 657

A Powerful Subdomain Takeover Tool

Powerfull XSS Scanning and Parameter analysis tool&gem

Favfreak ⭐ 654

Making Favicon.ico based Recon Great again !

Security_whitepapers ⭐ 644

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Bigbountyrecon ⭐ 630

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Assessment Mindset ⭐ 628

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Top25 Parameter ⭐ 611

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Hackerone Reports ⭐ 561

Top disclosed reports from HackerOne

Hosthunter ⭐ 526

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Security Tools ⭐ 520

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Metabigor ⭐ 494

Intelligence tool but without API key

Puredns ⭐ 483

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Bruteforce Lists ⭐ 474

Some files for bruteforcing certain things.

Generates combination of domain names from the provided input.

Findom Xss ⭐ 413

A fast DOM based XSS vulnerability scanner with simplicity.

Awesome Hacking Lists ⭐ 407

平常看到好的渗透hacking工具和多领域效率工具的集合

Go Dork ⭐ 401

The fastest dork scanner written in Go.

Xxe Injection Payload List ⭐ 398

🎯 XML External Entity (XXE) Injection Payload List

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

H2csmuggler ⭐ 376

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Sonarsearch ⭐ 372

A MongoDB importer and API for Project Sonars DNS datasets

Offensive Docker ⭐ 371

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Public Bugbounty Programs ⭐ 364

Community curated list of public bug bounty and responsible disclosure programs.

Osint_tips ⭐ 363

Watchdog ⭐ 352

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Jsfscan.sh ⭐ 352

Automation for javascript recon in bug bounty.

Subdomain takeover vulnerability checker

Bugbountyguide ⭐ 349

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

Hidden parameters discovery suite

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Cloudbrute ⭐ 332

Awesome cloud enumerator

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Jsshell ⭐ 317

JSshell - JavaScript reverse/remote shell

Lazyrecon ⭐ 312

An automated approach to performing recon for bug bounty hunting and penetration testing.

Bugbountyscanner ⭐ 307

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Cloudscraper ⭐ 306

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Sitedorks ⭐ 302

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or a custom collection. *** Help wanted with more lists ***

Recon Pipeline ⭐ 299

An automated target reconnaissance pipeline.

Onelistforall ⭐ 299

Rockyou for web fuzzing

Recon My Way ⭐ 290

This repository created for personal use and added tools from my latest blog post.

Megplus ⭐ 275

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Awesome Bbht ⭐ 275

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Payloads ⭐ 275

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Hawkscan ⭐ 272

Security Tool for Reconnaissance and Information Gathering on a website. (python 3.x)

1-100 of 194 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210