Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for bugbounty tool
bugbounty-tool
x
125 search results found
Dalfox
⭐
3,047
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Malicious Pdf
⭐
2,029
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Inql
⭐
1,487
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
Galaxy Bugbounty Checklist
⭐
1,133
Tips and Tutorials for Bug Bounty and also Penetration Tests.
Awesome Hacking Lists
⭐
763
平常看到好的渗透hacking工具和多领域效率工具的集合
Jsfscan.sh
⭐
754
Automation for javascript recon in bug bounty.
Payloads
⭐
738
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
Garud
⭐
694
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Go Dork
⭐
677
The fastest dork scanner written in Go.
Bigbountyrecon
⭐
471
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Ppfuzz
⭐
460
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
Ppmap
⭐
325
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
Gxss
⭐
295
A tool to check a bunch of URLs that contain reflecting params.
Xrcross
⭐
260
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Sub404
⭐
257
A python tool to check subdomain takeover vulnerability
Missing Cve Nuclei Templates
⭐
249
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
Csprecon
⭐
248
Discover new target domains using Content Security Policy
Cut Cdn
⭐
243
✂️ Removing CDN IPs from the list of IP addresses
Magicrecon
⭐
240
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Investigator
⭐
218
An online handy-recon tool
Probable_subdomains
⭐
212
Subdomains analysis and generation tool. Reveal the hidden!
Bugbounty_cheatsheet
⭐
211
BugBounty_CheatSheet
Cf Check
⭐
202
CloudFlare Checker written in Go
Gofingerprint
⭐
174
GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Reconky Automated_bash_script
⭐
170
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Infosechouse
⭐
162
Tools & Resources for Cyber Security Operations
Grecon
⭐
154
Your Google Recon is Now Automated
Corsme
⭐
141
Cross Origin Resource Sharing MisConfiguration Scanner
Taie Bugbounty Killer
⭐
128
挖掘国内外漏洞平台必备的自动化捡钱赏金技巧,看了并去做了捡钱如喝水。
Web Hacking Toolkit
⭐
127
A web hacking toolkit (docker image).
Bbr
⭐
124
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Webstor
⭐
119
A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.
Insiders
⭐
111
Archive of Potential Insider Threats
Terminatorz
⭐
95
TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.
Programs Watcher
⭐
94
A Python script designed to monitor bug bounty programs for any changes and promptly notify users.
Passdetective
⭐
85
PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.
Gee
⭐
77
🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
Nipejs
⭐
74
Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
Vps Bug Bounty Tools
⭐
73
Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Bugradar
⭐
72
Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.
Wadl Dumper
⭐
67
Dump all available paths and/or endpoints on WADL file.
Vita
⭐
67
A tool to find subdomains or domains from passive sources.
Discord Recon
⭐
64
Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server
S1c0n
⭐
58
simple recon tool to help you for searching vulnerability on web server
Ssti Xss Finder
⭐
53
XSS Finder Via SSTI
Writeup Miner
⭐
50
This is a useful Python script for extracting bug bounty or any other write-ups from Medium.com and other websites (soon).
Bugbountyblueprint
⭐
49
A tool offering templates for streamlined bug bounty reporting
Gerobug
⭐
48
The First Open Source Bug Bounty Platform
Advancedkeyhacks
⭐
47
API Key/Token Exploitation Made easy.
Cve 2022 42889 Text4shell
⭐
45
Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.
Bug Hunting Setup
⭐
45
Bash script that streamlines the process of setting up your Debian Linux machine for bug hunting.
Email Vulnerablity Checker
⭐
42
Find Email Spoofing Vulnerablity of domains
R3c0nizer
⭐
42
R3C0Nizer is the first ever CLI based menu-driven web application B-Tier recon framework.
Burp Encode Ip
⭐
39
Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.
3klector
⭐
38
3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company
Gau Expose
⭐
38
It grep subdomains, build custom wordlist, email/username etc from gau results
Pentesting Resources
⭐
37
Resources, repos and scripts for pentesters and bug bounty.
Hackliner
⭐
37
Hackliner: Cybersec/Bughunting Oneliners
Buggpt Tools
⭐
34
AI Generated Tools/one-off-scripts primarily for Bug Bounties
Passivehunter
⭐
33
Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'
Wsee
⭐
33
A CDN Domain Fronting Tool or Websocket Discovery written in Python
Grapx
⭐
33
grapX will iterate through the URLs and grep the endpoints with all possible extensions.
Attacksurfacemanagement
⭐
33
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Hostpanic
⭐
31
Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning
Task Ninja
⭐
31
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
Wordlist_generator
⭐
30
Unique wordlist generator of unique wordlists.
Cloudfish
⭐
29
Subdomain enumeration using Cloudflare's scanning tool.
Crlfi
⭐
29
CRLF Bug scanner for WebPentesters and Bugbounty Hunters
Hydrarecon
⭐
28
All In One, Fast, Easy Recon Tool
Dprogbb
⭐
27
Detect Program Bug Bounty
Sd Goo
⭐
26
Enumerate Subdomains Through Google Dorks
Deaddns
⭐
25
DNS hijacking via dead records automation tool
Burptoggle
⭐
25
Burp Suite Proxy Toggler Lite Add-on for Mozilla Firefox. https://addons.mozilla.org/en-US/firefox/addon/bur
Gh0str3c0n
⭐
23
All in one web Recon app
Supertruder
⭐
22
A python3 intruder that gave me bounties, easy to use and as fast as fuff
Active Ip
⭐
21
🕵️♂️🔍 A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.
Recon.cloud
⭐
21
recon.cloud is website that scans AWS, Azure and GCP public cloud footprint this GO tool only utilize its API for getting result to terminal.
Dorker
⭐
18
Better Google Dorking with Dorker.
Bountyreconv2
⭐
17
Framework to automate Bug Bounty Reconnaissance
Ppfang
⭐
17
A tool which helps identifying client-side prototype polluting libraries
Rdse
⭐
17
Extracts subdomains from a specified domain using https://recon.dev.
Changetower
⭐
17
ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go
Cve 2022 44268
⭐
17
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
Waybackshot
⭐
17
(CLI wrapper with upcoming features) Takes a list of URLs and retrieve screenshots of older versions stored on the Wayback Machine.
Bulkssrf
⭐
16
Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.
Nucleimonst3r
⭐
15
Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.
S1mr3c
⭐
15
Simple recon tool automates your recon process
Proxylist
⭐
14
List of continuously updated proxy servers
Archer
⭐
13
A tool to check for response status codes with ease
Massurl
⭐
13
A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau
Frida
⭐
12
Frida scripts for Android application dynamic-analysis.
Findbbp
⭐
12
Bug Bounty Program Discovery tool, that discovers bug Bounty Program via security.txt file by default and you can use custom dork
Hashexploit
⭐
12
HashExpoit is Great Tool For Cracking Hash
Kyuubi
⭐
12
Kyuubi is a Telegram bot written in Golang. a multipurpose telegram bot to use in recon process. Don't you have access to terminal to do recon while hacking, you can use this bot to do recon with Telegram.
Nodep
⭐
12
A tool for check available dependency packages across npmjs, PyPI or RubyGems registry.
Oneliner404
⭐
12
Some oneliners with descriptions and Regex that I frequently use while doing bug hunting. More to come 🚀🚀
Pointer
⭐
11
Pointer is a Fast Simple Lightweight Tool for Endpoint Discovery.
Hun2race
⭐
11
Hun2race is an automated report generation tool designed for bug hunters and penetration testers.
Jsmap
⭐
10
Fetch Javascript sourcemaps, bounty hunter style
Gampung
⭐
9
Gampung tools for find nuclei template from github
1-100 of 125 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.