Bringing infosec community, group and leaders together that solve community challenges, problems, create cultural and provide value to Infosec community.
☆193Dec 5, 2022Updated 3 years ago
Alternatives and similar repositories for Pentesting-Bugbounty
Users that are interested in Pentesting-Bugbounty are comparing it to the libraries listed below
Sorting:
- A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it us…☆62Oct 25, 2020Updated 5 years ago
- 0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover☆57Dec 15, 2020Updated 5 years ago
- A collection of notes, checklists, writeups on bug bounty hunting and web application security.☆152Jun 30, 2022Updated 3 years ago
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆427Feb 23, 2026Updated last week
- Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.☆134Jul 11, 2021Updated 4 years ago
- Tool for analyzing SAP Secure Network Communications (SNC).☆59Apr 16, 2024Updated last year
- 1337 Wordlists for Bug Bounty Hunting☆932Updated this week
- A blind XSS detection and XSS data capture framework☆175Dec 6, 2025Updated 3 months ago
- A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing☆142Jun 27, 2023Updated 2 years ago
- This is the ringzer0 writeup of web exploitation catagery. The name is "Word mean something"☆14Dec 8, 2023Updated 2 years ago
- Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)☆289Sep 26, 2023Updated 2 years ago
- A repository that includes all the important wordlists used while bug hunting.☆1,379Mar 11, 2023Updated 2 years ago
- Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework☆169Feb 4, 2023Updated 3 years ago
- WebSocket Connection Smuggler☆47Sep 30, 2022Updated 3 years ago
- ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, …☆35Dec 13, 2023Updated 2 years ago
- Tips and Tutorials for Bug Bounty and also Penetration Tests.☆1,707Oct 7, 2025Updated 4 months ago
- Smart context-based SSRF vulnerability scanner.☆360May 5, 2022Updated 3 years ago
- ☆17Sep 15, 2023Updated 2 years ago
- Extract endpoints marked as disallow in robots files to generate wordlists.☆58Mar 2, 2022Updated 4 years ago
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆374Jul 25, 2023Updated 2 years ago
- ☆628Dec 19, 2025Updated 2 months ago
- Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests w…☆631Feb 22, 2026Updated last week
- A tool for append URLs, skipping duplicates/paths & combine parameters.☆128Mar 2, 2022Updated 4 years ago
- ☆1,116Jul 26, 2023Updated 2 years ago
- Burp extension used to snip any header from all the requests.☆23Nov 12, 2023Updated 2 years ago
- A list of Mind-Map for those interested in getting started in bug bounties.☆17Jul 9, 2021Updated 4 years ago
- ☆42Oct 28, 2021Updated 4 years ago
- automatically crawl every URL and find cross site scripting (XSS)☆41Mar 22, 2022Updated 3 years ago
- Nuclei Templates - Here you will find the templates I use while hunting☆120Sep 27, 2021Updated 4 years ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆89May 2, 2024Updated last year
- Real-world infosec wordlists, updated regularly☆1,642Updated this week
- LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and e…☆377Dec 5, 2023Updated 2 years ago
- Various scripts & tools☆12Apr 22, 2024Updated last year
- ☆11Aug 31, 2023Updated 2 years ago
- Only for educational purposes☆12Jun 17, 2023Updated 2 years ago
- Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search …☆541Feb 7, 2024Updated 2 years ago
- A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.☆1,977Sep 5, 2021Updated 4 years ago
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆296Sep 22, 2024Updated last year
- This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contai…☆534Dec 4, 2024Updated last year