Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks
☆207Aug 7, 2024Updated last year
Alternatives and similar repositories for research
Users that are interested in research are comparing it to the libraries listed below
Sorting:
- My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.☆912Sep 25, 2025Updated 5 months ago
- ☆34Oct 1, 2019Updated 6 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆563Aug 25, 2022Updated 3 years ago
- Various tools for managing bug bounty recon and exploration.☆48Dec 8, 2022Updated 3 years ago
- Another plugin for CRLF vulnerability detection☆25Jan 25, 2017Updated 9 years ago
- a .js scanner, built in php. designed to scrape urls and other info☆228Aug 22, 2017Updated 8 years ago
- Tools of "The Bug Hunters Methodology V2 by @jhaddix"☆201Aug 11, 2017Updated 8 years ago
- An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker …☆260Aug 22, 2021Updated 4 years ago
- this repository is a base so everyone can modify it according to there thoughts and process used☆10Jun 9, 2021Updated 4 years ago
- A collection of all the lists, scripts and techniques I use while doing web application penetration tests.☆168Feb 29, 2016Updated 10 years ago
- port+dir+param bruteforcing at the same time using ffuf☆17Jul 27, 2024Updated last year
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆628Feb 5, 2019Updated 7 years ago
- An entry level resource to learning bug bounty.☆28Apr 11, 2018Updated 7 years ago
- A lightweight CSRF Toolkit for easy Proof of concept☆172Jun 11, 2014Updated 11 years ago
- 根据关键字扫描github代码泄露☆11Oct 31, 2018Updated 7 years ago
- Recon_profile☆38May 18, 2020Updated 5 years ago
- Stealing CSRF tokens with CSS injection (without iFrames)☆323Feb 7, 2018Updated 8 years ago
- AutoTriageBot automatically verifies, deduplicates, and suggests payouts for incoming HackerOne reports.☆57Feb 12, 2022Updated 4 years ago
- BountyDash is a tool to combine your rewards from all platforms, giving you insights about your progress and bug hunting patterns.☆163Apr 24, 2025Updated 10 months ago
- Multi Tool Subdomain Enumeration☆723Apr 11, 2021Updated 4 years ago
- Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature☆25Apr 19, 2017Updated 8 years ago
- Fast subdomains enumeration tool for penetration testers☆117Feb 3, 2019Updated 7 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,483Oct 12, 2024Updated last year
- Some simple scripts that I use during bug bounty hunting in Android Apps☆28Jan 30, 2025Updated last year
- Highlight Burp proxy requests made by different browsers☆29Sep 21, 2017Updated 8 years ago
- Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)☆459May 10, 2019Updated 6 years ago
- A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title☆12Oct 16, 2019Updated 6 years ago
- A collection of response templates for invalid bug bounty reports.☆90Feb 26, 2018Updated 8 years ago
- Setup script for Regon-ng☆938Nov 17, 2020Updated 5 years ago
- ☆250Jun 6, 2018Updated 7 years ago
- ☆332Jan 8, 2018Updated 8 years ago
- Hunting Bugs for Fun and Profit☆276Jul 29, 2020Updated 5 years ago
- Allows you to trace where inputs are reflected back to the user.☆37Oct 12, 2017Updated 8 years ago
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 7 years ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆305Oct 14, 2018Updated 7 years ago
- Some tools to automate recon - 003random☆294Jun 5, 2018Updated 7 years ago
- A script to enumerate virtual hosts on a server.☆690Dec 28, 2017Updated 8 years ago
- ☆834Nov 13, 2023Updated 2 years ago
- Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature☆4,076Jul 31, 2024Updated last year