Collection of scripts and tools used during bug bounty work. This will be the location of my automation scripts created for my own personal use, and occassionally public released
☆140Dec 18, 2025Updated 2 months ago
Alternatives and similar repositories for bugbounty_tools
Users that are interested in bugbounty_tools are comparing it to the libraries listed below
Sorting:
- ☆14Feb 7, 2024Updated 2 years ago
- Bypass Reset Password Code Lead to Account Takeover☆26Sep 16, 2024Updated last year
- ☆52Oct 1, 2025Updated 5 months ago
- A standalone Blind XSS Script.☆47Aug 15, 2025Updated 6 months ago
- A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods…☆122Nov 11, 2024Updated last year
- Tools related to RFC 9116 (security.txt)☆25Feb 11, 2025Updated last year
- Python script implementing the favicon hash trick to find subdomains.☆39Mar 28, 2023Updated 2 years ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆43Feb 24, 2025Updated last year
- ex-param is an automated tool designed for finding reflected parameters for XSS vulnerabilities. It crawls a target website, extracts GET…☆63Feb 22, 2025Updated last year
- Analyze an APK archive.☆28Feb 24, 2024Updated 2 years ago
- ☆42Oct 28, 2021Updated 4 years ago
- PoC for leaking text nodes via CSS injection☆25Jul 27, 2024Updated last year
- TLDFinder is a Python package that identifies valid top-level domains (TLDs) for a list of domains with wildcard characters in the TLD.☆24Jul 2, 2023Updated 2 years ago
- A tool to guess the rest of the shortnames provided by vulnerable IIS instances.☆41Aug 12, 2023Updated 2 years ago
- ☆29Feb 4, 2026Updated last month
- Basic Bash Script to scrape all subdomains from crtsh in a single run☆19May 23, 2022Updated 3 years ago
- ☆39May 4, 2025Updated 10 months ago
- Alternative to XSS Hunter for blind XSS.☆50Dec 8, 2022Updated 3 years ago
- 一个用于修改右键插件菜单层级的Burpsuite插件。A simple BurpSuite extension to change extension context menu level.☆14Jan 15, 2024Updated 2 years ago
- A modified version of TomNomNom's anew, allowing for multiple files to be defined as parameters.☆13Jun 17, 2023Updated 2 years ago
- This python based tool can be used to discover API keys, access tokens, and other sensitive data in JavaScript files. It can scan JavaScr…☆14Oct 18, 2024Updated last year
- All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body☆36Dec 13, 2025Updated 2 months ago
- ☆18Nov 2, 2024Updated last year
- Gampung tools for find nuclei template from github☆12Sep 6, 2023Updated 2 years ago
- A tool to migrate Burpsuite HTTP history to Caido☆35Apr 25, 2025Updated 10 months ago
- A collection of in-depth studies authored by me on JavaScript engine vulnerabilities.☆46Feb 6, 2026Updated last month
- List of Fresh DNS resolvers updates every 1 hour☆19Updated this week
- Enumerate old versions of robots.txt paths using Wayback Machine for content discovery☆58Sep 21, 2023Updated 2 years ago
- Crawlex is a powerful Chrome extension designed to assist bug bounty hunters in their work by enabling easy crawling of all possible URLs…☆12May 28, 2023Updated 2 years ago
- Application for logging HTTP and DNS Requests☆15May 14, 2021Updated 4 years ago
- Scan websites for exposed Supabase JWTs, enumerate accessible tables, and detect sensitive data exposure automatically.☆120Dec 29, 2025Updated 2 months ago
- Command List for Hashcat and default keyspaces.☆17Feb 13, 2020Updated 6 years ago
- ParamScan is a chrome extension for finding reflected parameters in a webpage.☆92Jan 11, 2025Updated last year
- ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be …☆60May 10, 2022Updated 3 years ago
- BetterBugBounty - Here tools are classic, bugs are hunted, and nostalgia is the ultimate weapon!☆29Feb 10, 2024Updated 2 years ago
- An automated bug hunting tool for comprehensive reconnaissance, including subdomain enumeration, port scanning, vulnerability detection, …☆13Jun 24, 2025Updated 8 months ago
- This repo collects nuclei template from 600+ github repos, updates every 6 hours.☆36Feb 17, 2026Updated 2 weeks ago
- CVE-2025-4123 - Grafana Tool☆30Jun 4, 2025Updated 9 months ago
- Nuclei templates to run on urls☆17Sep 14, 2023Updated 2 years ago