Little Bug Bounty & Hacking Tools⚔️
☆370Nov 10, 2024Updated last year
Alternatives and similar repositories for lit-bb-hack-tools
Users that are interested in lit-bb-hack-tools are comparing it to the libraries listed below
Sorting:
- Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration☆1,197Jan 9, 2026Updated last month
- My useful files for penetration tests, security assessments, bug bounty and other security related stuff☆198Updated this week
- Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.☆232Feb 2, 2026Updated last month
- Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more☆3,307Feb 16, 2026Updated 2 weeks ago
- Remove duplicate URLs by retaining only the unique combinations of hostname, path, and parameter names☆39May 5, 2024Updated last year
- Top level domain scanner in Go☆30Sep 24, 2023Updated 2 years ago
- Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more☆57Nov 10, 2024Updated last year
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆427Feb 23, 2026Updated last week
- 🔭 Collection of regexp pattern for security passive scanning☆116Feb 18, 2023Updated 3 years ago
- URL / IP / Email defanging with Javascript. Make IoC harmless.☆30Nov 10, 2024Updated last year
- Discover new target domains using Content Security Policy☆505Feb 7, 2026Updated 3 weeks ago
- ☆299Jul 16, 2022Updated 3 years ago
- TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.☆253Nov 10, 2024Updated last year
- A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀☆659Aug 28, 2025Updated 6 months ago
- Nuclei Templates - Here you will find the templates I use while hunting☆120Sep 27, 2021Updated 4 years ago
- KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Po…☆59Sep 6, 2021Updated 4 years ago
- Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.☆134Jul 11, 2021Updated 4 years ago
- ⚡️ Multiple target ZAP Scanning☆105Updated this week
- A tool to perform permutations, mutations and alteration of subdomains in golang.☆156Nov 24, 2023Updated 2 years ago
- 🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline☆56Nov 24, 2024Updated last year
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆297Sep 22, 2024Updated last year
- Find endpoints on GitHub.☆214Mar 28, 2023Updated 2 years ago
- An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and…☆802Jul 4, 2023Updated 2 years ago
- Automating XSS using Bash☆362Jan 27, 2026Updated last month
- CloudFlare Checker written in Go☆237May 12, 2024Updated last year
- jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).☆280Jan 15, 2025Updated last year
- Golang module exporting general purpose functions I get tired of rewriting every time☆23Nov 10, 2024Updated last year
- Gotator is a tool to generate DNS wordlists through permutations.☆506Jul 17, 2022Updated 3 years ago
- A tool to check a bunch of URLs that contain reflecting params.☆598Aug 4, 2024Updated last year
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…☆1,039Aug 23, 2025Updated 6 months ago
- Finding XSS during recon☆273Sep 13, 2022Updated 3 years ago
- A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.☆109Mar 1, 2022Updated 4 years ago
- GH-Takeover — GitHub Pages Sub-domain Takeover Automation!☆28Apr 17, 2021Updated 4 years ago
- IIS shortname scanner + bruteforce☆55Feb 18, 2024Updated 2 years ago
- A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.☆518Jun 22, 2022Updated 3 years ago
- Automation for javascript recon in bug bounty.☆1,069Sep 9, 2023Updated 2 years ago
- Secret and/or credential patterns used for gf.☆243Feb 10, 2023Updated 3 years ago
- Signatures for jaeles scanner by @j3ssie☆117Apr 20, 2024Updated last year
- ☆38Aug 27, 2022Updated 3 years ago