hakluke / bug-bounty-standards
A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.
☆227Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for bug-bounty-standards
- Burp extension to create target specific and tailored wordlist from burp history.☆232Updated 2 years ago
- De-clutter a list of URLs☆307Updated 7 months ago
- ☆158Updated 2 weeks ago
- ☆149Updated last year
- Repository to house markdown templates for researchers☆192Updated 3 weeks ago
- Unofficial documentation for the great tool Param Miner☆173Updated 2 years ago
- List of reporting templates I have used since I started doing BBH.☆235Updated 2 months ago
- EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎☆134Updated 2 weeks ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆295Updated this week
- ☆143Updated last month
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.☆400Updated last month
- ☆146Updated last year
- ☆147Updated 4 months ago
- Useful "Match and Replace" burpsuite rules☆338Updated last year
- MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.☆132Updated last month
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.☆225Updated 10 months ago
- IIS shortname scanner written in Go☆312Updated last year
- ☆118Updated 2 years ago
- Web Application Security Testing Tools☆234Updated 8 months ago
- All About Dependency Confusion Attack, (Detecting, Finding, Mitigating)☆273Updated 8 months ago
- CT Log Scanner☆289Updated last month
- ☆100Updated last year
- Recon MindMap (RMM)☆140Updated 5 months ago
- Secret and/or credential patterns used for gf.☆235Updated last year
- Real world bug bounty wordlists☆110Updated last year
- Automated tool for domains & subdomains gathering☆178Updated last year
- Build your own reconnaissance system with Osmedeus Next Generation☆180Updated last month
- Top disclosed reports from HackerOne☆148Updated 3 years ago
- Burp Suite extension that offers a toolkit for testing GraphQL endpoints.☆185Updated 3 months ago