List of domains in scope for bug bounties (HackerOne, Bugcrowd, etc.)
☆74May 23, 2021Updated 4 years ago
Alternatives and similar repositories for bounty-domains
Users that are interested in bounty-domains are comparing it to the libraries listed below
Sorting:
- ☆11Dec 25, 2020Updated 5 years ago
- It contain google dork to find the wsdl file.☆13May 27, 2020Updated 5 years ago
- Objectify-s3 is a tool that recursively checks AWS S3 buckets and objects for misconfigured permissions.☆14Mar 1, 2026Updated last week
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆13Oct 26, 2017Updated 8 years ago
- HackerOne "in scope" domains☆506Updated this week
- Open Redirect scanner - (out of date)☆28Nov 27, 2022Updated 3 years ago
- Web interface for recon-ng☆14Nov 22, 2015Updated 10 years ago
- ☆29Dec 13, 2023Updated 2 years ago
- ☆14Oct 1, 2021Updated 4 years ago
- The tools I have programmed to help me with bugbounty's☆117Oct 10, 2019Updated 6 years ago
- A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it us…☆62Oct 25, 2020Updated 5 years ago
- A tool to test working urls.☆43Nov 17, 2020Updated 5 years ago
- Web Security Checklist (Bug Bounty & Pentesting)☆171Jun 15, 2025Updated 8 months ago
- Training and certifications related to secure software development☆11Feb 9, 2026Updated last month
- Publishing advisories for CVEs found by POST Cyberforce☆13Jan 7, 2025Updated last year
- A collection of hacks and one-off scripts☆10Jan 18, 2021Updated 5 years ago
- Describe how to use ffuf different options with examples☆13Jun 13, 2022Updated 3 years ago
- Yet another subdomain finder☆209Jan 20, 2020Updated 6 years ago
- CRLF and open redirect fuzzer☆112Aug 31, 2021Updated 4 years ago
- Match and Replace script used to automatically generate JSON option file to BurpSuite☆215May 13, 2019Updated 6 years ago
- Security tool to find potential vulnerable Server Side Request Forgery (SSRF) parameters.☆355Feb 13, 2026Updated 3 weeks ago
- Bug Bounty tool to automate the recon process.☆12Oct 4, 2023Updated 2 years ago
- Removes duplicate entries from a file, resulting in only unique parameter combinations. Useful for parsing waybackurls and making recon m…☆11May 31, 2020Updated 5 years ago
- ☆15Aug 27, 2020Updated 5 years ago
- Take a list of URIs and print all the of the paths☆10Aug 16, 2020Updated 5 years ago
- web cache poison - Top 1 web hacking technique of 2019☆25Feb 24, 2020Updated 6 years ago
- 31 Tips for pentesters & security engineers☆86Aug 20, 2021Updated 4 years ago
- Burp extension to generate multi-step CSRF POC.☆31Sep 23, 2019Updated 6 years ago
- An entry level resource to learning bug bounty.☆28Apr 11, 2018Updated 7 years ago
- Secret and/or credential patterns used for gf.☆243Feb 10, 2023Updated 3 years ago
- This are some Dorks and Platform to find the Bug Bounty Programs.☆81Apr 11, 2025Updated 10 months ago
- Burp Extension written in Jython to hunt for common vulnerabilities found in websites. Developed by Gaurav Narwani to help people find vu…☆251Apr 27, 2020Updated 5 years ago
- A curated list of amazingly bug bounty tips from security researchers around the world.☆104Mar 14, 2019Updated 6 years ago
- Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.☆112Feb 14, 2022Updated 4 years ago
- Android application penetration testing for the masses.☆13Apr 12, 2019Updated 6 years ago
- Script for Bug Bounty☆29Sep 17, 2021Updated 4 years ago
- Tool for checking reflecting Parameters in a URL.☆10Aug 31, 2020Updated 5 years ago
- Fast Subdomain Enumeration Tool made with Bash only 💯☆15Nov 3, 2021Updated 4 years ago
- nodecraw allows you to perform web crawling on specified URLs. It utilizes various modules and libraries to crawl web pages, extract info…☆13Aug 25, 2024Updated last year