leetCipher / bug-bounty-labsView external linksLinks
All the labs in this repository simulate real world bugs I found in the wild
☆197Jul 25, 2024Updated last year
Alternatives and similar repositories for bug-bounty-labs
Users that are interested in bug-bounty-labs are comparing it to the libraries listed below
Sorting:
- A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.☆109Mar 1, 2022Updated 3 years ago
- ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, …☆35Dec 13, 2023Updated 2 years ago
- Repo for hosting rayder workflows☆64Aug 31, 2023Updated 2 years ago
- Custom nuclei templates for bug hunting.....☆27May 30, 2024Updated last year
- Never forget where you inject.☆298Aug 15, 2025Updated 5 months ago
- A path-normalization pentesting tool.☆150Jan 22, 2026Updated 3 weeks ago
- Custom Trickest Workflows☆12Oct 26, 2023Updated 2 years ago
- CRLF Bug scanner for WebPentesters and Bugbounty Hunters☆44Jun 9, 2023Updated 2 years ago
- It grep subdomains, email/username, build custom wordlist etc from gau results☆50Nov 4, 2022Updated 3 years ago
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆382May 19, 2023Updated 2 years ago
- Some simple scripts that I use during bug bounty hunting in Android Apps☆28Jan 30, 2025Updated last year
- Script to read input from stdin and encode it☆19Aug 23, 2023Updated 2 years ago
- Grep subdomains from web pages.☆42Feb 10, 2025Updated last year
- ☆128Jul 15, 2021Updated 4 years ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,496Jan 8, 2026Updated last month
- Fetch Javascript sourcemaps, bounty hunter style☆42May 21, 2023Updated 2 years ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,515Jan 15, 2026Updated 3 weeks ago
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.☆560Mar 8, 2025Updated 11 months ago
- An automated bug hunting tool for comprehensive reconnaissance, including subdomain enumeration, port scanning, vulnerability detection, …☆13Jun 24, 2025Updated 7 months ago
- Responser☆55Apr 18, 2022Updated 3 years ago
- Script that download 37+ open source nuclei templates☆45Sep 2, 2022Updated 3 years ago
- A repository that includes all the important wordlists used while bug hunting.☆1,375Mar 11, 2023Updated 2 years ago
- Smart context-based SSRF vulnerability scanner.☆361May 5, 2022Updated 3 years ago
- Simple Automation script for juniper cve-2023-36845☆19Jan 30, 2024Updated 2 years ago
- ☆845Dec 26, 2025Updated last month
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆373Jul 25, 2023Updated 2 years ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆749Dec 19, 2023Updated 2 years ago
- Jumpstart multiple WebSocket servers quickly☆32Nov 23, 2021Updated 4 years ago
- My Priv8 Nuclei Templates☆336May 12, 2024Updated last year
- Tools and methods that I personally use for Recon and Exploitations☆46May 1, 2025Updated 9 months ago
- parse ffuf & map endpoints to wordlists☆21Feb 25, 2021Updated 4 years ago
- Automated Tool for Testing Header Based Blind SQL Injection☆324Jul 23, 2023Updated 2 years ago
- Write-ups of my findings.☆122Sep 2, 2023Updated 2 years ago
- ☆29May 22, 2024Updated last year
- Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp…☆29Jul 21, 2024Updated last year
- ☆145Jul 25, 2022Updated 3 years ago
- ☆435Jun 1, 2021Updated 4 years ago
- Filter URLs that match your scope file for bugbounty.☆11May 23, 2023Updated 2 years ago
- SAPLAR - LFI & Path Traversal Scanner☆15Mar 11, 2025Updated 11 months ago