m4ll0k/Awesome-Bugbounty-Writeups external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

m4ll0k/Awesome-Bugbounty-Writeups

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/m4ll0k/Awesome-Bugbounty-Writeups)

Close

m4ll0k / Awesome-Bugbounty-WriteupsView on GitHubMore

• External links
• Readme badge

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

☆44Dec 26, 2020Updated 5 years ago

Alternatives and similar repositories for Awesome-Bugbounty-Writeups

Users that are interested in Awesome-Bugbounty-Writeups are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• m4ll0k / PayloadsAllTheThings

  View on GitHub
  A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  ☆22Feb 26, 2021Updated 5 years ago
• m4ll0k / OneListForAll

  View on GitHub
  Rockyou for web fuzzing
  ☆15Jan 28, 2022Updated 4 years ago
• martabyte / Red-Team-Ops

  View on GitHub
  Notes about the YouTube playlist: Red Team Operations with Cobalt Strike (2019)
  ☆21Feb 16, 2021Updated 5 years ago
• intuit / mastko

  View on GitHub
  MasTKO is a security tool which detects DNS entries associated with AWS’s EC2 servers susceptible to takeover attack and attempts a takeo…
  ☆11Jun 14, 2023Updated 2 years ago
• Halcy0nic / Trophies

  View on GitHub
  Trophy list of zero-day vulnerabilities that I discovered
  ☆13May 6, 2024Updated 2 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• R-s0n / OSWE-Methodology

  View on GitHub
  Blank methodology sheet for the OSWE exam
  ☆13Dec 17, 2021Updated 4 years ago
• rix4uni / xsschecker

  View on GitHub
  xsschecker tests endpoints for reflected XSS by injecting payloads and checking responses. It prints vulnerable if the payload is reflect…
  ☆37Nov 3, 2025Updated 6 months ago
• lucas-santoni / sqli-platform

  View on GitHub
  Training for SQL injections
  ☆36Feb 3, 2019Updated 7 years ago
• EspressoCake / Cobalt_Strike_Ansible

  View on GitHub
  A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.
  ☆33Oct 1, 2021Updated 4 years ago
• Zeyad-Azima / Need-IP

  View on GitHub
  A tool for Pentesters & BugHunters to collect IPs of company, server, Operating System & many more
  ☆13Dec 20, 2022Updated 3 years ago
• Ajqx255 / OSCP

  View on GitHub
  OSCP Prep notes
  ☆14Oct 18, 2020Updated 5 years ago
• drak3hft7 / OSCP-Exam-Report-Template

  View on GitHub
  Template used for my OSCP exam.
  ☆29Aug 9, 2022Updated 3 years ago
• sundowndev / GoogleDork

  View on GitHub
  CMB Mobile Google Hacking App
  ☆25Feb 28, 2014Updated 12 years ago
• xnl-h4ck3r / alien

  View on GitHub
  Your favourite chest/terminal bursting buddy!
  ☆18Nov 27, 2021Updated 4 years ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• rudSarkar / Payloads

  View on GitHub
  Exploits for different vulnerabilities
  ☆12Nov 29, 2021Updated 4 years ago
• 0x3rhy / GetClipboard

  View on GitHub
  Cobalt Strike Get clipboard plugin
  ☆15Aug 11, 2023Updated 2 years ago
• projectdiscovery / fdmax

  View on GitHub
  Small Helper Library to increase automatically the file descriptors limits for the current process
  ☆25May 12, 2026Updated last week
• JoyGhoshs / NotesYouDontNeed

  View on GitHub
  Some Notes because i am too lazy to search
  ☆13May 10, 2021Updated 5 years ago
• danielhochman / redis-look

  View on GitHub
  Command-line tool to monitor Redis in real-time
  ☆13Apr 25, 2018Updated 8 years ago
• m4ll0k / BBTz

  View on GitHub
  BBT - Bug Bounty Tools (examples💡)
  ☆1,894Apr 5, 2024Updated 2 years ago
• hackedbyagirl / OSCP

  View on GitHub
  OSCP Preperation
  ☆14Aug 12, 2021Updated 4 years ago
• emadshanab / DIR-WORDLISTS

  View on GitHub
  Some wordlists collected form github to all bug bounty hunters.
  ☆42Jul 30, 2021Updated 4 years ago
• shelld3v / flydns

  View on GitHub
  Related subdomains finder
  ☆28May 18, 2022Updated 4 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• hahwul / can-i-protect-xss

  View on GitHub
  Everything about xss protection technology
  ☆14Oct 22, 2019Updated 6 years ago
• appknox / vulnerable-application

  View on GitHub
  Test Android Application.
  ☆20Jan 22, 2016Updated 10 years ago
• adrianalvird / collaborator

  View on GitHub
  This is Same as Burpsuite Collaborator | Free | Burpsuite Collaborator Server
  ☆13Jun 27, 2025Updated 10 months ago
• six2dez / mobile_pentesting_guide

  View on GitHub
  Mobile Pentesting Guide (WIP)
  ☆25May 13, 2020Updated 6 years ago
• blacklanternsecurity / public-dns-servers

  View on GitHub
  A CI/CD-verified list of the internet's known-good public DNS servers (from public-dns.info) Updated weekly!
  ☆36Apr 1, 2026Updated last month
• williamknows / SharpHound3

  View on GitHub
  C# Data Collector for the BloodHound Project, Version 3
  ☆37Dec 28, 2021Updated 4 years ago
• JoasASantos / OSWE

  View on GitHub
  ☆17Sep 2, 2021Updated 4 years ago
• agnes-it / maid-cafe

  View on GitHub
  It's an open source restaurant and coffee shop management system.
  ☆10Jan 6, 2023Updated 3 years ago
• cybercdh / bucket-finder

  View on GitHub
  Reads in a list of domains or subdomains and crawls them for references to S3 buckets
  ☆10Nov 21, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• HackWithSumit / BurpSuiteProfessional-2024

  View on GitHub
  Burp or Burp Suite is a set of tools used for penetration testing of web applications. It is developed by the company named Portswigger.
  ☆24Dec 18, 2024Updated last year
• dsopas / bugbounty-cheatsheet

  View on GitHub
  A list of interesting payloads, tips and tricks for bug bounty hunters.
  ☆13Oct 26, 2017Updated 8 years ago
• Webklex / altip

  View on GitHub
  Convert an IP into Alternative / Obfuscated versions of itself
  ☆14Aug 13, 2022Updated 3 years ago
• ItsIgnacioPortal / XSStrike-Reborn

  View on GitHub
  Updated fork of XSStrike: The most advanced XSS scanner.
  ☆24Feb 14, 2023Updated 3 years ago
• prodigiousMind / blizzardwrap

  View on GitHub
  BlizzardWrap - A CLI tool for encoding and decoding (supports several formats/algos)
  ☆16Jun 19, 2021Updated 4 years ago
• random-robbie / angularjs-csti-scanner

  View on GitHub
  Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
  ☆11Dec 14, 2025Updated 5 months ago
• maverickNerd / wordlists

  View on GitHub
  Wordlists for Fuzzing
  ☆131Oct 12, 2020Updated 5 years ago