Repository navigation

#

bugbounty-tool

hahwul/dalfox
hahwul / dalfox 

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

xss安全Bug Bountybugbounty-toolGoxss-scannerdevsecopscicd-pipelinevulnerabilityxss-detectionxss-bruteforcexss-exploitHacktoberfest
Go
4583
4 天前
jonaslejon/malicious-pdf
jonaslejon / malicious-pdf 

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

penetrationtestingpentestingpentesting-toolspenetration-testingpenetration-testpdf-generationpdfBug Bountybugbounty-toolPythonredteamredteamingscanner
Python
3484
3 个月前
doyensec/inql
doyensec / inql 

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

GraphQLsecurity-scannergraphql-securityapi-documentation-tool安全burp-extensionsburpsuiteBug Bountybugbounty-toolpenetration-testing
Kotlin
1675
1 个月前
0xmaximus / Galaxy-Bugbounty-Checklist 

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Bug Bountybughackeronebugbountytricksbugbounty-toolbugbountytipsbugbounty-reportsbugbounty-checklistbugcrowdbugsethical-hackingred-teamred-teamingvulnerabilitiesvulnerability
1587
19 天前
Viralmaniar / BigBountyRecon 

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

OSINTReconnaissancereconnaissanceCybersecurityoffensive-securitypentestingpentest-toolBug Bountybugbounty-toolbugbountytipsred-teamred-teamingblue-teampurple-teampurple-teams
C#
1420
5 年前
Autumn-27 / ScopeSentry 

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

Bug Bountybugbounty-tool爬虫dirscannersubdomain-enumerationurlscanvulnerability-scannersCybersecurityOSINTscanner安全
Python
1342
5 个月前
dwisiswant0/go-dork
dwisiswant0 / go-dork 

The fastest dork scanner written in Go.

Godork-scanner爬虫CybersecurityBug Bountybugbounty-toolgoogle-dorksvulnerability-scanners安全
Go
1255
2 年前
taielab / awesome-hacking-lists 

A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!

WebHackingAwesome Listshackerhacking-toolkali-scriptshacking-toolspentesting-toolspentest-scriptsbounty-huntersBug Bountybugbounty-toolagents人工智能aiagent大语言模型llm-inferencemcpmcp-server
1199
1 个月前
KathanP19 / JSFScan.sh 

Automation for javascript recon in bug bounty.

bugbounty-toolBug Bounty
Shell
1049
2 年前
robotshell/magicRecon
robotshell / magicRecon 

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

subdomainbugbugbounty-toolBug Bountyvulnerability-scannersscanner工具CybersecuritybugbountytricksBashsubdomains-enumerationxss-vulnerabilitysql-injectionnuclei
Shell
1009
1 年前
bitquark / shortscan 

An IIS short filename enumeration tool

Bug Bounty安全security-scanneriispentestingpentesting-toolsvulnerability-detectionvulnerability-scannersredteamredteam-toolssecurity-automationbugbounty-tool
Go
1007
10 个月前
sh377c0d3 / Payloads 

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

bugbounty-toolBug Bountypayloadpayloadspayloads-databasepenetration-testing
PHP
915
2 年前
R0X4R / Garud 

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Bug Bountybugbountytipsbugbounty-toolreconnaissancesubdomain-takeoverGoBashpenetration-testingpenetration-testing-toolsvulnerabilityvulnerability-scanner
Shell
795
2 年前
chiasmod0n / chiasmodon 

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.

asnattack-surfaceBug Bountybugbounty-toolcidrcredentialsemail-enumerationemailsinformation-gatheringintelligenceintelligence-analysisOSINTreconnaissancesubdomain-enumerationsubdomains
Python
645
5 个月前
dwisiswant0 / ppfuzz 

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

prototype-pollutionBug Bountybugbounty-toolbugbountytipsvulnerability-scannersRust安全Chromium
Rust
640
1 个月前
KathanP19 / Gxss 

A tool to check a bunch of URLs that contain reflecting params.

GoBug Bountybugbounty-toolxss-detectionxss
Go
593
1 年前
kleiton0x00 / ppmap 

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

prototype-pollutionBug BountyCybersecuritybugbounty-toolxssxss-vulnerabilityxss-exploitationxss-detection
Go
513
3 年前
edoardottt / csprecon 

Discover new target domains using Content Security Policy

HackingBug Bountybugbounty-toolReconnaissancereconnaissanceinformation-retrieval安全content-security-policycspGooffensive-securityoffensivesecurityHacktoberfest
Go
482
18 小时前
cc1a2b / JShunter 

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.

Bug Bountybugbounty-toolbugbountytipshackerJavaScriptjavascript-toolspentestpentest-toolpentestingCybersecurityosint-tool安全sensitive
Go
450
19 天前
taielab / Taie-Bugbounty-killer 

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧,看了并去做了捡钱如喝水。

Bug Bountybugbounty-toolbugbountytips
420
5 年前