Repository navigation
bugbounty-tools
- Website
- Wikipedia
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Metlo is an open-source API security platform.
OSINT tools and more but without API key
This extension will help you to detect GET/POST based XSS vulnerability in any website easily
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
A Python script designed to monitor bug bounty programs for any changes and promptly notify users.
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
Self-hosted passive subdomain continous monitoring tool.
Chrome and Firefox extension that lists Amazon S3 Buckets while browsing
Email enumerator, username generator, and context validator for hunter.io, snov.io, and skrapp.io
A tool offering templates for streamlined bug bounty reporting
A CDN Domain Fronting Tool or Websocket Discovery written in Python
🕵️♂️🔍 A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.
yataf extracts secrets and paths from files or urls - its best used against javascript files
Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded output, and easy CLI usage, it's a handy solution for monitoring web service performance.
Detect Program Bug Bounty
CRLF Bug scanner for WebPentesters and Bugbounty Hunters
All in one web Recon app
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Online tips and explain the commands, for the better understanding of new hunters..
Barcha is your Swiss‑Army knife for SQL Injection reconnaissance 🔍. Written in Go, it automates: Shodan enumeration of SSL hosts 🕵️♂️ Liveness & redirect checks (ignores bad certs) 🔄 Automated Ghauri tests for each host 🛡️ SQLite logging of every scan 🔖