awesome-bugbounty-tools

Bug Bounty Toolset

A curated collection of various tools used in bug bounty hunting and penetration testing to discover security vulnerabilities in software applications.

A curated list of various bug bounty tools

GitHub
4k stars
98 watching
705 forks
last commit: about 1 year ago
Linked from 1 awesome list

awesomeawesome-listbugbountysecurity-toolstoolsweb-security

Awesome Bug Bounty Tools / Recon / Subdomain Enumeration
Sublist3r 9,947 over 1 year ago Fast subdomains enumeration tool for penetration testers
Amass 12,185 11 months ago In-depth Attack Surface Mapping and Asset Discovery
massdns 3,194 over 1 year ago A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Findomain 3,352 over 1 year ago The fastest and cross-platform subdomain enumerator, do not waste your time
Sudomy 2,026 over 1 year ago Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
chaos-client 657 11 months ago Go client to communicate with Chaos DNS API
domained 722 over 4 years ago Multi Tool Subdomain Enumeration
bugcrowd-levelup-subdomain-enumeration 635 almost 7 years ago This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
shuffledns 1,345 11 months ago shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output…
puredns 1,737 12 months ago Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering with wilcard(*)
censys-subdomain-finder 752 over 2 years ago Perform subdomain enumeration using the certificate transparency logs from Censys
Turbolist3r 370 over 1 year ago Subdomain enumeration tool with analysis features for discovered domains
censys-enumeration 151 almost 3 years ago A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
tugarecon 153 over 1 year ago Fast subdomains enumeration tool for penetration testers
as3nt 11 about 3 years ago Another Subdomain ENumeration Tool
Subra 54 over 5 years ago A Web-UI for subdomain enumeration (subfinder)
Substr3am 67 about 3 years ago Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued
domain 921 almost 5 years ago enumall.py Setup script for Regon-ng
altdns 2,344 over 1 year ago Generates permutations, alterations and mutations of subdomains and then resolves them
brutesubs 257 about 4 years ago An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
dns-parallel-prober 107 about 3 years ago his is a parallelised domain name prober to find as many subdomains of a given domain as fast as possible
dnscan 1,143 11 months ago dnscan is a python wordlist-based DNS subdomain scanner
knock 3,902 12 months ago Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist
hakrevdns 1,461 over 1 year ago Small, fast tool for performing reverse DNS lookups en masse
dnsx 2,218 11 months ago Dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers
subfinder 10,428 11 months ago Subfinder is a subdomain discovery tool that discovers valid subdomains for websites
assetfinder 3,080 over 1 year ago Find domains and subdomains related to a given domain
crtndstry 198 almost 6 years ago Yet another subdomain finder
VHostScan 1,208 almost 2 years ago A virtual host scanner that performs reverse lookups
scilla 951 12 months ago Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
sub3suite 528 over 2 years ago A research-grade suite of tools for subdomain enumeration, intelligence gathering and attack surface mapping
cero 623 over 1 year ago Scrape domain names from SSL certificates of arbitrary hosts
shosubgo 371 about 1 year ago Small tool to Grab subdomains using Shodan api
haktrails 540 about 2 years ago Golang client for querying SecurityTrails API data
bbot 7,343 11 months ago A recursive internet scanner for hackers

Awesome Bug Bounty Tools / Recon / Port Scanning
masscan 23,823 11 months ago TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes
RustScan 14,903 11 months ago The Modern Port Scanner
naabu 4,834 11 months ago A fast port scanner written in go with focus on reliability and simplicity
nmap 10,341 11 months ago Nmap - the Network Mapper. Github mirror of official SVN repository
sandmap 1,586 12 months ago Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles
ScanCannon 433 over 1 year ago Combines the speed of masscan with the reliability and detailed enumeration of nmap

Awesome Bug Bounty Tools / Recon / Screenshots
EyeWitness 5,053 about 1 year ago EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible
aquatone 5,671 over 3 years ago Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface
screenshoteer 1,674 over 4 years ago Make website screenshots and mobile emulations from the command line
gowitness 3,395 about 1 year ago gowitness - a golang, web screenshot utility using Chrome Headless
WitnessMe 737 about 1 year ago Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier
eyeballer 1,049 over 1 year ago Convolutional neural network for analyzing pentest screenshots
scrying 454 over 2 years ago A tool for collecting RDP, web and VNC screenshots all in one place
Depix 26,118 about 1 year ago Recovers passwords from pixelized screenshots
httpscreenshot 636 about 1 year ago HTTPScreenshot is a tool for grabbing screenshots and HTML of large numbers of websites

Awesome Bug Bounty Tools / Recon / Technologies
wappalyzer Identify technology on websites
webanalyze 987 almost 2 years ago Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning
python-builtwith 35 over 5 years ago BuiltWith API client
whatweb 5,593 over 1 year ago Next generation web scanner
retire.js 3,717 11 months ago scanner detecting the use of JavaScript libraries with known vulnerabilities
httpx 7,870 11 months ago httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads
fingerprintx 575 about 1 year ago fingerprintx is a standalone utility for service discovery on open ports that works well with other popular bug bounty command line tools

Awesome Bug Bounty Tools / Recon / Content Discovery
gobuster 10,335 11 months ago Directory/File, DNS and VHost busting tool written in Go
recursebuster 243 about 6 years ago rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
feroxbuster 6,060 about 1 year ago A fast, simple, recursive content discovery tool written in Rust
dirsearch 12,324 12 months ago Web path scanner
dirsearch 269 about 4 years ago A Go implementation of dirsearch
filebuster 213 over 2 years ago An extremely fast and flexible web fuzzer
dirstalk 377 almost 2 years ago Modern alternative to dirbuster/dirb
dirbuster-ng 344 over 5 years ago dirbuster-ng is C CLI implementation of the Java dirbuster tool
gospider 2,598 over 1 year ago Gospider - Fast web spider written in Go
hakrawler 4,528 almost 2 years ago Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
crawley 268 12 months ago fast, feature-rich unix-way web scraper/crawler written in Golang
katana 12,667 11 months ago A next-generation crawling and spidering framework
LinkFinder 3,757 over 1 year ago A python script that finds endpoints in JavaScript files
JS-Scan 210 about 8 years ago a .js scanner, built in php. designed to scrape urls and other info
LinksDumper 86 about 6 years ago Extract (links/possible endpoints) from responses & filter them via decoding/sorting
GoLinkFinder 327 12 months ago A fast and minimal JS endpoint extractor
BurpJSLinkFinder 753 over 1 year ago Burp Extension for a passive scanning JS files for endpoint links
urlgrab 331 about 5 years ago A golang utility to spider through a website searching for additional links
waybackurls 3,593 over 1 year ago Fetch all the URLs that the Wayback Machine knows about for a domain
gau 4,051 about 1 year ago Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl
getJS 732 over 1 year ago A tool to fastly get all javascript sources/files
linx 206 over 3 years ago Reveals invisible links within JavaScript files
waymore 1,790 11 months ago Find way more from the Wayback Machine!
xnLinkFinder 1,216 11 months ago A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

Awesome Bug Bounty Tools / Recon / Parameters
parameth 1,354 about 6 years ago This tool can be used to brute discover GET and POST parameters
param-miner 1,273 11 months ago This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities
ParamPamPam 272 over 3 years ago This tool for brute discover GET and POST parameters
Arjun 5,329 11 months ago HTTP parameter discovery suite
ParamSpider 2,557 over 1 year ago Mining parameters from dark corners of Web Archives
x8 1,715 about 1 year ago Hidden parameters discovery suite written in Rust

Awesome Bug Bounty Tools / Recon / Fuzzing
wfuzz 5,978 about 1 year ago Web application fuzzer
ffuf 12,876 over 1 year ago Fast web fuzzer written in Go
fuzzdb 8,288 almost 2 years ago Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery
IntruderPayloads 3,698 about 4 years ago A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists
fuzz.txt 2,922 12 months ago Potentially dangerous files
fuzzilli 1,896 11 months ago A JavaScript Engine Fuzzer
fuzzapi 636 over 4 years ago Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
qsfuzz 297 over 2 years ago qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities
vaf 314 over 3 years ago very advanced (web) fuzzer written in Nim

Awesome Bug Bounty Tools / Exploitation / Command Injection
commix 4,647 11 months ago Automated All-in-One OS command injection and exploitation tool

Awesome Bug Bounty Tools / Exploitation / CORS Misconfiguration
Corsy 1,381 about 3 years ago CORS Misconfiguration Scanner
CORStest 406 about 5 years ago A simple CORS misconfiguration scanner
cors-scanner 18 almost 6 years ago A multi-threaded scanner that helps identify CORS flaws/misconfigurations
CorsMe 169 almost 4 years ago Cross Origin Resource Sharing MisConfiguration Scanner

Awesome Bug Bounty Tools / Exploitation / CRLF Injection
CRLFsuite 563 about 2 years ago A fast tool specially designed to scan CRLF injection
crlfuzz 1,354 about 1 year ago A fast tool to scan CRLF vulnerability written in Go
CRLF-Injection-Scanner 160 over 1 year ago Command line tool for testing CRLF injection on a list of domains
Injectus 110 about 4 years ago CRLF and open redirect fuzzer

Awesome Bug Bounty Tools / Exploitation / CSRF Injection
XSRFProbe 1,116 about 1 year ago -The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit

Awesome Bug Bounty Tools / Exploitation / Directory Traversal
dotdotpwn 997 about 3 years ago DotDotPwn - The Directory Traversal Fuzzer
FDsploit 267 over 4 years ago File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool
off-by-slash 254 almost 4 years ago Burp extension to detect alias traversal via NGINX misconfiguration at scale
liffier 8 about 6 years ago tired of manually add dot-dot-slash to your possible path traversal? this short snippet will increment ../ on the URL

Awesome Bug Bounty Tools / Exploitation / File Inclusion
liffy 802 over 2 years ago Local file inclusion exploitation tool
Burp-LFI-tests 60 about 9 years ago Fuzzing for LFI using Burpsuite
LFI-Enum 89 over 6 years ago Scripts to execute enumeration via LFI
LFISuite 1,715 over 3 years ago Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
LFI-files 118 about 6 years ago Wordlist to bruteforce for LFI

Awesome Bug Bounty Tools / Exploitation / GraphQL Injection
inql 1,554 over 1 year ago InQL - A Burp Extension for GraphQL Security Testing
GraphQLmap 1,408 over 1 year ago GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes
shapeshifter 119 over 3 years ago GraphQL security testing tool
graphql_beautifier 30 almost 8 years ago Burp Suite extension to help make Graphql request more readable
clairvoyance 1,080 about 1 year ago Obtain GraphQL API schema despite disabled introspection!

Awesome Bug Bounty Tools / Exploitation / Header Injection
headi 238 over 1 year ago Customisable and automated HTTP header injection

Awesome Bug Bounty Tools / Exploitation / Insecure Deserialization
ysoserial 7,857 over 1 year ago A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization
GadgetProbe 587 over 4 years ago Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths
ysoserial.net 3,260 11 months ago Deserialization payload generator for a variety of .NET formatters
phpggc 3,271 12 months ago PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically

Awesome Bug Bounty Tools / Exploitation / Insecure Direct Object References
Autorize 969 11 months ago Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily

Awesome Bug Bounty Tools / Exploitation / Open Redirect
Oralyzer 758 over 2 years ago Open Redirection Analyzer
Injectus 110 about 4 years ago CRLF and open redirect fuzzer
dom-red 24 almost 4 years ago Small script to check a list of domains against open redirect vulnerability
OpenRedireX 718 over 1 year ago A Fuzzer for OpenRedirect issues

Awesome Bug Bounty Tools / Exploitation / Race Condition
razzer 359 over 6 years ago A Kernel fuzzer focusing on race bugs
racepwn 265 almost 3 years ago Race Condition framework
requests-racer 158 over 2 years ago Small Python library that makes it easy to exploit race conditions in web apps with Requests
turbo-intruder 1,520 12 months ago Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results
race-the-web 593 over 3 years ago Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline

Awesome Bug Bounty Tools / Exploitation / Request Smuggling
http-request-smuggling 476 almost 2 years ago HTTP Request Smuggling Detection Tool
smuggler 1,840 almost 2 years ago Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
h2csmuggler 661 over 3 years ago HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
tiscripts 218 over 5 years ago These scripts I use to create Request Smuggling Desync payloads for CLTE and TECL style attacks

Awesome Bug Bounty Tools / Exploitation / Server Side Request Forgery
SSRFmap 3,027 over 1 year ago Automatic SSRF fuzzer and exploitation tool
Gopherus 2,909 over 2 years ago This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
ground-control 535 over 8 years ago A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities
SSRFire 953 almost 4 years ago An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
httprebind 295 about 5 years ago Automatic tool for DNS rebinding-based SSRF attacks
ssrf-sheriff 320 about 1 year ago A simple SSRF-testing sheriff written in Go
B-XSSRF 295 about 6 years ago Toolkit to detect and keep track on Blind XSS, XXE & SSRF
extended-ssrf-search 276 over 4 years ago Smart ssrf scanner using different methods like parameter brute forcing in post and get
gaussrf 168 almost 5 years ago Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters
ssrfDetector 150 over 8 years ago Server-side request forgery detector
grafana-ssrf 78 over 1 year ago Authenticated SSRF in Grafana
sentrySSRF 68 over 1 year ago Tool to searching sentry config on page or in javascript files and check blind SSRF
lorsrf 291 about 1 year ago Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods
singularity 1,047 11 months ago A DNS rebinding attack framework
whonow 630 almost 4 years ago A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
dns-rebind-toolkit 487 about 4 years ago A front-end JavaScript toolkit for creating DNS rebinding attacks
dref 486 over 4 years ago DNS Rebinding Exploitation Framework
rbndr 631 almost 6 years ago Simple DNS Rebinding Service
httprebind 295 about 5 years ago Automatic tool for DNS rebinding-based SSRF attacks
dnsFookup 252 over 2 years ago DNS rebinding toolkit
surf 599 almost 2 years ago Escalate your SSRF vulnerabilities on Modern Cloud Environments. allows you to filter a list of hosts, returning a list of viable SSRF candidates

Awesome Bug Bounty Tools / Exploitation / SQL Injection
sqlmap 32,841 11 months ago Automatic SQL injection and database takeover tool
NoSQLMap 2,958 over 1 year ago Automated NoSQL database enumeration and web application exploitation tool
SQLiScanner 801 over 7 years ago Automatic SQL injection with Charles and sqlmap api
SleuthQL 466 almost 6 years ago Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap
mssqlproxy 728 over 4 years ago mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
sqli-hunter 425 over 1 year ago SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy
waybackSqliScanner 187 over 6 years ago Gather urls from wayback machine then test each GET parameter for sql injection
ESC 283 over 2 years ago Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
mssqli-duet 93 over 5 years ago SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
burp-to-sqlmap Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap
BurpSQLTruncSanner 62 over 5 years ago Messy BurpSuite plugin for SQL Truncation vulnerabilities
andor 74 almost 4 years ago Blind SQL Injection Tool with Golang
Blinder 51 about 6 years ago A python library to automate time-based blind SQL injection
sqliv 1,164 about 7 years ago massive SQL injection vulnerability scanner
nosqli 359 about 4 years ago NoSql Injection CLI tool, for finding vulnerable websites using MongoDB
ghauri 3,208 12 months ago An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Awesome Bug Bounty Tools / Exploitation / XSS Injection
XSStrike 13,452 over 1 year ago Most advanced XSS scanner
xssor2 2,141 almost 4 years ago XSS'OR - Hack with JavaScript
xsscrapy 1,665 over 1 year ago XSS spider - 66/66 wavsep XSS detected
sleepy-puppy 1,035 over 7 years ago Sleepy Puppy XSS Payload Management Framework
ezXSS 1,938 11 months ago ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting
xsshunter 1,501 almost 3 years ago The XSS Hunter service - a portable version of XSSHunter.com
dalfox 3,820 11 months ago DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
xsser 1,223 about 1 year ago Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications
XSpear 1,215 about 3 years ago Powerfull XSS Scanning and Parameter analysis tool&gem
weaponised-XSS-payloads 1,346 about 2 years ago XSS payloads designed to turn alert(1) into P1
tracy 555 over 2 years ago A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner
ground-control 535 over 8 years ago A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities
xssValidator 411 over 3 years ago This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities
JSShell 362 over 3 years ago An interactive multi-user web JS shell
bXSS 522 over 2 years ago bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting
docem 553 almost 2 years ago Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
XSS-Radar 321 almost 8 years ago XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities
BruteXSS 506 over 4 years ago BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application
findom-xss 775 about 3 years ago A fast DOM based XSS vulnerability scanner with simplicity
domdig 396 over 1 year ago DOM XSS scanner for Single Page Applications
femida 279 about 6 years ago Automated blind-xss search for Burp Suite
B-XSSRF 295 about 6 years ago Toolkit to detect and keep track on Blind XSS, XXE & SSRF
domxssscanner 192 almost 7 years ago DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
xsshunter_client 250 almost 3 years ago Correlated injection proxy tool for XSS Hunter
extended-xss-search 183 over 6 years ago A better version of my xssfinder tool - scans for different types of xss on a list of urls
xssmap 261 about 5 years ago XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
XSSCon 214 about 6 years ago XSSCon: Simple XSS Scanner tool
BitBlinder 108 over 2 years ago BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
XSSOauthPersistence 77 almost 7 years ago Maintaining account persistence via XSS and Oauth
shadow-workers 226 about 2 years ago Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
rexsser 76 about 5 years ago This is a burp plugin that extracts keywords from response using regexes and test for reflected XSS on the target scope
xss-flare XSS hunter on cloudflare serverless workers
Xss-Sql-Fuzz 61 almost 7 years ago burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
vaya-ciego-nen 41 almost 3 years ago Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities
dom-based-xss-finder 71 almost 3 years ago Chrome extension that finds DOM based XSS vulnerabilities
XSSTerminal Develop your own XSS Payload using interactive typing
xss2png 177 about 3 years ago PNG IDAT chunks XSS payload generator
XSSwagger 56 about 6 years ago A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks

Awesome Bug Bounty Tools / Exploitation / XXE Injection
ground-control 535 over 8 years ago A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities
dtd-finder 615 over 1 year ago List DTDs and generate XXE payloads using those local DTDs
docem 553 almost 2 years ago Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
xxeserv 326 almost 2 years ago A mini webserver with FTP support for XXE payloads
xxexploiter 547 almost 3 years ago Tool to help exploit XXE vulnerabilities
B-XSSRF 295 about 6 years ago Toolkit to detect and keep track on Blind XSS, XXE & SSRF
XXEinjector 1,556 11 months ago Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods
oxml_xxe 1,049 11 months ago A tool for embedding XXE/XML exploits into different filetypes
metahttp 37 almost 5 years ago A bash script that automates the scanning of a target network for HTTP resources through XXE

Awesome Bug Bounty Tools / Exploitation / SSTI Injection
tplmap 3,823 over 1 year ago Server-Side Template Injection and Code Injection Detection and Exploitation Tool
SSTImap 881 about 1 year ago Automatic SSTI detection tool with interactive interface

Awesome Bug Bounty Tools / Miscellaneous / Passwords
thc-hydra 9,858 about 1 year ago Hydra is a parallelized login cracker which supports numerous protocols to attack
DefaultCreds-cheat-sheet 5,784 about 1 year ago One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password
changeme 1,457 almost 4 years ago A default credential scanner
BruteX 1,990 about 1 year ago Automatically brute force all services running on a target
patator 3,598 about 1 year ago Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage

Awesome Bug Bounty Tools / Miscellaneous / Secrets
git-secrets 12,504 over 1 year ago Prevents you from committing secrets and credentials into git repositories
gitleaks 18,165 11 months ago Scan git repos (or files) for secrets using regex and entropy
truffleHog 17,601 11 months ago Searches through git repositories for high entropy strings and secrets, digging deep into commit history
gitGraber 2,044 over 1 year ago gitGraber: monitor GitHub to search and find sensitive data in real time for different online services
talisman 1,922 11 months ago By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys
GitGot 1,466 over 1 year ago Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets
git-all-secrets 1,114 over 6 years ago A tool to capture all the git secrets by leveraging multiple open source git searching tools
github-search 1,358 over 2 years ago Tools to perform basic search on GitHub
git-vuln-finder 402 about 2 years ago Finding potential software vulnerabilities from git commit messages
commit-stream #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
gitrob 5,955 about 3 years ago Reconnaissance tool for GitHub organizations
repo-supervisor 638 over 2 years ago Scan your code for security misconfiguration, search for passwords and secrets
GitMiner 2,093 about 5 years ago Tool for advanced mining for content on Github
shhgit 3,849 about 2 years ago Ah shhgit! Find GitHub secrets in real time
detect-secrets 3,860 about 1 year ago An enterprise friendly way of detecting and preventing secrets in code
rusty-hog 461 about 1 year ago A suite of secret scanners built in Rust for performance. Based on TruffleHog
whispers 478 about 2 years ago Identify hardcoded secrets and dangerous behaviours
yar 232 almost 5 years ago Yar is a tool for plunderin' organizations, users and/or repositories
dufflebag 289 over 2 years ago Search exposed EBS volumes for secrets
secret-bridge 191 about 1 year ago Monitors Github for leaked secrets
earlybird 711 about 1 year ago EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more
Trufflehog-Chrome-Extension 370 about 4 years ago Trufflehog-Chrome-Extension
noseyparker 1,716 11 months ago Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history

Awesome Bug Bounty Tools / Miscellaneous / Git
GitTools 3,880 over 2 years ago A repository with 3 tools for pwn'ing websites with .git repositories available
gitjacker 1,556 almost 3 years ago Leak git repositories from misconfigured websites
git-dumper 1,915 12 months ago A tool to dump a git repository from a website
GitHunter 97 almost 2 years ago A tool for searching a Git repository for interesting content
dvcs-ripper 1,712 over 1 year ago Rip web accessible (distributed) version control systems: SVN/GIT/HG
Gato (Github Attack TOolkit) 573 about 1 year ago GitHub Self-Hosted Runner Enumeration and Attack Tool

Awesome Bug Bounty Tools / Miscellaneous / Buckets
S3Scanner 2,613 11 months ago Scan for open AWS S3 buckets and dump the contents
AWSBucketDump 1,371 over 1 year ago Security Tool to Look For Interesting Files in S3 Buckets
CloudScraper 506 over 3 years ago CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space
s3viewer 436 about 2 years ago Publicly Open Amazon AWS S3 Bucket Viewer
festin 231 almost 5 years ago FestIn - S3 Bucket Weakness Discovery
s3reverse 84 over 2 years ago The format of various s3 buckets is convert in one format. for bugbounty and security testing
mass-s3-bucket-tester 52 over 1 year ago This tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable
S3BucketList 79 about 1 year ago Firefox plugin that lists Amazon S3 Buckets found in requests
dirlstr 51 almost 4 years ago Finds Directory Listings or open S3 buckets from a list of URLs
Burp-AnonymousCloud 42 almost 3 years ago Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities
kicks3 34 over 5 years ago S3 bucket finder from html,js and bucket misconfiguration testing tool
2tearsinabucket 7 over 5 years ago Enumerate s3 buckets for a specific target
s3_objects_check 75 over 3 years ago Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files
s3tk 454 about 1 year ago A security toolkit for Amazon S3
CloudBrute 913 over 1 year ago Awesome cloud enumerator
s3cario 16 over 4 years ago This tool will get the CNAME first if it's a valid Amazon s3 bucket and if it's not, it will try to check if the domain is a bucket name
S3Cruze 71 over 6 years ago All-in-one AWS S3 bucket tool for pentesters

Awesome Bug Bounty Tools / Miscellaneous / CMS
wpscan 8,671 11 months ago WPScan is a free, for non-commercial use, black box WordPress security scanner
WPSpider 76 over 5 years ago A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility
wprecon 15 almost 3 years ago Wordpress Recon
CMSmap 1,048 almost 4 years ago CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs
joomscan 1,088 about 1 year ago OWASP Joomla Vulnerability Scanner Project
pyfiscan 565 about 1 year ago Free web-application vulnerability and version scanner
aemhacker 774 over 1 year ago Tools to identify vulnerable Adobe Experience Manager (AEM) webapps
aemscan 182 over 2 years ago Adobe Experience Manager Vulnerability Scanner

Awesome Bug Bounty Tools / Miscellaneous / JSON Web Token
jwt_tool 5,501 over 1 year ago A toolkit for testing, tweaking and cracking JSON Web Tokens
c-jwt-cracker 2,410 over 2 years ago JWT brute force cracker written in C
jwt-heartbreaker 126 about 5 years ago The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
jwtear 100 over 2 years ago Modular command-line tool to parse, create and manipulate JWT tokens for hackers
jwt-key-id-injector 51 almost 5 years ago Simple python script to check against hypothetical JWT vulnerability
jwt-hack 770 over 1 year ago jwt-hack is tool for hacking / security testing to JWT
jwt-cracker 1,049 over 1 year ago Simple HS256 JWT token brute force cracker

Awesome Bug Bounty Tools / Miscellaneous / postMessage
postMessage-tracker 1,067 almost 2 years ago A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
PostMessage_Fuzz_Tool 36 about 6 years ago #BugBounty #BugBounty Tools #WebDeveloper Tool

Awesome Bug Bounty Tools / Miscellaneous / Subdomain Takeover
subjack 1,921 about 2 years ago Subdomain Takeover tool written in Go
SubOver 936 about 2 years ago A Powerful Subdomain Takeover Tool
autoSubTakeover 133 about 2 years ago A tool used to check if a CNAME resolves to the scope address. If the CNAME resolves to a non-scope address it might be worth checking out if subdomain takeover is possible
NSBrute 86 almost 3 years ago Python utility to takeover domains vulnerable to AWS NS Takeover
can-i-take-over-xyz 4,913 12 months ago "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records
cnames 15 over 2 years ago take a list of resolved subdomains and output any corresponding CNAMES en masse
subHijack 8 about 6 years ago Hijacking forgotten & misconfigured subdomains
tko-subs 748 almost 5 years ago A tool that can help detect and takeover subdomains with dead DNS records
HostileSubBruteforcer 456 almost 5 years ago This app will bruteforce for exisiting subdomains and provide information if the 3rd party host has been properly setup
second-order 380 over 2 years ago Second-order subdomain takeover scanner
takeover 49 over 4 years ago A tool for testing subdomain takeover possibilities at a mass scale
dnsReaper 2,037 about 1 year ago DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal!

Awesome Bug Bounty Tools / Miscellaneous / Vulnerability Scanners
nuclei 21,054 11 months ago Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use
Sn1per 8,190 11 months ago Automated pentest framework for offensive security experts
metasploit-framework 34,393 11 months ago Metasploit Framework
nikto 8,746 11 months ago Nikto web server scanner
arachni 3,804 over 2 years ago Web Application Security Scanner Framework
jaeles 2,179 over 1 year ago The Swiss Army knife for automated Web Application Testing
retire.js 3,717 11 months ago scanner detecting the use of JavaScript libraries with known vulnerabilities
Osmedeus 5,396 over 1 year ago Fully automated offensive security framework for reconnaissance and vulnerability scanning
getsploit 1,734 over 1 year ago Command line utility for searching and downloading exploits
flan 4,088 about 1 year ago A pretty sweet vulnerability scanner
Findsploit 1,659 about 4 years ago Find exploits in local and online databases instantly
BlackWidow 1,545 12 months ago A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website
backslash-powered-scanner 643 about 2 years ago Finds unknown classes of injection vulnerabilities
Eagle 113 over 2 years ago Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
cariddi 1,551 12 months ago Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
OWASP ZAP 12,847 11 months ago World’s most popular free web security tools and is actively maintained by a dedicated international team of volunteers
SSTImap 881 about 1 year ago SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself

Awesome Bug Bounty Tools / Miscellaneous / Useful
anew 1,420 almost 2 years ago A tool for adding new lines to files, skipping duplicates
gf 1,840 over 1 year ago A wrapper around grep, to help you grep for things
uro 1,225 11 months ago declutters url lists for crawling/pentesting
unfurl 1,103 about 2 years ago Pull out bits of URLs provided on stdin
qsreplace 774 almost 3 years ago Accept URLs on stdin, replace all query string values with a user-supplied value

Awesome Bug Bounty Tools / Miscellaneous / Uncategorized
JSONBee 678 over 1 year ago A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites
CyberChef 29,563 about 1 year ago The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
-
bountyplz 446 over 6 years ago Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)
PayloadsAllTheThings 61,904 11 months ago A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bounty-targets-data 3,178 11 months ago This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
android-security-awesome 8,270 11 months ago A collection of android security related resources
awesome-mobile-security 3,069 over 1 year ago An effort to build a single place for all useful android and iOS security related stuff
awesome-vulnerable-apps 1,033 over 1 year ago Awesome Vulnerable Applications
XFFenum 90 over 1 year ago X-Forwarded-For [403 forbidden] enumeration
httpx 7,870 11 months ago httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads
csprecon 385 11 months ago Discover new target domains using Content Security Policy

Backlinks from these awesome lists:

More related projects: