awesome-bugbounty-tools

Bug Bounty Toolset

A curated collection of various tools used in bug bounty hunting and penetration testing to discover security vulnerabilities in software applications.

A curated list of various bug bounty tools

GitHub

4k stars
98 watching
705 forks
last commit: 8 months ago
Linked from 1 awesome list

awesomeawesome-listbugbountysecurity-toolstoolsweb-security

Awesome Bug Bounty Tools / Recon / Subdomain Enumeration

Sublist3r 9,947 10 months ago Fast subdomains enumeration tool for penetration testers
Amass 12,185 6 months ago In-depth Attack Surface Mapping and Asset Discovery
massdns 3,194 about 1 year ago A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Findomain 3,352 over 1 year ago The fastest and cross-platform subdomain enumerator, do not waste your time
Sudomy 2,026 11 months ago Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
chaos-client 657 5 months ago Go client to communicate with Chaos DNS API
domained 722 about 4 years ago Multi Tool Subdomain Enumeration
bugcrowd-levelup-subdomain-enumeration 635 over 6 years ago This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
shuffledns 1,345 5 months ago shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output…
puredns 1,737 6 months ago Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering with wilcard(*)
censys-subdomain-finder 752 almost 2 years ago Perform subdomain enumeration using the certificate transparency logs from Censys
Turbolist3r 370 over 1 year ago Subdomain enumeration tool with analysis features for discovered domains
censys-enumeration 151 over 2 years ago A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
tugarecon 153 about 1 year ago Fast subdomains enumeration tool for penetration testers
as3nt 11 over 2 years ago Another Subdomain ENumeration Tool
Subra 54 almost 5 years ago A Web-UI for subdomain enumeration (subfinder)
Substr3am 67 over 2 years ago Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued
domain 921 over 4 years ago enumall.py Setup script for Regon-ng
altdns 2,344 about 1 year ago Generates permutations, alterations and mutations of subdomains and then resolves them
brutesubs 257 almost 4 years ago An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
dns-parallel-prober 107 over 2 years ago his is a parallelised domain name prober to find as many subdomains of a given domain as fast as possible
dnscan 1,143 5 months ago dnscan is a python wordlist-based DNS subdomain scanner
knock 3,902 6 months ago Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist
hakrevdns 1,461 10 months ago Small, fast tool for performing reverse DNS lookups en masse
dnsx 2,218 5 months ago Dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers
subfinder 10,428 5 months ago Subfinder is a subdomain discovery tool that discovers valid subdomains for websites
assetfinder 3,080 12 months ago Find domains and subdomains related to a given domain
crtndstry 198 over 5 years ago Yet another subdomain finder
VHostScan 1,208 over 1 year ago A virtual host scanner that performs reverse lookups
scilla 951 6 months ago Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
sub3suite 528 almost 2 years ago A research-grade suite of tools for subdomain enumeration, intelligence gathering and attack surface mapping
cero 623 about 1 year ago Scrape domain names from SSL certificates of arbitrary hosts
shosubgo 371 7 months ago Small tool to Grab subdomains using Shodan api
haktrails 540 over 1 year ago Golang client for querying SecurityTrails API data
bbot 7,343 5 months ago A recursive internet scanner for hackers

Awesome Bug Bounty Tools / Recon / Port Scanning

masscan 23,823 6 months ago TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes
RustScan 14,903 5 months ago The Modern Port Scanner
naabu 4,834 5 months ago A fast port scanner written in go with focus on reliability and simplicity
nmap 10,341 5 months ago Nmap - the Network Mapper. Github mirror of official SVN repository
sandmap 1,586 6 months ago Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles
ScanCannon 433 about 1 year ago Combines the speed of masscan with the reliability and detailed enumeration of nmap

Awesome Bug Bounty Tools / Recon / Screenshots

EyeWitness 5,053 7 months ago EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible
aquatone 5,671 about 3 years ago Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface
screenshoteer 1,674 almost 4 years ago Make website screenshots and mobile emulations from the command line
gowitness 3,395 7 months ago gowitness - a golang, web screenshot utility using Chrome Headless
WitnessMe 737 8 months ago Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier
eyeballer 1,049 over 1 year ago Convolutional neural network for analyzing pentest screenshots
scrying 454 about 2 years ago A tool for collecting RDP, web and VNC screenshots all in one place
Depix 26,118 9 months ago Recovers passwords from pixelized screenshots
httpscreenshot 636 8 months ago HTTPScreenshot is a tool for grabbing screenshots and HTML of large numbers of websites

Awesome Bug Bounty Tools / Recon / Technologies

wappalyzer Identify technology on websites
webanalyze 987 over 1 year ago Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning
python-builtwith 35 about 5 years ago BuiltWith API client
whatweb 5,593 11 months ago Next generation web scanner
retire.js 3,717 6 months ago scanner detecting the use of JavaScript libraries with known vulnerabilities
httpx 7,870 5 months ago httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads
fingerprintx 575 10 months ago fingerprintx is a standalone utility for service discovery on open ports that works well with other popular bug bounty command line tools

Awesome Bug Bounty Tools / Recon / Content Discovery

gobuster 10,335 6 months ago Directory/File, DNS and VHost busting tool written in Go
recursebuster 243 over 5 years ago rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
feroxbuster 6,060 9 months ago A fast, simple, recursive content discovery tool written in Rust
dirsearch 12,324 6 months ago Web path scanner
dirsearch 269 over 3 years ago A Go implementation of dirsearch
filebuster 213 over 2 years ago An extremely fast and flexible web fuzzer
dirstalk 377 over 1 year ago Modern alternative to dirbuster/dirb
dirbuster-ng 344 almost 5 years ago dirbuster-ng is C CLI implementation of the Java dirbuster tool
gospider 2,598 about 1 year ago Gospider - Fast web spider written in Go
hakrawler 4,528 over 1 year ago Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
crawley 268 7 months ago fast, feature-rich unix-way web scraper/crawler written in Golang
katana 12,667 5 months ago A next-generation crawling and spidering framework
LinkFinder 3,757 about 1 year ago A python script that finds endpoints in JavaScript files
JS-Scan 210 almost 8 years ago a .js scanner, built in php. designed to scrape urls and other info
LinksDumper 86 almost 6 years ago Extract (links/possible endpoints) from responses & filter them via decoding/sorting
GoLinkFinder 327 7 months ago A fast and minimal JS endpoint extractor
BurpJSLinkFinder 753 about 1 year ago Burp Extension for a passive scanning JS files for endpoint links
urlgrab 331 over 4 years ago A golang utility to spider through a website searching for additional links
waybackurls 3,593 about 1 year ago Fetch all the URLs that the Wayback Machine knows about for a domain
gau 4,051 7 months ago Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl
getJS 732 10 months ago A tool to fastly get all javascript sources/files
linx 206 almost 3 years ago Reveals invisible links within JavaScript files
waymore 1,790 6 months ago Find way more from the Wayback Machine!
xnLinkFinder 1,216 6 months ago A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

Awesome Bug Bounty Tools / Recon / Parameters

parameth 1,354 almost 6 years ago This tool can be used to brute discover GET and POST parameters
param-miner 1,273 6 months ago This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities
ParamPamPam 272 almost 3 years ago This tool for brute discover GET and POST parameters
Arjun 5,329 5 months ago HTTP parameter discovery suite
ParamSpider 2,557 11 months ago Mining parameters from dark corners of Web Archives
x8 1,715 9 months ago Hidden parameters discovery suite written in Rust

Awesome Bug Bounty Tools / Recon / Fuzzing

wfuzz 5,978 9 months ago Web application fuzzer
ffuf 12,876 11 months ago Fast web fuzzer written in Go
fuzzdb 8,288 over 1 year ago Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery
IntruderPayloads 3,698 over 3 years ago A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists
fuzz.txt 2,922 6 months ago Potentially dangerous files
fuzzilli 1,896 6 months ago A JavaScript Engine Fuzzer
fuzzapi 636 over 4 years ago Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
qsfuzz 297 over 2 years ago qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities
vaf 314 almost 3 years ago very advanced (web) fuzzer written in Nim

Awesome Bug Bounty Tools / Exploitation / Command Injection

commix 4,647 6 months ago Automated All-in-One OS command injection and exploitation tool

Awesome Bug Bounty Tools / Exploitation / CORS Misconfiguration

Corsy 1,381 over 2 years ago CORS Misconfiguration Scanner
CORStest 406 almost 5 years ago A simple CORS misconfiguration scanner
cors-scanner 18 over 5 years ago A multi-threaded scanner that helps identify CORS flaws/misconfigurations
CorsMe 169 over 3 years ago Cross Origin Resource Sharing MisConfiguration Scanner

Awesome Bug Bounty Tools / Exploitation / CRLF Injection

CRLFsuite 563 over 1 year ago A fast tool specially designed to scan CRLF injection
crlfuzz 1,354 7 months ago A fast tool to scan CRLF vulnerability written in Go
CRLF-Injection-Scanner 160 about 1 year ago Command line tool for testing CRLF injection on a list of domains
Injectus 110 over 3 years ago CRLF and open redirect fuzzer

Awesome Bug Bounty Tools / Exploitation / CSRF Injection

XSRFProbe 1,116 7 months ago -The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit

Awesome Bug Bounty Tools / Exploitation / Directory Traversal

dotdotpwn 997 over 2 years ago DotDotPwn - The Directory Traversal Fuzzer
FDsploit 267 about 4 years ago File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool
off-by-slash 254 over 3 years ago Burp extension to detect alias traversal via NGINX misconfiguration at scale
liffier 8 over 5 years ago tired of manually add dot-dot-slash to your possible path traversal? this short snippet will increment ../ on the URL

Awesome Bug Bounty Tools / Exploitation / File Inclusion

liffy 802 almost 2 years ago Local file inclusion exploitation tool
Burp-LFI-tests 60 over 8 years ago Fuzzing for LFI using Burpsuite
LFI-Enum 89 about 6 years ago Scripts to execute enumeration via LFI
LFISuite 1,715 about 3 years ago Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
LFI-files 118 over 5 years ago Wordlist to bruteforce for LFI

Awesome Bug Bounty Tools / Exploitation / GraphQL Injection

inql 1,554 11 months ago InQL - A Burp Extension for GraphQL Security Testing
GraphQLmap 1,408 about 1 year ago GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes
shapeshifter 119 about 3 years ago GraphQL security testing tool
graphql_beautifier 30 over 7 years ago Burp Suite extension to help make Graphql request more readable
clairvoyance 1,080 8 months ago Obtain GraphQL API schema despite disabled introspection!

Awesome Bug Bounty Tools / Exploitation / Header Injection

headi 238 11 months ago Customisable and automated HTTP header injection

Awesome Bug Bounty Tools / Exploitation / Insecure Deserialization

ysoserial 7,857 about 1 year ago A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization
GadgetProbe 587 about 4 years ago Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths
ysoserial.net 3,260 6 months ago Deserialization payload generator for a variety of .NET formatters
phpggc 3,271 6 months ago PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically

Awesome Bug Bounty Tools / Exploitation / Insecure Direct Object References

Autorize 969 6 months ago Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily

Awesome Bug Bounty Tools / Exploitation / Open Redirect

Oralyzer 758 about 2 years ago Open Redirection Analyzer
Injectus 110 over 3 years ago CRLF and open redirect fuzzer
dom-red 24 over 3 years ago Small script to check a list of domains against open redirect vulnerability
OpenRedireX 718 11 months ago A Fuzzer for OpenRedirect issues

Awesome Bug Bounty Tools / Exploitation / Race Condition

razzer 359 almost 6 years ago A Kernel fuzzer focusing on race bugs
racepwn 265 over 2 years ago Race Condition framework
requests-racer 158 about 2 years ago Small Python library that makes it easy to exploit race conditions in web apps with Requests
turbo-intruder 1,520 6 months ago Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results
race-the-web 593 about 3 years ago Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline

Awesome Bug Bounty Tools / Exploitation / Request Smuggling

http-request-smuggling 476 over 1 year ago HTTP Request Smuggling Detection Tool
smuggler 1,840 over 1 year ago Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
h2csmuggler 661 about 3 years ago HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
tiscripts 218 almost 5 years ago These scripts I use to create Request Smuggling Desync payloads for CLTE and TECL style attacks

Awesome Bug Bounty Tools / Exploitation / Server Side Request Forgery

SSRFmap 3,027 12 months ago Automatic SSRF fuzzer and exploitation tool
Gopherus 2,909 about 2 years ago This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
ground-control 535 almost 8 years ago A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities
SSRFire 953 over 3 years ago An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
httprebind 295 almost 5 years ago Automatic tool for DNS rebinding-based SSRF attacks
ssrf-sheriff 320 7 months ago A simple SSRF-testing sheriff written in Go
B-XSSRF 295 almost 6 years ago Toolkit to detect and keep track on Blind XSS, XXE & SSRF
extended-ssrf-search 276 over 4 years ago Smart ssrf scanner using different methods like parameter brute forcing in post and get
gaussrf 168 over 4 years ago Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters
ssrfDetector 150 almost 8 years ago Server-side request forgery detector
grafana-ssrf 78 11 months ago Authenticated SSRF in Grafana
sentrySSRF 68 about 1 year ago Tool to searching sentry config on page or in javascript files and check blind SSRF
lorsrf 291 8 months ago Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods
singularity 1,047 6 months ago A DNS rebinding attack framework
whonow 630 over 3 years ago A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
dns-rebind-toolkit 487 over 3 years ago A front-end JavaScript toolkit for creating DNS rebinding attacks
dref 486 about 4 years ago DNS Rebinding Exploitation Framework
rbndr 631 over 5 years ago Simple DNS Rebinding Service
httprebind 295 almost 5 years ago Automatic tool for DNS rebinding-based SSRF attacks
dnsFookup 252 about 2 years ago DNS rebinding toolkit
surf 599 over 1 year ago Escalate your SSRF vulnerabilities on Modern Cloud Environments. allows you to filter a list of hosts, returning a list of viable SSRF candidates

Awesome Bug Bounty Tools / Exploitation / SQL Injection

sqlmap 32,841 6 months ago Automatic SQL injection and database takeover tool
NoSQLMap 2,958 10 months ago Automated NoSQL database enumeration and web application exploitation tool
SQLiScanner 801 about 7 years ago Automatic SQL injection with Charles and sqlmap api
SleuthQL 466 over 5 years ago Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap
mssqlproxy 728 over 4 years ago mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
sqli-hunter 425 about 1 year ago SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy
waybackSqliScanner 187 almost 6 years ago Gather urls from wayback machine then test each GET parameter for sql injection
ESC 283 about 2 years ago Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
mssqli-duet 93 about 5 years ago SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
burp-to-sqlmap Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap
BurpSQLTruncSanner 62 about 5 years ago Messy BurpSuite plugin for SQL Truncation vulnerabilities
andor 74 over 3 years ago Blind SQL Injection Tool with Golang
Blinder 51 over 5 years ago A python library to automate time-based blind SQL injection
sqliv 1,164 almost 7 years ago massive SQL injection vulnerability scanner
nosqli 359 over 3 years ago NoSql Injection CLI tool, for finding vulnerable websites using MongoDB
ghauri 3,208 6 months ago An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Awesome Bug Bounty Tools / Exploitation / XSS Injection

XSStrike 13,452 10 months ago Most advanced XSS scanner
xssor2 2,141 over 3 years ago XSS'OR - Hack with JavaScript
xsscrapy 1,665 12 months ago XSS spider - 66/66 wavsep XSS detected
sleepy-puppy 1,035 almost 7 years ago Sleepy Puppy XSS Payload Management Framework
ezXSS 1,938 5 months ago ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting
xsshunter 1,501 over 2 years ago The XSS Hunter service - a portable version of XSSHunter.com
dalfox 3,820 5 months ago DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
xsser 1,223 8 months ago Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications
XSpear 1,215 over 2 years ago Powerfull XSS Scanning and Parameter analysis tool&gem
weaponised-XSS-payloads 1,346 over 1 year ago XSS payloads designed to turn alert(1) into P1
tracy 555 about 2 years ago A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner
ground-control 535 almost 8 years ago A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities
xssValidator 411 over 3 years ago This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities
JSShell 362 almost 3 years ago An interactive multi-user web JS shell
bXSS 522 about 2 years ago bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting
docem 553 over 1 year ago Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
XSS-Radar 321 over 7 years ago XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities
BruteXSS 506 almost 4 years ago BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application
findom-xss 775 over 2 years ago A fast DOM based XSS vulnerability scanner with simplicity
domdig 396 11 months ago DOM XSS scanner for Single Page Applications
femida 279 over 5 years ago Automated blind-xss search for Burp Suite
B-XSSRF 295 almost 6 years ago Toolkit to detect and keep track on Blind XSS, XXE & SSRF
domxssscanner 192 over 6 years ago DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
xsshunter_client 250 over 2 years ago Correlated injection proxy tool for XSS Hunter
extended-xss-search 183 almost 6 years ago A better version of my xssfinder tool - scans for different types of xss on a list of urls
xssmap 261 almost 5 years ago XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
XSSCon 214 over 5 years ago XSSCon: Simple XSS Scanner tool
BitBlinder 108 almost 2 years ago BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
XSSOauthPersistence 77 over 6 years ago Maintaining account persistence via XSS and Oauth
shadow-workers 226 over 1 year ago Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
rexsser 76 over 4 years ago This is a burp plugin that extracts keywords from response using regexes and test for reflected XSS on the target scope
xss-flare XSS hunter on cloudflare serverless workers
Xss-Sql-Fuzz 61 over 6 years ago burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
vaya-ciego-nen 41 over 2 years ago Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities
dom-based-xss-finder 71 over 2 years ago Chrome extension that finds DOM based XSS vulnerabilities
XSSTerminal Develop your own XSS Payload using interactive typing
xss2png 177 over 2 years ago PNG IDAT chunks XSS payload generator
XSSwagger 56 over 5 years ago A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks

Awesome Bug Bounty Tools / Exploitation / XXE Injection

ground-control 535 almost 8 years ago A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities
dtd-finder 615 over 1 year ago List DTDs and generate XXE payloads using those local DTDs
docem 553 over 1 year ago Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
xxeserv 326 over 1 year ago A mini webserver with FTP support for XXE payloads
xxexploiter 547 over 2 years ago Tool to help exploit XXE vulnerabilities
B-XSSRF 295 almost 6 years ago Toolkit to detect and keep track on Blind XSS, XXE & SSRF
XXEinjector 1,556 6 months ago Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods
oxml_xxe 1,049 5 months ago A tool for embedding XXE/XML exploits into different filetypes
metahttp 37 over 4 years ago A bash script that automates the scanning of a target network for HTTP resources through XXE

Awesome Bug Bounty Tools / Exploitation / SSTI Injection

tplmap 3,823 about 1 year ago Server-Side Template Injection and Code Injection Detection and Exploitation Tool
SSTImap 881 8 months ago Automatic SSTI detection tool with interactive interface

Awesome Bug Bounty Tools / Miscellaneous / Passwords

thc-hydra 9,858 10 months ago Hydra is a parallelized login cracker which supports numerous protocols to attack
DefaultCreds-cheat-sheet 5,784 8 months ago One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password
changeme 1,457 over 3 years ago A default credential scanner
BruteX 1,990 9 months ago Automatically brute force all services running on a target
patator 3,598 8 months ago Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage

Awesome Bug Bounty Tools / Miscellaneous / Secrets

git-secrets 12,504 about 1 year ago Prevents you from committing secrets and credentials into git repositories
gitleaks 18,165 6 months ago Scan git repos (or files) for secrets using regex and entropy
truffleHog 17,601 5 months ago Searches through git repositories for high entropy strings and secrets, digging deep into commit history
gitGraber 2,044 10 months ago gitGraber: monitor GitHub to search and find sensitive data in real time for different online services
talisman 1,922 6 months ago By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys
GitGot 1,466 about 1 year ago Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets
git-all-secrets 1,114 almost 6 years ago A tool to capture all the git secrets by leveraging multiple open source git searching tools
github-search 1,358 over 2 years ago Tools to perform basic search on GitHub
git-vuln-finder 402 over 1 year ago Finding potential software vulnerabilities from git commit messages
commit-stream #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
gitrob 5,955 over 2 years ago Reconnaissance tool for GitHub organizations
repo-supervisor 638 almost 2 years ago Scan your code for security misconfiguration, search for passwords and secrets
GitMiner 2,093 almost 5 years ago Tool for advanced mining for content on Github
shhgit 3,849 over 1 year ago Ah shhgit! Find GitHub secrets in real time
detect-secrets 3,860 7 months ago An enterprise friendly way of detecting and preventing secrets in code
rusty-hog 461 9 months ago A suite of secret scanners built in Rust for performance. Based on TruffleHog
whispers 478 over 1 year ago Identify hardcoded secrets and dangerous behaviours
yar 232 over 4 years ago Yar is a tool for plunderin' organizations, users and/or repositories
dufflebag 289 about 2 years ago Search exposed EBS volumes for secrets
secret-bridge 191 7 months ago Monitors Github for leaked secrets
earlybird 711 9 months ago EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more
Trufflehog-Chrome-Extension 370 over 3 years ago Trufflehog-Chrome-Extension
noseyparker 1,716 5 months ago Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history

Awesome Bug Bounty Tools / Miscellaneous / Git

GitTools 3,880 almost 2 years ago A repository with 3 tools for pwn'ing websites with .git repositories available
gitjacker 1,556 over 2 years ago Leak git repositories from misconfigured websites
git-dumper 1,915 6 months ago A tool to dump a git repository from a website
GitHunter 97 over 1 year ago A tool for searching a Git repository for interesting content
dvcs-ripper 1,712 10 months ago Rip web accessible (distributed) version control systems: SVN/GIT/HG
Gato (Github Attack TOolkit) 573 10 months ago GitHub Self-Hosted Runner Enumeration and Attack Tool

Awesome Bug Bounty Tools / Miscellaneous / Buckets

S3Scanner 2,613 6 months ago Scan for open AWS S3 buckets and dump the contents
AWSBucketDump 1,371 about 1 year ago Security Tool to Look For Interesting Files in S3 Buckets
CloudScraper 506 about 3 years ago CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space
s3viewer 436 over 1 year ago Publicly Open Amazon AWS S3 Bucket Viewer
festin 231 over 4 years ago FestIn - S3 Bucket Weakness Discovery
s3reverse 84 about 2 years ago The format of various s3 buckets is convert in one format. for bugbounty and security testing
mass-s3-bucket-tester 52 11 months ago This tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable
S3BucketList 79 7 months ago Firefox plugin that lists Amazon S3 Buckets found in requests
dirlstr 51 over 3 years ago Finds Directory Listings or open S3 buckets from a list of URLs
Burp-AnonymousCloud 42 over 2 years ago Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities
kicks3 34 over 5 years ago S3 bucket finder from html,js and bucket misconfiguration testing tool
2tearsinabucket 7 about 5 years ago Enumerate s3 buckets for a specific target
s3_objects_check 75 about 3 years ago Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files
s3tk 454 8 months ago A security toolkit for Amazon S3
CloudBrute 913 10 months ago Awesome cloud enumerator
s3cario 16 about 4 years ago This tool will get the CNAME first if it's a valid Amazon s3 bucket and if it's not, it will try to check if the domain is a bucket name
S3Cruze 71 over 6 years ago All-in-one AWS S3 bucket tool for pentesters

Awesome Bug Bounty Tools / Miscellaneous / CMS

wpscan 8,671 5 months ago WPScan is a free, for non-commercial use, black box WordPress security scanner
WPSpider 76 over 5 years ago A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility
wprecon 15 over 2 years ago Wordpress Recon
CMSmap 1,048 over 3 years ago CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs
joomscan 1,088 9 months ago OWASP Joomla Vulnerability Scanner Project
pyfiscan 565 10 months ago Free web-application vulnerability and version scanner
aemhacker 774 10 months ago Tools to identify vulnerable Adobe Experience Manager (AEM) webapps
aemscan 182 about 2 years ago Adobe Experience Manager Vulnerability Scanner

Awesome Bug Bounty Tools / Miscellaneous / JSON Web Token

jwt_tool 5,501 10 months ago A toolkit for testing, tweaking and cracking JSON Web Tokens
c-jwt-cracker 2,410 almost 2 years ago JWT brute force cracker written in C
jwt-heartbreaker 126 over 4 years ago The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
jwtear 100 about 2 years ago Modular command-line tool to parse, create and manipulate JWT tokens for hackers
jwt-key-id-injector 51 over 4 years ago Simple python script to check against hypothetical JWT vulnerability
jwt-hack 770 about 1 year ago jwt-hack is tool for hacking / security testing to JWT
jwt-cracker 1,049 11 months ago Simple HS256 JWT token brute force cracker

Awesome Bug Bounty Tools / Miscellaneous / postMessage

postMessage-tracker 1,067 over 1 year ago A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
PostMessage_Fuzz_Tool 36 over 5 years ago #BugBounty #BugBounty Tools #WebDeveloper Tool

Awesome Bug Bounty Tools / Miscellaneous / Subdomain Takeover

subjack 1,921 almost 2 years ago Subdomain Takeover tool written in Go
SubOver 936 over 1 year ago A Powerful Subdomain Takeover Tool
autoSubTakeover 133 almost 2 years ago A tool used to check if a CNAME resolves to the scope address. If the CNAME resolves to a non-scope address it might be worth checking out if subdomain takeover is possible
NSBrute 86 over 2 years ago Python utility to takeover domains vulnerable to AWS NS Takeover
can-i-take-over-xyz 4,913 6 months ago "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records
cnames 15 about 2 years ago take a list of resolved subdomains and output any corresponding CNAMES en masse
subHijack 8 almost 6 years ago Hijacking forgotten & misconfigured subdomains
tko-subs 748 over 4 years ago A tool that can help detect and takeover subdomains with dead DNS records
HostileSubBruteforcer 456 over 4 years ago This app will bruteforce for exisiting subdomains and provide information if the 3rd party host has been properly setup
second-order 380 about 2 years ago Second-order subdomain takeover scanner
takeover 49 about 4 years ago A tool for testing subdomain takeover possibilities at a mass scale
dnsReaper 2,037 7 months ago DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal!

Awesome Bug Bounty Tools / Miscellaneous / Vulnerability Scanners

nuclei 21,054 5 months ago Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use
Sn1per 8,190 6 months ago Automated pentest framework for offensive security experts
metasploit-framework 34,393 6 months ago Metasploit Framework
nikto 8,746 6 months ago Nikto web server scanner
arachni 3,804 about 2 years ago Web Application Security Scanner Framework
jaeles 2,179 about 1 year ago The Swiss Army knife for automated Web Application Testing
retire.js 3,717 6 months ago scanner detecting the use of JavaScript libraries with known vulnerabilities
Osmedeus 5,396 about 1 year ago Fully automated offensive security framework for reconnaissance and vulnerability scanning
getsploit 1,734 12 months ago Command line utility for searching and downloading exploits
flan 4,088 8 months ago A pretty sweet vulnerability scanner
Findsploit 1,659 over 3 years ago Find exploits in local and online databases instantly
BlackWidow 1,545 6 months ago A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website
backslash-powered-scanner 643 over 1 year ago Finds unknown classes of injection vulnerabilities
Eagle 113 almost 2 years ago Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
cariddi 1,551 7 months ago Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
OWASP ZAP 12,847 5 months ago World’s most popular free web security tools and is actively maintained by a dedicated international team of volunteers
SSTImap 881 8 months ago SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself

Awesome Bug Bounty Tools / Miscellaneous / Useful

anew 1,420 over 1 year ago A tool for adding new lines to files, skipping duplicates
gf 1,840 12 months ago A wrapper around grep, to help you grep for things
uro 1,225 6 months ago declutters url lists for crawling/pentesting
unfurl 1,103 almost 2 years ago Pull out bits of URLs provided on stdin
qsreplace 774 over 2 years ago Accept URLs on stdin, replace all query string values with a user-supplied value

Awesome Bug Bounty Tools / Miscellaneous / Uncategorized

JSONBee 678 about 1 year ago A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites
CyberChef 29,563 7 months ago The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
-
bountyplz 446 about 6 years ago Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)
PayloadsAllTheThings 61,904 6 months ago A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bounty-targets-data 3,178 6 months ago This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
android-security-awesome 8,270 6 months ago A collection of android security related resources
awesome-mobile-security 3,069 about 1 year ago An effort to build a single place for all useful android and iOS security related stuff
awesome-vulnerable-apps 1,033 10 months ago Awesome Vulnerable Applications
XFFenum 90 about 1 year ago X-Forwarded-For [403 forbidden] enumeration
httpx 7,870 5 months ago httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads
csprecon 385 5 months ago Discover new target domains using Content Security Policy

Backlinks from these awesome lists:

More related projects: