A list of interesting payloads, tips and tricks for bug bounty hunters.
Updated Mar 15, 2019
Automated NoSQL database enumeration and web application exploitation tool.
Updated Feb 8, 2019
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Security Tool to Look For Interesting Files in S3 Buckets
Updated Nov 16, 2018
Scan for open AWS S3 buckets and dump the contents
Updated Apr 18, 2019
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Updated Dec 13, 2017
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code a…
Updated Oct 19, 2018
Subdomain Takeover tool written in Go
Updated Feb 6, 2019
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Updated Jan 28, 2019
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work …
Penetration tests cases, resources and guidelines.
Updated Apr 14, 2019
A Powerful Subdomain Takeover Tool
Updated Aug 30, 2018
Updated Apr 2, 2019
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple wa…
Updated Apr 1, 2019
Collection of small security tools created mostly in Python. CTFs, pentests and so on
Updated Apr 7, 2019
Multi Tool Subdomain Enumeration
Updated Mar 26, 2019
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Updated Dec 26, 2018
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if t…
Updated Jan 12, 2019
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Updated Jul 18, 2018
Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusias…
Updated Mar 29, 2019
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Updated Oct 14, 2018
A big list of Android Hackerone disclosed reports and other resources.
Updated Nov 29, 2018
Extracting URLs of a specific target based on the results of "commoncrawl.org"
Updated Apr 13, 2019
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Updated Apr 6, 2019
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
PHP Security Check List [ EN ] 🌋 ☣️
Updated Nov 1, 2018
🎯 Command Injection Payload List
Updated Jan 30, 2019
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage …
Updated Mar 9, 2019
Tools of "The Bug Hunters Methodology V2 by @jhaddix
Updated Aug 11, 2017
aquatone results for sites with bug bountys
Updated Sep 5, 2018