Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Python Bugbounty Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
-
-
-
malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
-
inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
-
requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
-
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
-
jfscan
JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.
Project mention: [GitHub Action]: Wrappers for sqlmap, bbot and nikto | /r/cybersecurity | 2023-05-29Its not that much of a tool than wrappers of few awesome tools that most of you probably know and use today - sqlmap, bbot and nikto.
Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf
- using reflutter (https://github.com/Impact-I/reFlutter) framework, to patch the app in question so it can use a burp proxy.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-12-08.
Python Bugbounty related posts
- Script kiddie tools preferred by the hackers of this channel?
- MobSecco: A tool for Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins
- ParaForge: A BurpSuite extension to create a custom word list of endpoints and parameters for enumeration and fuzzing
- ParaForge: A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
- Flutter mobile app pentesting
- I have created a tool MobSecco. which allow clone and create replica apk for bypassing code tampering detection and check CVE from plugins in Cordova Framework mobile application.
- Link CVE to installed applications?
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 Apr 2024
Index
What are some of the best open-source Bugbounty projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | PayloadsAllTheThings | 56,534 |
| 2 | dirsearch | 11,179 |
| 3 | OneForAll | 7,643 |
| 4 | rengine | 6,659 |
| 5 | DefaultCreds-cheat-sheet | 5,256 |
| 6 | apkleaks | 4,570 |
| 7 | can-i-take-over-xyz | 4,424 |
| 8 | Awesome-Bugbounty-Writeups | 4,358 |
| 9 | commix | 4,318 |
| 10 | bbot | 3,489 |
| 11 | hackerone-reports | 3,176 |
| 12 | malicious-pdf | 2,585 |
| 13 | pagodo | 2,560 |
| 14 | inql | 1,455 |
| 15 | reFlutter | 1,452 |
| 16 | requests-ip-rotator | 1,221 |
| 17 | Interlace | 1,168 |
| 18 | Redcloud | 1,164 |
| 19 | FavFreak | 1,069 |
| 20 | subscraper | 734 |
| 21 | JSshell | 566 |
| 22 | jfscan | 521 |
| 23 | CRLFsuite | 498 |
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com