Python Bugbounty

Open-source Python projects categorized as Bugbounty | Edit details

Top 23 Python Bugbounty Projects

  • PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: Need Help for python backdoor connection using socket | reddit.com/r/ethicalhacking | 2021-12-26
  • dirsearch

    Web path scanner

    Project mention: Release dirsearch v0.4.2 - Web Path Scanner | reddit.com/r/netsec | 2021-09-12
  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • OneForAll

    OneForAll是一款功能强大的子域收集工具

  • nuclei-templates

    Community curated list of templates for the nuclei engine to find security vulnerabilities.

    Project mention: Log4j RCE Found | news.ycombinator.com | 2021-12-09

    https://github.com/google/tsunami-security-scanner (I bet it would be easy to write a plugin for https://github.com/projectdiscovery/nuclei as well.)

    To see if there are injection points statically, I work on a tool (https://github.com/returntocorp/semgrep) that someone else already wrote a check with: https://twitter.com/lapt0r/status/1469096944047779845 or look for the mitigation with `semgrep -e '$LOGGER.formatMsgNoLookups(true)' --lang java`. For the mitigation, the string should be unique enough that just ripgrep works well too.

  • apkleaks

    Scanning APK file for URIs, endpoints & secrets.

    Project mention: Scan the apk file to check its different layers | reddit.com/r/NETSECSOFT | 2022-01-09

    git clone https://github.com/dwisiswant0/apkleaks

  • Awesome-Bugbounty-Writeups

    A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

    Project mention: Awesome Bugbounty Writeups: A curated list of bugbounty writeups (Bug type wise) , inspire | reddit.com/r/bugbounty | 2021-02-11
  • pagodo

    pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

    Project mention: Automate Google Python | reddit.com/r/Python | 2022-01-15
  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • Interlace

    Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

    Project mention: Make-My-Threads | reddit.com/r/tryhackme | 2021-02-16

    How is this different from interlace

  • hackerone-reports

    Top disclosed reports from HackerOne

    Project mention: XXE (XML External Entity) Attack & Prevention | dev.to | 2021-02-18

    There was an interesting case on Hackerone where the XMP metadata of a JPG file was getting parsed unsafely. There are many other interesting XXE bugs there as well if you want to take a look.

  • Redcloud

    Automated Red Team Infrastructure deployement using Docker

    Project mention: khast3x/Redcloud - Automated Red Team Infrastructure deployement using Docker | reddit.com/r/GithubSecurityTools | 2021-08-07
  • dnsgen

    Generates combination of domain names from the provided input.

    Project mention: ProjectAnte/dnsgen - Generates combination of domain names from the provided input. | reddit.com/r/GithubSecurityTools | 2021-09-17
  • JSshell

    JSshell - JavaScript reverse/remote shell

    Project mention: [AskJS] Running JavaScript in the console of a website from terminal | reddit.com/r/javascript | 2021-09-21

    If you own this website, and you want to control the console of the website (where "console" is similar to the devtools console in Chrome) you can use something like JSshell to hook into the browser session, and have it create a reverse shell back to your terminal. Any commands you submit from the terminal will now run on the website session (full access to the window/DOM).

  • HawkScan

    Security Tool for Reconnaissance and Information Gathering on a website. (python 3.x)

    Project mention: HawkScan: Herramienta de seguridad para #Reconnaissance e #InformationGathering 💯 | reddit.com/r/u_esgeeks | 2021-10-21
  • basecrack

    Decode All Bases - Base Scheme Decoder

    Project mention: Multi-layer base-encoded string | reddit.com/r/codes | 2022-01-22

    Nice one ! I couldn't solve it with Basecrack but I got it with CodExt...

  • GRecon

    Automated Google Search

    Project mention: 🔰 GRecon: Recon Google Automatizado | reddit.com/r/u_esgeeks | 2021-04-09
  • dora

    Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

    Project mention: Created a tool to find exposed API keys based on RegEx and get exploitation methods for some of keys that are found | reddit.com/r/HowToHack | 2021-12-19
  • Jira-Lens

    Fast and customizable vulnerability scanner For JIRA written in Python

    Project mention: Fast and customizable vulnerability scanner For JIRA written in Python | reddit.com/r/Hacking_Tutorials | 2021-11-15
  • SourceWolf

    Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

    Project mention: Spidering tools /Param Mining | reddit.com/r/bugbounty | 2021-07-19

    Here

  • crimson

    Reconstruction and automation of the reconnaissance phase.

    Project mention: 🔰 Crimson: Reconstrucción y automatización de la fase de #reconnaissance | reddit.com/r/u_esgeeks | 2021-03-16
  • targets

    A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations. (by BugBountyResources)

  • Subcert

    Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

    Project mention: 🔎 #Subcert: herramienta de #enumeración de #subdominios | reddit.com/r/u_esgeeks | 2021-04-20
  • recce

    Domain availbility checker

    Project mention: unstabl3/recce - Domain availbility checker | reddit.com/r/GithubSecurityTools | 2021-07-10
  • FrameDomain

    FrameDomain Framework - subdomains enumeration tool for penetration testers

    Project mention: 🐱‍🏍 #FrameDomain #Framework: Herramienta de Eenumeración e #InformationGathering | reddit.com/r/u_esgeeks | 2021-04-21
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-01-22.

Python Bugbounty related posts

Index

What are some of the best open-source Bugbounty projects in Python? This list will help you:

Project Stars
1 PayloadsAllTheThings 33,677
2 dirsearch 7,424
3 OneForAll 4,328
4 nuclei-templates 3,296
5 apkleaks 2,778
6 Awesome-Bugbounty-Writeups 2,475
7 pagodo 1,431
8 Interlace 894
9 hackerone-reports 725
10 Redcloud 716
11 dnsgen 547
12 JSshell 379
13 HawkScan 302
14 basecrack 299
15 GRecon 161
16 dora 146
17 Jira-Lens 144
18 SourceWolf 108
19 crimson 80
20 targets 77
21 Subcert 52
22 recce 29
23 FrameDomain 18
Find remote jobs at our new job board 99remotejobs.com. There are 30 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
OPS - Build and Run Open Source Unikernels
Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.
github.com/nanovms