Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Bugbounty Open-Source Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
-
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
-
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. (by projectdiscovery)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
-
awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
-
wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
-
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
-
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
-
Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
Project mention: Subdomain.center – discover all subdomains for a domain | news.ycombinator.com | 2023-09-15https://github.com/projectdiscovery/subfinder does this, but it explains all the methods and lets you choose to only do a passive scan.
Project mention: Script kiddie tools preferred by the hackers of this channel? | /r/hacking | 2023-07-08Check https://github.com/projectdiscovery/nuclei mostly for CVEs.
Project mention: HTTP toolkit that allows running multiple probes | news.ycombinator.com | 2024-04-02
Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.
At the beginning, I read all things in here https://owasp.org/www-project-web-security-testing-guide/, also gets familiars with owasp top 10. But later on, I focus on a few techniques only.
Like an example XSS payload? Go nuts: https://github.com/payloadbox/xss-payload-list
Yeah, pretty close: "On-site request forgery"[0]
[0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...
Bugbounty related posts
- HTTP toolkit that allows running multiple probes
- How I hacked chess.com with a rookie exploit
- Uncover: Quickly find exposed hosts using multiple search engines
- Flutter Spy, a tool to reverse engineer and extract data from a Flutter app
- Explore, analyze, and gain valuable data & insights from reverse-engineered Flutter apps with Flutter-Spy
- Where do you focus your time and energy?
- XSS
-
A note from our sponsor - InfluxDB
www.influxdata.com | 25 Apr 2024
Index
What are some of the best open-source Bugbounty projects? This list will help you:
Project | Stars | |
---|---|---|
1 | PayloadsAllTheThings | 56,681 |
2 | dirsearch | 11,213 |
3 | Resources-for-Beginner-Bug-Bounty-Hunters | 10,141 |
4 | subfinder | 9,318 |
5 | nuclei-templates | 8,024 |
6 | OneForAll | 7,676 |
7 | httpx | 6,803 |
8 | rengine | 6,685 |
9 | awesome-hacker-search-engines | 6,664 |
10 | wstg | 6,661 |
11 | hetty | 5,906 |
12 | xss-payload-list | 5,613 |
13 | HowToHunt | 5,573 |
14 | bugbounty-cheatsheet | 5,555 |
15 | AllAboutBugBounty | 5,409 |
16 | DefaultCreds-cheat-sheet | 5,269 |
17 | scan4all | 5,231 |
18 | reconftw | 5,231 |
19 | osmedeus | 5,069 |
20 | apkleaks | 4,578 |
21 | can-i-take-over-xyz | 4,440 |
22 | Awesome-Bugbounty-Writeups | 4,364 |
23 | commix | 4,327 |
Sponsored