Top 23 bug-bounty Open-Source Projects

• Awesome-Hacking

  12 77,275 3.7

  A collection of various awesome lists for hackers, pentesters and security researchers

  

Project mention: Cyber Security iPhone Application Idea | /r/iOSDevelopment | 2023-07-03

8. Security Knowledge Base: - Utilize resources like The-book-of-secret-knowledge (e.g., https://github.com/trimstray/the-book-of-secret-knowledge) and Awesome-Hacking (e.g., https://github.com/Hack-with-Github/Awesome-Hacking) to build a knowledge base. - Extract relevant security information and create a structured knowledge base within SecurIoT. - Implement functionality to query and retrieve security information from the knowledge base. - Thoroughly test the knowledge base integration, ensuring accurate retrieval of security knowledge.

• dirsearch

  12 11,253 7.7 Python

  Web path scanner

Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• Resources-for-Beginner-Bug-Bounty-Hunters

  5 10,141 2.9

  A list of resources for those interested in getting started in bug bounties

Project mention: Getting started with bb journey | /r/bugbounty | 2023-06-28

• rengine

  4 6,737 9.5 Python

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21

I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.

• reconftw

  3 5,231 9.3 Shell

  reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Project mention: Automated recognition frameworks? | /r/bugbounty | 2023-06-23

• osmedeus

  2 5,083 6.4 Go

  A Workflow Engine for Offensive Security

• axiom

  3 3,817 7.0 Shell

  The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• black-hat-rust

  48 3,047 4.3 Rust

  Applied offensive security with Rust - https://kerkour.com/black-hat-rust

  

Project mention: Cloudflare for Speed and Security | /r/CloudFlare | 2023-10-20

Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!

• afrog

  1 2,819 9.7 Go

  A Security Tool for Bug Bounty, Pentest and Red Teaming.

Project mention: Afrog explained for bug bounty hunters | dev.to | 2023-12-28

• awesome-oneliner-bugbounty

  2 2,429 0.0

  A collection of awesome one-liner scripts especially for bug bounty tips.

• 31-days-of-API-Security-Tips

  2 2,057 0.0

  This challenge is Inon Shkedy's 31 days API Security Tips.

• sn0int

  1 1,847 5.2 Rust

  Semi-automatic OSINT framework and package manager

• API-SecurityEmpire

  1 1,285 2.8

  API Security Project aims to present unique attack & defense methods in API Security field (by Cyber-Guy1)

• Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

  3 1,175 5.1

Project mention: Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes | /r/bugbounty | 2023-05-26

• metabigor

  1 1,139 6.4 Go

  OSINT tools and more but without API key

• v3-periphery

  13 1,106 2.6 TypeScript

  🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3

  

Project mention: I get an "ambiguous primary types or unused types" error when trying to mint an NFT requiring 2 signatures via EIP712 | /r/solidity | 2023-05-24

I modified my code to use EIP712 to require an authorized wallet to also sign in order for an NFT to be minted. I based this off of this: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7e814a3074baa921db584c180ff6e300cdec8735/contracts/token/ERC20/extensions/ERC20Permit.sol. This is an example of someone calling a smart contract containing this ERC20Permit.sol code https://github.com/Uniswap/v3-periphery/blob/main/test/shared/permit.ts. This particular ERC20Permit.sol code is designed to allow an account to approve ERC20 spend limits without spending gas fees but the same underlying mechanisms could be applied to my use case.

• diodb

  10 955 7.6 Python

  Open-source vulnerability disclosure and bug bounty program database

  

• clairvoyance

  2 908 4.3 Python

  Obtain GraphQL API schema even if the introspection is disabled

Project mention: nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled | /r/bugbountybeginner | 2023-09-08

• offensive-docker

  1 709 0.0 Dockerfile

  Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

• DataSurgeon

  5 699 8.1 Rust

  Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

• socialhunter

  2 608 0.0 Go

  crawls the website and finds broken social media links that can be hijacked

• Facebook-BugBounty-Writeups

  1 571 5.2

  Collection of Facebook Bug Bounty Writeups

• awesome-bbht

  2 540 4.1 Shell

  A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

bug-bounty related posts

• Exiflooter has released on Black Arch Linux
  1 project | news.ycombinator.com | 1 Dec 2023
• nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled
  1 project | /r/bugbountybeginner | 8 Sep 2023
• Intro To Bug Hunting
  1 project | /r/bugbounty | 9 Jul 2023
• Intro to Bug Hunting
  1 project | /r/cybersecurity | 9 Jul 2023
• ParaForge: A BurpSuite extension to create a custom word list of endpoints and parameters for enumeration and fuzzing
  1 project | /r/cybersecurity | 30 Jun 2023
• Getting started with bb journey
  2 projects | /r/bugbounty | 28 Jun 2023
• ParaForge: A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
  1 project | /r/bag_o_news | 27 Jun 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 29 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com