The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Bugbounty Open-Source Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
-
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
-
Project mention: Subdomain.center – discover all subdomains for a domain | news.ycombinator.com | 2023-09-15
https://github.com/projectdiscovery/subfinder does this, but it explains all the methods and lets you choose to only do a passive scan.
-
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Project mention: Script kiddie tools preferred by the hackers of this channel? | /r/hacking | 2023-07-08Check https://github.com/projectdiscovery/nuclei mostly for CVEs.
-
-
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. (by projectdiscovery)
Httpx: https://github.com/projectdiscovery/httpx
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.
-
wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
At the beginning, I read all things in here https://owasp.org/www-project-web-security-testing-guide/, also gets familiars with owasp top 10. But later on, I focus on a few techniques only.
-
awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
-
-
-
-
Like an example XSS payload? Go nuts: https://github.com/payloadbox/xss-payload-list
-
Yeah, pretty close: "On-site request forgery"[0]
[0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...
-
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
-
scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
-
-
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
-
-
Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Bugbounty related posts
- How I hacked chess.com with a rookie exploit
- Uncover: Quickly find exposed hosts using multiple search engines
- Flutter Spy, a tool to reverse engineer and extract data from a Flutter app
- Explore, analyze, and gain valuable data & insights from reverse-engineered Flutter apps with Flutter-Spy
- Where do you focus your time and energy?
- XSS
- Exiflooter has released on Black Arch Linux
-
A note from our sponsor - WorkOS
workos.com | 28 Mar 2024
Index
What are some of the best open-source Bugbounty projects? This list will help you:
Project | Stars | |
---|---|---|
1 | PayloadsAllTheThings | 56,138 |
2 | dirsearch | 11,086 |
3 | Resources-for-Beginner-Bug-Bounty-Hunters | 10,038 |
4 | subfinder | 9,150 |
5 | nuclei-templates | 7,864 |
6 | OneForAll | 7,567 |
7 | httpx | 6,669 |
8 | rengine | 6,615 |
9 | wstg | 6,569 |
10 | awesome-hacker-search-engines | 6,552 |
11 | hetty | 5,906 |
12 | HowToHunt | 5,524 |
13 | bugbounty-cheatsheet | 5,497 |
14 | xss-payload-list | 5,488 |
15 | AllAboutBugBounty | 5,181 |
16 | reconftw | 5,174 |
17 | scan4all | 5,170 |
18 | DefaultCreds-cheat-sheet | 5,165 |
19 | osmedeus | 5,023 |
20 | apkleaks | 4,521 |
21 | can-i-take-over-xyz | 4,398 |
22 | commix | 4,298 |
23 | Awesome-Bugbounty-Writeups | 4,269 |