Bugbounty

Open-source projects categorized as Bugbounty

Top 23 Bugbounty Open-Source Projects

  • PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

    Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

  • dirsearch

    Web path scanner

    Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

    I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • Resources-for-Beginner-Bug-Bounty-Hunters

    A list of resources for those interested in getting started in bug bounties

    Project mention: Getting started with bb journey | /r/bugbounty | 2023-06-28
  • subfinder

    Fast passive subdomain enumeration tool.

    Project mention: Subdomain.center – discover all subdomains for a domain | news.ycombinator.com | 2023-09-15

    https://github.com/projectdiscovery/subfinder does this, but it explains all the methods and lets you choose to only do a passive scan.

  • nuclei-templates

    Community curated list of templates for the nuclei engine to find security vulnerabilities.

    Project mention: Script kiddie tools preferred by the hackers of this channel? | /r/hacking | 2023-07-08

    Check https://github.com/projectdiscovery/nuclei mostly for CVEs.

  • OneForAll

    OneForAll是一款功能强大的子域收集工具

  • httpx

    httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. (by projectdiscovery)

    Project mention: 5 Awesome Go Projects To Know Before You Die | /r/golang | 2023-05-05

    Httpx: https://github.com/projectdiscovery/httpx

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • rengine

    reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

    Project mention: Any self-host FOSS suites for running phishing testing campaigns? | /r/selfhosted | 2023-05-21

    I couldn't find anything named reEngine, but I found reNgine ( https://yogeshojha.github.io/rengine/ ) which I think is what you meant.

  • wstg

    The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

    Project mention: Where do you focus your time and energy? | /r/bugbounty | 2023-12-10

    At the beginning, I read all things in here https://owasp.org/www-project-web-security-testing-guide/, also gets familiars with owasp top 10. But later on, I focus on a few techniques only.

  • awesome-hacker-search-engines

    A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

    Project mention: Awesome Hacker Search Engines | /r/tech | 2023-04-11
  • hetty

    An HTTP toolkit for security research.

  • HowToHunt

    Collection of methodology and test case for various web vulnerabilities.

  • bugbounty-cheatsheet

    A list of interesting payloads, tips and tricks for bug bounty hunters.

  • xss-payload-list

    🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

    Project mention: XSS example | /r/bugbounty | 2023-06-15

    Like an example XSS payload? Go nuts: https://github.com/payloadbox/xss-payload-list

  • AllAboutBugBounty

    All about bug bounty (bypasses, payloads, and etc)

    Project mention: How I hacked chess.com with a rookie exploit | news.ycombinator.com | 2024-01-26

    Yeah, pretty close: "On-site request forgery"[0]

    [0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...

  • reconftw

    reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

    Project mention: Automated recognition frameworks? | /r/bugbounty | 2023-06-23
  • scan4all

    Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

  • DefaultCreds-cheat-sheet

    One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

  • osmedeus

    A Workflow Engine for Offensive Security

  • apkleaks

    Scanning APK file for URIs, endpoints & secrets.

  • can-i-take-over-xyz

    "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

  • commix

    Automated All-in-One OS Command Injection Exploitation Tool.

  • Awesome-Bugbounty-Writeups

    A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-01-26.

Bugbounty related posts

Index

What are some of the best open-source Bugbounty projects? This list will help you:

Project Stars
1 PayloadsAllTheThings 56,138
2 dirsearch 11,086
3 Resources-for-Beginner-Bug-Bounty-Hunters 10,038
4 subfinder 9,150
5 nuclei-templates 7,864
6 OneForAll 7,567
7 httpx 6,669
8 rengine 6,615
9 wstg 6,569
10 awesome-hacker-search-engines 6,552
11 hetty 5,906
12 HowToHunt 5,524
13 bugbounty-cheatsheet 5,497
14 xss-payload-list 5,488
15 AllAboutBugBounty 5,181
16 reconftw 5,174
17 scan4all 5,170
18 DefaultCreds-cheat-sheet 5,165
19 osmedeus 5,023
20 apkleaks 4,521
21 can-i-take-over-xyz 4,398
22 commix 4,298
23 Awesome-Bugbounty-Writeups 4,269
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com