Top 21 bugbounty-tool Open-Source Projects

• dalfox

  1 3,324 8.5 Go

  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

• malicious-pdf

  13 2,693 2.5 Python

  💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Project mention: Securing PDF Generators Against SSRF Vulnerabilities | /r/netsec | 2023-05-30

Wrote a tool two years ago that does some of the PDF-tests. But more could be added: https://github.com/jonaslejon/malicious-pdf

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• inql

  3 1,470 4.2 Python

  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

  

• Galaxy-Bugbounty-Checklist

  1 1,324 6.1

  Tips and Tutorials for Bug Bounty and also Penetration Tests.

• go-dork

  4 998 3.3 Go

  The fastest dork scanner written in Go.

• Payloads

  1 840 3.7 PHP

  Payload Arsenal for Pentration Tester and Bug Bounty Hunters (by sh377c0d3)

• Garud

  1 750 0.0 Shell

  An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• ppfuzz

  2 542 0.0 Rust

  A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

• ppmap

  3 446 0.0 Go

  A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

• csprecon

  6 320 8.9 Go

  Discover new target domains using Content Security Policy

• GRecon

  1 210 2.6 Python

  Another version of katana, more automated but less stable. the purpose of this small tool is to run a Google based passive recon against your scope.

• Reconky-Automated_Bash_Script

  6 193 0.0 Shell

  Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

• web-hacking-toolkit

  1 155 0.0 Makefile

  A web hacking toolkit (docker image).

  

• webstor

  5 150 2.8 Python

  WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

• PassDetective

  9 108 6.6 Go

  PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.

Project mention: PassDetective has released on Kali Linux | news.ycombinator.com | 2023-12-01

• Discord-Recon

  1 69 4.1 Python

  Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server

• s1c0n

  1 59 6.5 Python

  simple recon tool to help you for searching vulnerability on web server

• CloudSniffer

  1 53 4.6 Python

  CloudSniffer is a powerful tool designed to aid in the discovery of the real IP address of a website protected by Cloudflare. It leverages brute force techniques by testing a list of IP addresses and analyzing the status codes returned by the server to uncover the actual IP address of the target website.

Project mention: Privacy | /r/selfhosted | 2023-07-01

• OrgASM

  2 26 7.1 Python

  A tool for Oragnized ASM (Attack Surface Mapper). Subdomains enumeration, IPs scans, Vulnerability assesment...

Project mention: New Attack Surface Discovery tool : OrgASM | /r/cybersecurity | 2023-05-31

• Recon-Plus

  1 9 2.6 Python

  A Unified Reconnaissance Tool for Pentesting

• BurpPro-FastCrawler

  1 7 0.0 Python

  The simplest way to integrate your subdomain enum outputs with Burp Pro (Fast Crawler)

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

bugbounty-tool related posts

• PassDetective has released on Kali Linux

  1 project | news.ycombinator.com | 1 Dec 2023

• Introducing PassDetective: Your Guardian Against Accidental Data Exposure in Command History! 🛡️🕵️‍♂️

  1 project | /r/Hacking_Tutorials | 26 Jul 2023

• Introducing PassDetective: Your Guardian Against Accidental Data Exposure in Command History! 🛡️🕵️‍♂️

  1 project | /r/blueteamsec | 26 Jul 2023

• Introducing PassDetective: Your Guardian Against Accidental Data Exposure in Command History! 🛡️🕵️‍♂️

  1 project | /r/golang | 24 Jul 2023

• Introducing PassDetective: Your Guardian Against Accidental Data Exposure in Command History! 🛡️🕵️‍♂️

  1 project | /r/blackhat | 24 Jul 2023

• Introducing PassDetective: Your Guardian Against Accidental Data Exposure in Command History! 🛡️🕵️‍♂️

  1 project | /r/Information_Security | 24 Jul 2023

• Introducing PassDetective: Your Guardian Against Accidental Data Exposure in Command History! 🛡️🕵️‍♂️

  1 project | /r/redteamsec | 24 Jul 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 17 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com