Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

All about bug bounty (bypasses, payloads, and etc)

A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.

Gov domains and urls from some countries

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Streamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using shell script and open source tools.

Here we discuss how one can investigate crypto hacks and security incidents, and collect all the possible tools and manuals! PRs are welcome! If any tool is missing - please open PR!

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Data set of top third party web domains with rich metadata about them

Shodan Dorks 2023

The Bug Hunters Methodology

Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.

The recursive internet scanner for hackers. 🧡

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

XSS payloads designed to turn alert(1) into P1

fsociety Hacking Tools Pack – A Penetration Testing Framework

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

Notes about attacking Jenkins servers

Ghost Driver is an implementation of the Remote WebDriver Wire protocol, using PhantomJS as back-end

Scrapts Scrapts Scrapts

A GUI client for Windows, Linux and macOS, support Xray and sing-box and others

A fast, simple, recursive content discovery tool written in Rust.

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

An step by step fuzzing tutorial. A GitHub Security Lab initiative

Dorks for Bug Bounty Hunting

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Top disclosed reports from HackerOne