A Recon Tool for Bug Bounty Hunters and Security Researchers

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Awesome cloud enumerator

🦄🔒 Awesome list of secrets in environment variables 🖥️

Automation for javascript recon in bug bounty.

The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

Twitter vulnerable snippets

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …

Useful Google Dorks for WebSecurity and Bug Bounty

Awesome Vulnerable Applications

A collection of PDF/books about the modern web application security and bug bounty.

平常看到好的渗透hacking工具和多领域效率工具的集合

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

Community curated list of public bug bounty and responsible disclosure programs.

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

🚀 Caido releases, wiki and roadmap

🎯 XML External Entity (XXE) Injection Payload List

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Tool to bypass 403/40X response codes.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A repository that includes all the important wordlists used while bug hunting.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

OSINT tools and more but without API key

Asset inventory of over 800 public bug bounty programs.

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.