This repository documents my path from cybersecurity enthusiast to a skilled bug bounty hunter. Here, I share the tools, resources, techniques, and real-world insights I've gathered along the way, aimed at uncovering vulnerabilities and improving application security.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python script to get bounties from Github/Algora

Dons Js Scanner is a sleek command-line tool that hunts for hidden treasures—API keys, credentials, and secrets—lurking in the JavaScript of websites. Its vibrant ASCII art logo welcomes users to a journey where it scans, reveals, and safeguards against potential security breaches.

ThreatTracer - A python Script to identify CVE by name & version and more by @FR13ND0x7f

Distributed Networks Institute

Image eXploit Loader

Repository specifically for bug bounty tests and knowledge.

Casdoor SCIM API misconfigurations to create a new user with random credentials and retrieve a list of existing users.

A tool that checks whether a Roblox user is a Red Cell, Chimera, or Spectre target or not for the roleplaying game, The Grand Crossing.

subdomain enumeration with simple data aggregators built in

A collection of CVE exploit scripts written in Python

Bounty calculator for HackerOne users that have the display rewards option enabled

Aerogarden integration for Home Assistant

GitScanner is a script to make it easy to search for Exposed Git through an advanced Google search.

BountyDrive is a comprehensive tool designed for penetration testers and cybersecurity researchers. It integrates various modules for performing attacks (google dorking, sqli, xss), reporting, and managing VPN/proxy settings, making it an indispensable asset for any security professional.

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Command line utility tweaked to deliver bash-one liners to your question

Python Client to LeakIX API

Early days of an Asset Discovery tool.