Curated collection of bug bounty notes and tutorials in one place. Visit the link below to view the docs.
-
Updated
Apr 19, 2025 - JavaScript
#
Bug Bounty
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
Here are 108 public repositories matching this topic...
Chrome extension to scrape Shodan host & domain pages and export IPs, ports, subdomains, and DNS records.
-
Updated
Aug 16, 2025 - JavaScript
Sistema de notas propositalmente vulnerável para educação em segurança cibernética e testes de penetração - contém 12+ vulnerabilidades web intencionais (SQL Injection, XSS, Path Traversal, Command Injection, etc.)
nodejs express sqlite xss cybersecurity penetration-testing sql-injection infosec web-security bugbounty security-training ethical-hacking owasp-top-10 intentionally-vulnerable command-injection security-testing vulnerability-research path-traversal vulnerable-app security-education
-
Updated
Aug 7, 2025 - JavaScript
The official DSC-RIT Bug Bounty 2020 codes.
-
Updated
Aug 31, 2020 - JavaScript
-
Updated
Jan 5, 2023 - JavaScript
small and simple tool for generating a list and searching for Google Dork to identify leaked files and save the scan result. Useful tools for Bug Bounty
-
Updated
May 30, 2025 - JavaScript
BeyondSub is a powerful subdomain enumeration tool that uses over 25 techniques to discover, analyze, and assess subdomains' security. Its modular design lets users customize scans for different purposes—ideal for security researchers, bug bounty hunters, and system administrators.
nodejs shodan terminal server hacking enum blackhat dev subdomain bugbounty whitehat kalilinux zeroday subfinder webhacking
-
Updated
Nov 7, 2025 - JavaScript
Contains security vulnerabilities payloads and exploits that I come across or use
-
Updated
Feb 1, 2022 - JavaScript
Active Recon Framework Web Management
-
Updated
Mar 17, 2024 - JavaScript
Blog for computer stuffs and whatnot.
-
Updated
Sep 28, 2022 - JavaScript
The "Hacksmith Shop" Vulnerable Web Application
-
Updated
Sep 10, 2025 - JavaScript
A powerful and flexible web crawler built with Node.js. This tool allows you to crawl websites, extract links, and filter results based on various criteria.
-
Updated
Nov 7, 2025 - JavaScript
Social Network for hackers, pentesters, and bug hunters
-
Updated
Nov 4, 2025 - JavaScript
Lab to understand and test SSRF attacks
-
Updated
Apr 28, 2021 - JavaScript
npm PoC packages
npm dependency-injection cybersecurity bug-bounty infosec bugbounty npmjs cyber-security rce-exploit dependency-confusion bug-bounty-tools
-
Updated
Mar 25, 2024 - JavaScript
🔍 Customize your new tab with Hacker Search, a modern Chrome extension featuring a matrix-inspired design and powerful search widgets.
react dns search-engine elasticsearch news hacker-news toolkit hacking tornado bugbounty cve information-gathering threat-intelligence reconnaissance redteam dorking osint-tool dorking-tool
-
Updated
Nov 7, 2025 - JavaScript
The Internet Observatory (Obsrva) is a vulnerability research project founded by independent security researcher Tyler Butler. Obsrva engages product vendors in coordinated disclosures, publishes vulnerability advisories, and creates proof of concept exploits.
proof-of-concept exploits vulnerability bugbounty responsible-disclosure vulnerability-research coordinated-disclosure
-
Updated
Oct 23, 2021 - JavaScript
⚡ JavaScript-aware crawler for security researchers and bug bounty hunters. Extract hidden endpoints and internal subdomains through static and semantic analysis of JS files. Lightweight. Fast. Sneaky.
javascript sitemap security asynchronous robots-txt probe-requests bugbounty pentest endpoint-discovery subdomain-enumeration httpx subdomains-finder httpx-client alive-subdomains
-
Updated
Aug 26, 2025 - JavaScript
- Followers
- 616 followers
- Website
- github.com/topics/bugbounty
- Wikipedia
- Wikipedia