A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Web path scanner
OneForAll是一款功能强大的子域收集工具
The recursive internet scanner for hackers. 🧡
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
Scanning APK file for URIs, endpoints & secrets.
Automated All-in-One OS Command Injection Exploitation Tool.
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Knock Subdomain Scan
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
A collection of custom security tools for quick needs.
Automated NoSQL database enumeration and web application exploitation tool.
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Flutter Reverse Engineering Framework
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.