🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.

An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)

A bash script that extracts `shodan-query, google-query, censys-query, fofa-query, hunter-query, zoomeye-query` in nucleihub-templates.

My useful files for penetration tests, security assessments, bug bounty and other security related stuff

🔧 Automate Burp CA installation on Android with this Bash script, converting certificates and ensuring network interception works seamlessly.

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

GarudRecon automates domain recon with top open-source tools to discover assets, enumerate subdomains, and detect XSS, SQLi, LFI, RCE & more.

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

Pentest/Red Team: Resources, repos and scripts.

A curated collection of bug bounty tips, tricks, payloads, and bypass techniques

🚀 Caido releases, wiki and roadmap

Arch Linux–first automation toolkit for provisioning bug bounty VPS instances.

Stealth Bugs Discovery

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Java decompilation & deobfuscation lab - dockerized toolset

A Bash Script For Finding Subdomains Using Different Tools ( SubFinder, AssetFinder, Sublist3r, Github_subdomains, Subdomain Center And AlienVault, Findomain, crt.sh )

Subtron is a professional grade subdomain enumeration toolkit designed for security researchers, penetration testers, and bug bounty hunters. It automates the discovery of subdomains by integrating multiple industry-standard tools such as Amass, Subfinder, Assetfinder, Httpx, and crt.sh. The results are consolidated, deduplicated, and organized.

DevSec-Recon is an advanced, automated reconnaissance tool designed for bug bounty hunters and security researchers. It performs full subdomain enumeration, filtering, and vulnerability scanning using powerful tools like subfinder, httpx, gau, nuclei, jaeles, and Scan4All. Built with clean Bash scripting, DevSec-Recon ensures elegant visuals, tool

📦 The Largest Collection of Pre-Compiled Linux Static Binaries for Soar: The Modern, Bloat-Free Distro-Independent Package Manager