A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Web path scanner
A list of resources for those interested in getting started in bug bounties
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Collection of methodology and test case for various web vulnerabilities.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Fast passive subdomain enumeration tool.
OneForAll是一款功能强大的子域收集工具
🎯 SQL Injection Payload List
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
All about bug bounty (bypasses, payloads, and etc)
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
A Workflow Engine for Offensive Security
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more