Hackers Cookbook - Tons of hacker cli recipes ready to search and use when you need them

ReconHound is a Python-based web reconnaissance tool designed for penetration testers, bug bounty hunters, and ethical hackers. It supports directory and file enumeration, subdomain enumeration, fuzzing, and virtual host (vhost) discovery.

"Of course I tested CORS!", or ofCORS for short, is a comprehensive automated CORS tester for highlighting potential CORS vulnerabilities in web applications.

JWT automated tester with 7 attack modules for comprehensive JSON Web Token testing for penetration testers and bug bounty hunters.

BLHawk - Dead links aren't always dead!

WEBFANG, is my first CLI, a modular OSINT & Reconnaissance toolkit curated for Ethical Hackers and Red-Teamers. Sink fangs into web targets using a passive intel gathering approach, active Spidering, DNS/WHOIS lookups & Shodan, All in a lightweight package. Choose your weapon & happy hunting.

Domain Grabber — A Python CLI tool to fetch unique root domains from Archive.org CDX API based on given domain extensions (e.g., .id, .co.id, .ac.id). Supports multiple extensions, progress tracking, retry with User-Agent rotation, and automatic result saving. Ideal for OSINT, domain research, and penetration testing reconnaissance.

DomainHound is a simple yet powerful Python tool designed to filter subdomains based on a custom wordlist. It helps bug bounty hunters, penetration testers, and security researchers quickly locate subdomains of interest from massive domain lists.

Hello, fellow bug bounty hunters! This repository is a collection of my personal bug bounty and security researching resources, scripts, and notes. My goal is to share useful information and tools that have helped me in my own journey, with the hope that they can do the same for you.

A modern, fully automated WCD testing tool designed for bug bounty hunters and red teamers to detect and exploit Web Cache Deception vulnerabilities, now featuring advanced origin IP discovery and exploitation capabilities.

Detect Program Bug Bounty

Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insights into website health. With async requests, color-coded output, and easy CLI usage, it's a handy solution for monitoring web service performance.

Alive is a fast and concurrent URL checker that identifies live domains returning HTTP 200 OK status. It supports single URLs and bulk lists, bypasses WAF protections using random user agents, and offers optional saving of results.

Penstaller: A Python tool to automate the installation of essential bug bounty and pentesting tools. With one command, it sets up tools for recon, fuzzing, and vulnerability scanning, saving time and keeping your system lightweight. Perfect for beginners and pros alike.

A tool for create encoded payloads and test them on targets

Jira Vulnerability Scanner

Recon time the recon tool for bug hunting

Get acquisitions by scraping titles of crunchbase.

Email enumerator, username generator, and context validator for hunter.io, snov.io, and skrapp.io

Oracle WebLogic Server (LFI)