Stars
The recursive internet scanner for hackers. ๐งก
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
Knot Resolver - resolve DNS names like it's 2025
Extract URLs, paths, secrets, and other interesting bits from JavaScript
Useful Google Dorks for WebSecurity and Bug Bounty
uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl
Nodesub is a command-line tool for finding subdomains in bug bounty programs
A super simple asynchronous multithreaded proxy scraper; scraping & checking ~500k HTTP, HTTPS, SOCKS4, & SOCKS5 proxies.
Find, verify, and analyze leaked credentials
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Converts characters from one encoding to another using a transformation.
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
Repo of all the default wordlists included in Kali. Convienent if you're using something other than Kali.
hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
Weaponize Your Burp is a repository for automation your Bug Bounty Hunting mindset in Burp Suite
This checklist may help you to have a good methodology for bug bounty hunting When you have done a action, don't forget to check ;) Happy hunting !
A very high performance Domain Name parser package in Go.
A curated list of Smart Contract Security materials and resources For Researchers
In-depth attack surface mapping and asset discovery