A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods for identifying various bugs. This guide aims to help bug h…

《APT Individual Combat Guide》

This is a multi-use bash script for Linux systems to audit wireless networks.

Top disclosed reports from HackerOne

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Real-world infosec wordlists, updated regularly

Potentially dangerous files

Quickly discover exposed hosts on the internet using multiple search engines.

♥

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

Bug Bounty Tools used on Twitch - Recon

Rockyou for web fuzzing

Cybersecurity oriented awesome list

AI-powered ffuf wrapper

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

🎯 Open Redirect Payload List

Dorks for Bug Bounty Hunting

📝 A text file containing 479k English words for all your dictionary/word-based projects e.g: auto-completion / autosuggestion

this repo contains some public methodologies which I found from internet (google,telegram,discord,writeups etc..)

Endpoints Explorer is a Python script that employs multiple bypass rules to discover sensitive endpoints

This Repositories contains list of One Liners with Descriptions and Installation requirements

Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers

Useful Google Dorks for WebSecurity and Bug Bounty

how to look for Leaked Credentials !

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files