This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL

List of Fresh DNS resolvers updates every 1 hour

This repo Gathers all available cve exploits from github.⚠️ Be careful Malware.

An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)

List of all strava challenges, (updates every 6 hours).

Scrape all wordpress plugins (updates every 6 hour)

A powerful Go-based tool for automating bug bounty report emails. This tool processes markdown files, extracts target domains, finds email addresses, and sends beautifully formatted HTML emails to …

linkinspector is a fast command-line tool for inspecting URLs and retrieving HTTP status codes, content lengths, and content types. It supports filtering and matching responses, and can process URL…

Converting trickest and chaos bbp targets in json, updates every 12 hour

A fast and efficient Open Redirect vulnerability scanner written in Go. This tool automates the process of testing URLs for open redirect vulnerabilities by replacing parameter values with redirect…

Custom wordlist, updated regularly

A command-line tool for detecting CVE-2025-55182 and CVE-2025-66478 in Next.js applications using React Server Components.

IP Finder tool, ipfinder collects IP addresses from Shodan search queries.

portmap is a fast portscan tool, uses shodan public data for port scan used internetdb.shodan.io and api.shodan.io/shodan/host

favinfo scrapes favicon in HTML code and many other different ways.

List of Public Bug Bounty and Responsible Disclosure Programs

A lightweight CLI tool for uploading and downloading files/directories to/from remote servers using SFTP over SSH.

A fast and efficient tool to detect Swagger UI endpoints on web servers. This tool automates the process of testing URLs with wordlist paths to find exposed Swagger UI documentation, which can reve…

GarudRecon automates domain recon with top open-source tools to discover assets, enumerate subdomains, and detect XSS, SQLi, LFI, RCE & more.

A high-performance Go tool for discovering and extracting JavaScript files from domains. JSManager aggregates results from multiple reconnaissance tools and verifies JavaScript URLs in parallel.

A fast and efficient tool to detect exposed `.git/config` files on web servers. This tool automates the process of testing URLs for exposed Git configuration files, which can reveal sensitive infor…

A fast and efficient SQL Injection vulnerability scanner written in Go. This tool automates the process of testing URLs for SQL injection vulnerabilities by replacing parameter values with payloads…

A fast and efficient Local File Inclusion (LFI) vulnerability scanner written in Go. This tool automates the process of testing URLs for LFI vulnerabilities by replacing parameter values with paylo…

A powerful Go tool for finding origin IPs of domains by querying multiple security APIs and validating results with built-in HTTP client.