A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
🔧 Automate Burp CA installation on Android with this Bash script, converting certificates and ensuring network interception works seamlessly.
An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.
OSINT tools for Information gathering, Cybersecurity, Reverse searching, bugbounty, trust and safety, red team oprations and more.
Bug Bounty Vps Setup Tools
The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbitrary binaries and scripts using any of our nine supported cloud providers!
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
🚀 Caido releases, wiki and roadmap
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
GarudRecon automates domain recon with top open-source tools to discover assets, enumerate subdomains, and detect XSS, SQLi, LFI, RCE & more.
Bugs, but rewarded
A bash script that extracts `shodan-query, google-query, censys-query, fofa-query, hunter-query, zoomeye-query` in nucleihub-templates.
zwatcher is a lightweight bash script for monitoring sub/domains or a list of sub/domains and javascript files. It compares HTTP status codes and content length to detect changes and notifies the user when any modifications occur. Easily keep track of your domains' health and security with zwatcher.
This script is used to search for cloud certificate entities such as Amazon, Azure, and others that have been extracted by the kaeferjaeger.gay provider.
The Recon Automation Script is a streamlined tool designed for performing comprehensive reconnaissance on multiple domains. It automates various tasks such as subdomain enumeration, live host probing, directory brute-force attacks, hidden endpoint extraction, and vulnerability scanning.
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.