#

Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

Here are 362 public repositories matching this topic...

reconftw

six2dez / reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

dns security osint scanner hacking subdomain penetration-testing bug-bounty fuzzing pentesting recon nuclei vulnerabilities bugbounty pentest security-tools reconnaissance pentest-tool

Updated Dec 11, 2025
Shell

edoardottt / awesome-hacker-search-engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Updated Dec 10, 2025
Shell

1N3 / BruteX

Automatically brute force all services running on a target.

hacking bruteforce brute-force bugbounty brute bruteforce-attacks bruteforcing

Updated Aug 18, 2024
Shell

six2dez / OneListForAll

Rockyou for web fuzzing

hacking wordlist fuzzing pentesting bugbounty wordlists web-fuzzing

Updated Aug 28, 2025
Shell

Sudomy

screetsec / Sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

bash framework scanner enumeration pentesting bugbounty kali-linux kali bugcrowd hackerone reconnaissance subdomain-scanner subfinder subdomain-enumeration sublist3r httprobe collected-subdomains subdomain-finder recon-subdomain

Updated Jun 27, 2024
Shell

insightglacier / Dictionary-Of-Pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Updated Jul 21, 2023
Shell

1N3 / Findsploit

Find exploits in local and online databases instantly

search hackers find nmap exploits bugbounty pentest metasploit exploitdb

Updated Sep 27, 2021
Shell

trickest / inventory

Asset inventory of over 800 public bug bounty programs.

security osint hacking penetration-testing bug-bounty fuzzing infosec pentesting recon bugbounty software-security red-team security-tools threat-intelligence reconnaissance pentest-tool osint-resources osint-tool bugbountytips

Updated Feb 14, 2025
Shell

vincentcox / bypass-firewalls-by-DNS-history

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

security bugbounty bypassing dns-record network-security security-tools

Updated Sep 5, 2022
Shell

h4r5h1t / webcopilot

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

enumeration bug-bounty recon bugbounty reconnaissance

Updated Jul 18, 2024
Shell

KathanP19 / JSFScan.sh

Automation for javascript recon in bug bounty.

bugbounty bugbounty-tool javascript-recon

Updated Sep 9, 2023
Shell

R0X4R / Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

golang penetration-testing vulnerability bugbounty bash-script reconnaissance vulnerability-scanner garud subdomain-takeover penetration-testing-tools bugbountytips assetfinder bugbounty-tool gf-patterns

Updated Jul 4, 2023
Shell

Dheerajmadhukar / karma_v2

⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)

infrastructure intelligence automation shodan osint bugbounty bash-script reconnaissance

Updated May 21, 2025
Shell

Astrosp / Awesome-OSINT-For-Everything

OSINT tools for Information gathering, Cybersecurity, Reverse searching, bugbounty, trust and safety, red team oprations and more.

osint web recon bugbounty red-team information-gathering security-tools reconnaissance blue-team osinttool osint-tools

Updated Dec 16, 2025
Shell

magicRecon

robotshell / magicRecon

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

tool scanner bug subdomain sql-injection xss-vulnerability infosec nuclei bugbounty bash-script vulnerability-scanners bugbounty-tool bugbountytricks subdomains-enumeration

Updated Jul 23, 2024
Shell

m3n0sd0n4ld / GooFuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

osint hacking discovery subdomain penetration-testing fuzzing infosec pentesting recon bugbounty bash-script red-team google-dorks reconnaissance information-disclosure

Updated May 19, 2025
Shell

ki9mu / ARL-plus-docker

基于ARL-V2.6.2修改后的版本

python recon bugbounty arl security-tools pentest-tool asset-reconnaissance-lighthouse arl-ki9mu

Updated Jun 26, 2025
Shell

ipranges

lord-alfred / ipranges

🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.

Updated Dec 18, 2025
Shell

chvancooten / BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

docker-image hacking bugbounty hacktoberfest reconnaissance bug-bounty-reconnaissance

Updated Nov 19, 2025
Shell

GhostTroops / TOP

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

exploit poc rce vulnerability bugbounty cve payload exp

Updated Dec 18, 2025
Shell

Followers: 620 followers
Website: github.com/topics/bugbounty
Wikipedia: Wikipedia

Related topics

penetration-testing pentest pentesting security