A curated list of resources, tools, and wordlists for bug bounty hunters.
-
Updated
Jun 30, 2024
A curated list of resources, tools, and wordlists for bug bounty hunters.
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
Asset inventory of over 800 public bug bounty programs.
Cyber Security Notes, Methodology, Resources and Tips
Collection of methodology and test case for various web vulnerabilities.
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.
Dump all available paths and/or endpoints on WADL file.
Sample Vulnerable and Secure Code Snippets for Various Vulnerabilities
All in one web Recon app
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit
🚀 A DNS automated scanner and tool 🖱️ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).
Find Admin Pages is a simple and efficient Bash script for bug bounty, and security researchers. Its been written to search through source code for potential admin pages.
A rule-driven engine designed for seamless extraction of data from JavaScript files.
CloudFlare Checker written in Go
Free version :)
Python script for Unify all Parameters with all URLs.
Detect Program Bug Bounty
Add a description, image, and links to the bugbountytips topic page so that developers can more easily learn about it.
To associate your repository with the bugbountytips topic, visit your repo's landing page and select "manage topics."