Bug Bounty

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Web path scanner

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

A list of interesting payloads, tips and tricks for bug bounty hunters.

A Workflow Engine for Offensive Security

An HTTP toolkit for security research.

Tutorials and Things to Do while Hunting Vulnerability.

Automated All-in-One OS Command Injection Exploitation Tool.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Scanning APK file for URIs, endpoints & secrets.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Automated NoSQL database enumeration and web application exploitation tool.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Penetration tests guide based on OWASP including test cases, resources and examples.

All about bug bounty (bypasses, payloads, and etc)

🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

Scan for open S3 buckets and dump the contents

🎯 SQL Injection Payload List

This challenge is Inon Shkedy's 31 days API Security Tips.

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

The Swiss Army knife for automated Web Application Testing