A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
Asset inventory of over 800 public bug bounty programs.
Collection of tools, scripts, one-liners, templates, dorks and more
🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, making it a valuable asset for bug bounty hunters and penetration testers.
Resources, repos and scripts for pentesters and bug bounty.
Repeatable, immutable, and scalable security research w/ Docker
Crtsh Subdomain Enumeration | This bash script makes it easy to quickly save and parse the output from https://crt.sh website.
masswhois allows the conducting of whois lookup for both single and large domains, subdomains, IP addresses, or a combination of all. The security researcher, can then scan through these results, to find domains or IP not behind a CDN, and further conduct more automation testing.
This script finds subdomains and URLs, filters them into .js, .json, and sensitive categories, and helps streamline your security assessments and bug hunting.
Dive into a handpicked selection of tools, guides, and tips tailored for beginners in Bug Bounty and Penetration Testing. 🐛🛡️
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
My subdomain enumeration script. It's unique in the way it is built upon.
Find Email Spoofing Vulnerablity of domains
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.