all-payloads

arno

An automation tool to install the most popular tools for bug bounty or pentesting.

ars0n-framework

A Modern Framework for Bug Bounty Hunting

autorecon

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

awesome-bbht

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

awesome-bugbounty-tools

A curated list of various bug bounty tools

awesome-burp-extensions

A curated list of amazingly awesome Burp Extensions

awesome-gpt-agents

A curated list of GPT agents for cybersecurity

awesome-hacker-api-tools

A collection of hacker tools using HackerOne's API

awesome-hacking

awesome-oneliner-bugbounty

A collection of awesome one-liner scripts especially for bug bounty tips.

awesome-pentest-cheat-sheets

Collection of the cheat sheets useful for pentesting

awesome-waf

🔥 Web-application firewalls (WAFs) from security standpoint.

axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

bounty-targets-data

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

cloudflair

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare.

commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

cpanel-whm-ssh-ftp-exploit

This Python script exploits vulnerabilities in systems like cPanel, WHM, SSH, and FTP. It uses multiprocessing or threading to execute exploits, taking input from lists or prompts. The console displays the success or failure of the exploits.

custom-nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

evilgophish

evilginx3 + gophish

fuzz.txt

Potentially dangerous files

fuzzing-templates

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

galaxy-bugbounty-checklist

Tips and Tutorials for Bug Bounty and also Penetration Tests.

garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

h4cker

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

hakoriginfinder

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

lazyrecon

lazyrecon-fix

magicrecon

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.