This is your work, valued

United States

Jason Haddix

Elite
@jhaddix

Father, hacker, blogger, gamer, & nerd. Bounty Hunter.

tbhm. The Bug Hunters Methodology

4.4k

pentest-bookmarks. a collection of handy bookmarks

1.1k

domain. Setup script for Regon-ng

941

awsScrape. A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.

237

KingOfBugBountyTips.

199

SecLists. SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

169

SubreconGPT. Python

118

bug-bounty-reference. Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

117

scripts. Usefull stuff from around teh internetz

115

CSPReconGO. Go

107

HUNT. Python

105

XSS.png. A XSS mind map ;)

89

sslScrape. SSLScrape | A scanning tool for scaping hostnames from SSL certificates.

49

LinkFinder. A python script that finds endpoints in JavaScript files

48

lazyrecon. This script is intended to automate your reconnaissance process in an organized fashion

47

can-i-take-over-xyz. "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

45

CloudBrute. Awesome cloud enumerator

43

ios_sh. ios source grepper

43

sus_params. Python

42

amass. In-depth DNS Enumeration and Network Mapping

36

nuclei-templates. Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.

36

system_prompts_leaks. Collection of extracted System Prompts from popular chatbots like ChatGPT, Claude & Gemini

34

megplus. Automated reconnaissance wrapper — TomNomNom's meg on steroids.

33

mywebappscripts. A collection of all the lists, scripts and techniques I use while doing web application penetration tests.

30

asnrecon. ASN reconnaissance script

29

Amass-1. In-depth Attack Surface Mapping and Asset Discovery

28

pwnwiki.github.io. PwnWiki - The notes section of the pentesters mind.

27

hackerone_wordlist. The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform

26

bugcrowd-levelup-subdomain-enumeration. This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bucrowd LevelUp 2017 virtual conference

25

LazyFuzzer. Ease-of-use extension for Web Application penetration testing

23

massdns. A high-performance DNS stub resolver for bulk lookups

23

deepdarkCTI. Collection of Cyber Threat Intelligence sources from the deep and dark web

22

karma_v2. ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)

20

www-project-top-25-parameters. OWASP Foundation Web Respository

20

security-template. A static website template for security pages.

19

brutesubs. An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose

19

waybackunifier. See the history of a file from above

17

ScanCannon. Combines the speed of masscan with the reliability and detailed enumeration of nmap

17

research. Hello and welcome to my GitHub account. If you'd like to know more about me, this is likely the best place to start

16

OWASP-VWAD. The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

16

RustScan. 🤖 The Modern Port Scanner 🤖

16

xssHunterExtension. Chrome Extension for XSS Hunter Payloads

14

JSParser. Python

13

GraphRunner. A Post-exploitation Toolset for Interacting with the Microsoft Graph API

13

JS-Scan. a .js scanner, built in php. designed to scrape urls and other info

13

disclose. Driving safety, simplicity, and standardization in vulnerability disclosure.

12

TTSL. Tool to scrape LinkedIn

10

nowafpls. Burp Plugin to Bypass WAFs through the insertion of Junk Data

9

SecurityTools. A repo for collecting and organizing security tools of various types. As new ones come out, they get added to the list.

9

meetup. ⭐️ Repositorio oficial de Angular Medellín ⭐️

8