Web & Mobile Application Security Researcher Hacker , Bug Hunter , Hackerone , Bugcrowd, @1ndianl33t
Bug-Bounty-Roadmaps. Bug Bounty Roadmaps
1.7kGf-Patterns. GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
1.4kBugbounty-Resources. A list of resources for those interested in getting started in bug bounties inspired from https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
171urlprobe. Urls status code & content length checker
145All-in-one_BugBounty_PDF_bundles.
1301ndiList. Recon Custom WordList Ganerator
59BugBounty_Profile. Recon_profile
381ndi-hacks. Bug Bounty Tools
341ndiwordlist. Bug Bounty Recon wordlist Generator
21dotfiles. .bash_profile , .bashrc , .vimrc etc
81ndiSpider. Fast Web Crawler
5EchoPwn. Recon Automation for hackers by hackers
4Command-Mobile-Penetration-Testing-Cheatsheet. Mobile penetration testing android & iOS command cheatsheet
41ndiSubs. Subdomain Enumeration Tool
4bugbounty-cheatsheet. A list of interesting payloads, tips and tricks for bug bounty hunters.
4hacking-methodologies. Hack
4recox. Master script for web reconnaissance
4fff. The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.
3Awesome-Bugbounty-Writeups. A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
3meg. Fetch many paths for many hosts - without killing the hosts
31ndiRecon. All-in-one Bug bounty Recon
3gf. A wrapper around grep, to help you grep for things
3ParamSpider. Mining parameters from dark corners of Web Archives
2Sublist3r. Fast subdomains enumeration tool for penetration testers
2awesome-design. 🌟Curated design resources
2gahttp. Async / concurrent HTTP requests for Go
2recon-pipeline. An automated target reconnaissance pipeline.
2awesome-bug-bounty. A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
2fuzzmost. all manner of wordlists
2ptools. Go
1dnsdig. Perform Multiple Dns queries
1Bountystrike-sh. Poor (rich?) man's bug bounty pipeline
1gmapsapiscanner. Python
1Subrake. A powerful Subdomain Scanner & Validator for Reconnaissance.
1quiver. Quiver is the tool to manage all of your tools. It's an opinionated and curated collection of commands, notes and scripts for bug bounty hunting and penetration testing.
1gwdomains. sub domain wild card filtering tool
1Arjun. HTTP parameter discovery suite.
1cf-check. Check an IP is Owned by Cloudflare
1Bash-Hacks.
1generator-burp-extension. Everithing you need about Burp Extension Generation
1gowhois. Go
1dalfox. DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
1jwtbin. Generate JWT Tokens using a Secret and Command Line Options (claims/expiration)
1bhg. Code samples for No Starch Press Black Hat Go
1SSRFmap. Automatic SSRF fuzzer and exploitation tool
1Awesome-Asset-Discovery. List of Awesome Asset Discovery Resources
1BurpBounty. Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
1dirsearch. Web path scanner
1SMBrute. SMB Protocol Bruteforce
1