Lets Hunt For Bugs.....!
HowToHunt. Collection of methodology and test case for various web vulnerabilities.
7.2kJSFScan.sh. Automation for javascript recon in bug bounty.
1.1kGxss. A tool to check a bunch of URLs that contain reflecting params.
601gaussrf. Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.
175BreachedDataScraper. Search breached data on private nodes, darkweb, internet, end-to-end channels
149protoscan. Prototype Pollution Scanner
144portscan.sh. All in one port scanning script.
68waybackfetch. Tool for fetching all the available waybackmachine snapshot urls
26OpenBB-Scope. OpenBugBounty - https://www.openbugbounty.org/ programs list
23Python_For_Pentester. Programs I Made while learning python for pentesters.
21bash_script_templates. Some Templates for Bash Scripting
18KathanP19.
15Bheem. Shell
12wordlists. Wordlists for Fuzzing
11hackerone_wordlist. The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform
11SecurityTesting. Shell
10pwndb. Search for leaked credentials
7reconftw. ReconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
7AndroidCTF. Different Android Challenges I solved.
6Portscanner. A Simple Port Scanner with Multi-Threading And User Define Port Range
6learnwebscraping. this are some web scrapers i built during learning web scraping
6Bug-bounty. Ressources for bug bounty hunting
6bruteforce-lists. Some files for bruteforcing certain things.
6scripthunter. Tool to find JavaScript files on Websites
6xssXD. Go
5frogy-subdomain-enumeration. My subdomain enumeration
5Magic-CheckList-for-Web-Applications. Web Security Checklist (Bug Bounty & Pentesting)
515_Python_Projects. Jupyter Notebook
5Garud. An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
5Parse_Apache_Log. Simple Python Script to Parse Apache Log, Get all Unique IPs and Urls visited by that IP.
4web-cache-deception-checker. Tool is to check for Cache Deception Attack Both For Authenticated and UnAuthenticated Pages
3WayRobots. Tool to find stored robots.txt files from the past
3analyzeJS. A tools for JavaScript Recon
3sillydadddy.github.io. Ruby
3mildew. Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
3Oralyzer. Open Redirection Analyzer
3SpotiHook. A Spotify hook that cracks DRM protection and allows to download songs.
3rb-recon.
2cazador_unr. Hacking tools
2autoRecon. This tool is for automate the initial things that we usually do in daily pentesting. So you can focus more on the main target.
2GOAD. game of active directory
2cvebase.com. cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs
2hostinjector. Multithreaded Host Header Redirection Scanner
2learning-golang. Small program made while learning golang.
2Sublist3r. Fast subdomains enumeration tool for penetration testers
2Bluto. DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking
2tko-subs. A tool that can help detect and takeover subdomains with dead DNS records
1AttackSurfaceMapper. AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
1Presentation_Scripts_PPTs. C
1Subdomain. Hacks For Subdomain Enumeration
1LazyRecon. An automated approach to performing recon for bug bounty hunting and penetration testing.
1