Displaying 1 to 18 from 18 results

Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers

  •    

A collection of awesome lists for hackers, pentesters & security researchers. Follow Hack with GitHub on your favorite social media to get daily updates on interesting GitHub repositories related to Security.

subfinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for websites

  •    Go

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.

awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips

  •    

A collection of awesome one-liner scripts especially for bug bounty. This repository stores and houses various one-liner for bug bounty tips provided by me as well as contributed by the community. Your contributions and suggestions are heartily♥ welcome.

axiom - The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

  •    Shell

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security. Axiom works by pre-installing your tools of choice onto a 'base image', and then using that image to deploy fresh instances. From there, you can connect and instantly gain access to many tools useful for both bug hunters and pentesters. With the power of immutable infrastructure, most of which is done for you, you can just spin up 15 boxes, perform a distributed nmap/ffuf/screenshotting scan, and then shut them down.




subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites

  •    Go

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well. We have designed subfinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.

uniswap-v3-periphery - 🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3

  •    TypeScript

This repository contains the periphery smart contracts for the Uniswap V3 Protocol. For the lower level core contracts, see the uniswap-v3-core repository. This repository is subject to the Uniswap V3 bug bounty program, per the terms defined here.

subjack - Hostile Subdomain Takeover tool written in Go

  •    Go

Subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives. Subjack will also check for subdomains attached to domains that don't exist (NXDOMAIN) and are available to be registered. No need for dig ever again! This is still cross-compatible too.

SubOver - A Powerful Subdomain Takeover Tool

  •    Go

Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it's redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful. You need to have Golang installed on your machine. There are no additional requirements for this tool.


SSRFmap - Server Side Request Forgery services enumeration tool.

  •    Ruby

A simple service scanner for Server Side Request Forgery vulnerabilities.

hawkeye - Hawkeye filesystem analysis tool

  •    Go

HawkEye is a simple tool to crawl the filesystem or a directory looking for interesting stuff like SSH Keys, Log Files, Sqlite Database, password files, etc. Hawkeye uses a fast filesystem crawler to look through files recursively and then sends them for analysis in real time and presents the data in both json format and simple console output. The tool is built with a modular approach making it easy to use and easily extensible. It can be used during pentests as a privilege escalation tool to look through the filesystem finding configuration files or ssh keys sometimes left by the sys-admins.

XOE - Exploit XXE Out-Of-Band Vulnerability Easily

  •    Python

Exploit XXE Out-Of-Band Vulnerability Easily

goaltdns - A permutation generation tool written in golang

  •    Go

GoAltdns is a permutation generation tool that can take a list of subdomains, permute them using a wordlist, insert indexes, numbers, dashes and increase your chance of finding that estoeric subdomain that no-one found during bug-bounty or pentest. It uses a number of techniques to accomplish this. It can allow for discovery of subdomains that conform to patterns. GoAltdns takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of. The tool itself is very simple and is built with golang concurrency providing it very quick execution times.

detective - A private detective that gathers information you're not supposed to know about.

  •    Python

Detective helps you find information (at your favorite bug bounty program) that you are not supposed to see. It primarily focuses on information disclosure and sensitive data exposure vulnerabilities. First make sure you're on Python 2.7/3.3 or higher. Then run the command below to install Detective.

not-your-average-web-crawler - A web crawler (for bug hunting) that gathers more than you can imagine

  •    Python

N.Y.A.W.C is a Python library that enables you to test your payload against all requests of a certain domain. It crawls all requests (e.g. GET, POST or PUT) in the specified scope and keeps track of the request and response data. During the crawling process the callbacks enable you to insert your payload at specific places and test if they worked. First make sure you're on Python 2.7/3.3 or higher. Then run the command below to install N.Y.A.W.C.

Facebook-BugBounty-Writeups - Collection of Facebook Bug Bounty Writeups

  •    

Inspired from xdavidhu & 1hack0 this is a repo which contains Facebooks Updated BugBounty Writeups. If you have/know of any Facebook writeups not listed in this repository, feel free to open a Pull Request. Please try to sort the writeups by publication date.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.