bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.

We welcome contributions from the public. The issue tracker is the preferred channel for bug reports and features requests.

NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

•    Python

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".

apkleaks - Scanning APK file for URIs, endpoints & secrets.

•    Python

Scanning APK file for URIs, endpoints & secrets. APKLeaks using jadx disassembler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download.

awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips

A collection of awesome one-liner scripts especially for bug bounty. This repository stores and houses various one-liner for bug bounty tips provided by me as well as contributed by the community. Your contributions and suggestions are heartily♥ welcome.

httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads

•    Go

httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. This will display help for the tool. Here are all the switches it supports.

nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities

•    Python

Templates are the core of nuclei scanner which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via pull requests or Github issue and grow the list. An overview of the nuclei template directory including number of templates associated with each directory.

hetty - Hetty is an HTTP toolkit for security research.

•    Go

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. ℹ️ Hetty is in early development. Additional features are planned for a v1.0 release. Please see the backlog for details.

can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records

Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com. You can read up more about subdomain takeovers here: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/.

StaCoAn - StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications

•    Javascript

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications*. This tool was created with a big focus on usability and graphical guidance in the user interface.

PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

•    C

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. For pre-compiled local linux exploits, check out https://www.kernel-exploits.com.

AWSBucketDump - Security Tool to Look For Interesting Files in S3 Buckets

•    Python

This is a tool that enumerates Amazon S3 buckets and looks for interesting files. I have example wordlists but I haven't put much time into refining them.

VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages

•    Python

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Dependencies will then be installed and VHostScan will be added to your path. If there is an issue regarding running python3 setup.py build_ext, you will need to reinstall numpy using pip uninstall numpy and pip install numpy==1.12.0. This should resolve the issue as there are sometimes issues with numpy being installed through setup.py.

xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

•    HTML

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.

subjack - Hostile Subdomain Takeover tool written in Go

•    Go

Subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives. Subjack will also check for subdomains attached to domains that don't exist (NXDOMAIN) and are available to be registered. No need for dig ever again! This is still cross-compatible too.

security_whitepapers - Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

•    HTML

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

findom-xss - A fast DOM based XSS vulnerability scanner with simplicity.

•    Shell

FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner. To run the tool on a target, just use the following command.

go-dork - The fastest dork scanner written in Go.

•    Go

The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yahoo and Ask.

public-bugbounty-programs - Community curated list of public bug bounty and responsible disclosure programs

This is a source of public programs listed on chaos.projectdiscovery.io. Please send pull-request of public bug bounty programs that you want to include in our public list with recon data. Have questions / doubts / ideas to discuss? feel free to open a discussion using Github discussions board.

bruteforce-lists - Some files for bruteforcing certain things.

Some files for bruteforcing certain things.

SubOver - A Powerful Subdomain Takeover Tool

•    Go

Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it's redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful. You need to have Golang installed on your machine. There are no additional requirements for this tool.