Skip to content

Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More

Notifications You must be signed in to change notification settings

AnLoMinus/Bug-Bounty

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

בס״ד

⫷ HacKingPro ⫸
⫷ TryHackMe | KoTH ⫸
⫷ Privilege-Escalation⫸
⫷ ScanPro | Linfo | Diablo ⫸
⫷ Offensive-Security | PenTest ⫸
⫷ Goals | Studies | HacKing | AnyTeam ⫸

image


Bug Bounty


GitHub Security Bug Bounty

Software security researchers are increasingly engaging with internet companies to hunt down vulnerabilities.

Our bounty program gives a tip of the hat to these researchers and provides rewards of $30,000 or more for critical vulnerabilities.

Awesomes


Books

  • Hacking-Books Here Are Some Popular Hacking PDF

  • The Threat Hunter Playbook ~ The Threat Hunter Playbook

  • image

    The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. All the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks. The use of notebooks not only allow us to share text, queries and expected output, but also code to help others run detection logic against pre-recorded security datasets locally or remotely through BinderHub cloud computing environments.


Cheatsheets


Cheacklists


Tools

Here are some of the tools that we use when we perform Live Recon Passive ONLY on Twitch:

  1. Recon-ng https://github.com/lanmaster53/recon-ng
  2. httpx https://github.com/projectdiscovery/httpx
  3. isup.sh https://github.com/gitnepal/isup
  4. Arjun https://github.com/s0md3v/Arjun
  5. jSQL https://github.com/ron190/jsql-injection
  6. Smuggler https://github.com/defparam/smuggler
  7. Sn1per https://github.com/1N3/Sn1per
  8. Spiderfoot https://github.com/smicallef/spiderfoot
  9. Nuclei https://github.com/projectdiscovery/nuclei
  10. Jaeles https://github.com/jaeles-project/jaeles
  11. ChopChop https://github.com/michelin/ChopChop
  12. Inception https://github.com/proabiral/inception
  13. Eyewitness https://github.com/FortyNorthSecurity/EyeWitness
  14. Meg https://github.com/tomnomnom/meg
  15. Gau - Get All Urls https://github.com/lc/gau
  16. Snallygaster https://github.com/hannob/snallygaster
  17. NMAP https://github.com/nmap/nmap
  18. Waybackurls https://github.com/tomnomnom/waybackurls
  19. Gotty https://github.com/yudai/gotty
  20. GF https://github.com/tomnomnom/gf
  21. GF Patterns https://github.com/1ndianl33t/Gf-Patterns
  22. Paramspider https://github.com/devanshbatham/ParamSpider
  23. XSSER https://github.com/epsylon/xsser
  24. UPDOG https://github.com/sc0tfree/updog
  25. JSScanner https://github.com/dark-warlord14/JSScanner
  26. Takeover https://github.com/m4ll0k/takeover
  27. Keyhacks https://github.com/streaak/keyhacks
  28. S3 Bucket AIO Pwn https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn
  29. BHEH Sub Pwner Recon https://github.com/blackhatethicalhacking/bheh-sub-pwner
  30. GitLeaks https://github.com/zricethezav/gitleaks
  31. Domain-2IP-Converter https://github.com/blackhatethicalhacking/Domain2IP-Converter
  32. Dalfox https://github.com/hahwul/dalfox
  33. Log4j Scanner https://github.com/Black-Hat-Ethical-Hacking/log4j-scan
  34. Osmedeus https://github.com/j3ssie/osmedeus
  35. getJS https://github.com/003random/getJS
  • A Powerfull BUG HUNTING TOOL. Supports SQL, XSS, PHP code execution, SSRF,.... I had Appended My Own Payloads which I had founded during my BUG Hunting Rest You can add Your CUSTOM payloads too ;)

    image

    • NOTE: BugDog is made with python and requires python2 to run perfectly.

  • Bug-Bounty-Tools: Random Tools for Bug Bounty

  • BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

    • image
  • hack-pet is collection of command snippets that are useful to hackers/bug bounty hunters.

    It is similar to the recon_profile, but it uses the pet. pet can manage the command set more progressively.

    image
    image

  • A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.

  • Here you can find a list of differents tools that you can use in bug bounty or pentesting.

    Some categories and tools will be added as we go.

    If you have questions or suggestions, don't hesitate to contact me on twitter (https://twitter.com/_sehno_)

  • This Is A Tool For Bug Hunters in this tool i have included the tools which bug hunters use

  • Recon Automation for BugBounties

  • image

    Bug Bounty Vps Setup Tools Installer

    With these tools you can install most of the bug bounty tools with just one command and The tool has been modified and spelled many tools ## special thanks @supr4s Because most of these tools modify his tools

  • Kali Linux containers for bug bounty and CTFs

  • Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell.

    You will be notified when your task(command line) is finished with results. This bot make long time tasks by you, taking off the need of your attention if it's finished.

    image
    image

  • Subdomains recon

  • Manual recon

  • Enumeration / Crawling

  • XSS

  • SQL Injection


Wordlists

  • A repository that includes all the important wordlists used while bug hunting.

  • this contain the burp pack

  • FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.

  • A set of tools for making life easier with wordlists


More


Releases

No releases published

Packages

No packages published