Bug Bounty

Star

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

Here are 2,197 public repositories matching this topic...

Language:All

Filter by language

All2,197 Python741 Shell319 Go316 JavaScript84 HTML62 Rust39 PHP38 Java24 Ruby22 Dockerfile15

Sort:Most stars

Sort options

Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

swisskyrepo /PayloadsAllTheThings

Sponsor

Star63.9k

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

security hacking web-application cheatsheet enumeration penetration-testing bounty vulnerability methodology bugbounty pentest bypass payload payloads hacktoberfest privilege-escalation redteam

UpdatedMar 13, 2025
Python

maurosoria /dirsearch

Sponsor

Star12.7k

Web path scanner

python security scanner hacking wordlist enumeration penetration-testing bug-bounty fuzzing infosec pentesting bugbounty fuzzer brute appsec hacking-tool dirsearch pentest-tool redteam red-teaming

UpdatedFeb 20, 2025
Python

projectdiscovery /subfinder

Star11.3k

Fast passive subdomain enumeration tool.

osint hacking bugbounty subdomains reconnaissance subdomain-enumeration

UpdatedMar 13, 2025
Go

nahamsec /Resources-for-Beginner-Bug-Bounty-Hunters

Star11.1k

A list of resources for those interested in getting started in bug bounties

education hackers hacking xss bug-bounty web-security bugbounty pentest ssrf bug-bounty-hunters learn2hack

UpdatedJul 23, 2024

projectdiscovery /nuclei-templates

Star9.8k

Community curated list of templates for the nuclei engine to find security vulnerabilities.

security fingerprint exploits nuclei bugbounty vulnerability-detection hacktoberfest exploit-development nuclei-templates nuclei-checks

UpdatedMar 17, 2025
JavaScript

shmilylty /OneForAll

Star8.7k

OneForAll是一款功能强大的子域收集工具

python osint subdomain content-security-policy recon bugbounty information-gathering pentest-tool zone-transfers subdomain-scanner nsec subdomain-takeover subdomain-enumeration subdomain-bruteforcing subdomain-crawler subdomain-collection subdomian-find oneforall altname crossdomainxml

UpdatedOct 23, 2024
Python

edoardottt /awesome-hacker-search-engines

Sponsor

Star8.4k

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

dns search-engine security awesome osint exploit hacking awesome-list wifi-network vulnerabilities bugbounty cve hacktoberfest security-tools threat-intelligence awesome-lists redteaming redteam hacking-tools osint-tool

UpdatedFeb 14, 2025
Shell

projectdiscovery /httpx

Star8.2k

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

cli http osint pipeline lib cybersecurity ssl-certificate bugbounty hacktoberfest pentest-tool

UpdatedMar 13, 2025
Go

blacklanternsecurity /bbot

Sponsor

Star8.2k

The recursive internet scanner for hackers. 🧡

python cli automation osint neo4j scanner asm hacking recursion pentesting recon bugbounty threatintel subdomains threat-intelligence subdomain-scanner osint-framework subdomain-enumeration easm attack-surface-management

UpdatedMar 16, 2025
Python

yogeshojha /rengine

Sponsor

Star7.8k

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

osint scanner hacking penetration-testing bug-bounty infosec pentesting recon bugbounty scanning information-gathering rengine security-tools reconnaissance scanner-web recon-engine

UpdatedFeb 24, 2025
HTML

OWASP /wstg

Sponsor

Star7.8k

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

security guide best-practices hacking owasp penetration-testing application-security pentesting bugbounty appsec hacktoberfest

UpdatedFeb 24, 2025
Dockerfile

payloadbox /xss-payload-list

Star6.8k

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

xss xss-vulnerability xss-scanners bugbounty xss-scanner xss-exploitation xss-detection payload payloads xss-attacks xss-injection websecurity dom-based xss-poc cross-site-scripting reflected-xss-vulnerabilities website-vulnerability xss-payloads self-xss xss-payload

UpdatedJul 18, 2024

dstotijn /hetty

Sponsor

Star6.6k

An HTTP toolkit for security research.

http proxy mitm infosec pentesting bugbounty

UpdatedFeb 5, 2025
Go

KathanP19 /HowToHunt

Star6.3k

Collection of methodology and test case for various web vulnerabilities.

tutorials vulnerability bugbounty bugbountytips bughunting-methodology

UpdatedAug 4, 2024

daffainfo /AllAboutBugBounty

Sponsor

Star6.1k

All about bug bounty (bypasses, payloads, and etc)

security bug hacking penetration-testing vulnerability infosec bugbounty pentest bypass payload payloads reconnaissance bugbountytips

UpdatedSep 8, 2023

six2dez /reconftw

Sponsor

Star6.1k

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

dns security osint scanner hacking subdomain penetration-testing bug-bounty fuzzing pentesting recon nuclei vulnerabilities bugbounty pentest security-tools reconnaissance pentest-tool

UpdatedMar 11, 2025
Shell

EdOverflow /bugbounty-cheatsheet

Sponsor

Star6.1k

A list of interesting payloads, tips and tricks for bug bounty hunters.

security infosec bugbounty payloads

UpdatedSep 14, 2023

ihebski /DefaultCreds-cheat-sheet

Sponsor

Star6k

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

exploit cheatsheet cybersecurity infosec pentesting bugbounty pentest offensive-security soc blueteam default-password blueteaming blueteam-tools offensive-security-projects

UpdatedMar 8, 2025
Python

GhostTroops /scan4all

Star5.6k

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...