Bug-Bounty
Last updated
Last updated
בס״ד
⫷ ⫸ ⫷ | ⫸ ⫷ ⫸ ⫷ | | ⫸ ⫷ | ⫸ ⫷ | | | ⫸
GitHub Security Bug Bounty
Software security researchers are increasingly engaging with internet companies to hunt down vulnerabilities.
Our bounty program gives a tip of the hat to these researchers and provides rewards of $30,000 or more for critical vulnerabilities.
A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters.
The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. All the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks. The use of notebooks not only allow us to share text, queries and expected output, but also code to help others run detection logic against pre-recorded security datasets locally or remotely through BinderHub cloud computing environments.
A list of interesting payloads, tips and tricks for bug bounty hunters.
Here are some of the tools that we use when we perform Live Recon Passive ONLY on Twitch:
Recon-ng https://github.com/lanmaster53/recon-ng
httpx https://github.com/projectdiscovery/httpx
isup.sh https://github.com/gitnepal/isup
Arjun https://github.com/s0md3v/Arjun
jSQL https://github.com/ron190/jsql-injection
Smuggler https://github.com/defparam/smuggler
Sn1per https://github.com/1N3/Sn1per
Spiderfoot https://github.com/smicallef/spiderfoot
Nuclei https://github.com/projectdiscovery/nuclei
Jaeles https://github.com/jaeles-project/jaeles
ChopChop https://github.com/michelin/ChopChop
Inception https://github.com/proabiral/inception
Eyewitness https://github.com/FortyNorthSecurity/EyeWitness
Meg https://github.com/tomnomnom/meg
Gau - Get All Urls https://github.com/lc/gau
Snallygaster https://github.com/hannob/snallygaster
NMAP https://github.com/nmap/nmap
Waybackurls https://github.com/tomnomnom/waybackurls
Gotty https://github.com/yudai/gotty
GF https://github.com/tomnomnom/gf
GF Patterns https://github.com/1ndianl33t/Gf-Patterns
Paramspider https://github.com/devanshbatham/ParamSpider
XSSER https://github.com/epsylon/xsser
UPDOG https://github.com/sc0tfree/updog
JSScanner https://github.com/dark-warlord14/JSScanner
Takeover https://github.com/m4ll0k/takeover
Keyhacks https://github.com/streaak/keyhacks
S3 Bucket AIO Pwn https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn
BHEH Sub Pwner Recon https://github.com/blackhatethicalhacking/bheh-sub-pwner
GitLeaks https://github.com/zricethezav/gitleaks
Domain-2IP-Converter https://github.com/blackhatethicalhacking/Domain2IP-Converter
Dalfox https://github.com/hahwul/dalfox
Log4j Scanner https://github.com/Black-Hat-Ethical-Hacking/log4j-scan
Osmedeus https://github.com/j3ssie/osmedeus
getJS https://github.com/003random/getJS
A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.
FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.
A set of tools for making life easier with wordlists
related to web application security assessments and more specifically towards bug hunting in bug bounties.
Tips and Tutorials for Bug Bounty and also Penetration Tests.
Tutorials and Things to Do while Hunting Vulnerability.
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
All about bug bounty (bypasses, payloads, and etc)
