Bug Bounty

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

A list of resources for those interested in getting started in bug bounties

Fast passive subdomain enumeration tool.

OneForAll是一款功能强大的子域收集工具

Community curated list of templates for the nuclei engine to find security vulnerabilities.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

An HTTP toolkit for security research.

A list of interesting payloads, tips and tricks for bug bounty hunters.

Collection of methodology and test case for various web vulnerabilities.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

A Workflow Engine for Offensive Security

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

All about bug bounty (bypasses, payloads, and etc)

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Automated All-in-One OS Command Injection Exploitation Tool.

Scanning APK file for URIs, endpoints & secrets.