LazyHunter is an automated reconnaissance tool designed for bug hunters, leveraging Shodan's InternetDB and CVEDB APIs

🎯 Open Redirect Payload List

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Content discovery wordlists generated using BigQuery

In-depth attack surface mapping and asset discovery

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

CeWL is a Custom Word List Generator

Self-hosted bug bounty programs that are "scammy" or unethical

♥

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Content-Type Research

XSS payloads for exploiting Markdown syntax

SOC Interview Questions

Not so awesome Web3 Security Reasearcher roadmap by tpiliposian

Web path scanner

Fetch all the URLs that the Wayback Machine knows about for a domain

Scanning pastebin with yara rules

Find, verify, and analyze leaked credentials

Reconnaissance tool for GitHub organizations

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

A security tool for grabbing screenshots of many web hosts

Generates permutations, alterations and mutations of subdomains and then resolves them

Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists