A tool to fastly get all javascript sources/files

A next-generation crawling and spidering framework.

「🔑」A tool used to hunt down API key leaks in JS files and pages

Enumerate the permissions associated with AWS credential set

A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!

A hacking tool for bug bounties. Sharing and modifying is encouraged!

Rockyou for web fuzzing

Fluxion is a remake of linset by vk496 with enhanced functionality.

I collected it to help the bug hunter get a reward

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

Automated Recon for Pentesting & Bug Bounty

ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )

R3C0Nizer is the first ever CLI based menu-driven web application B-Tier recon framework.

A Python based scanner to find potential SSRF parameters in a web application.

CVE-2022-1388 F5 BIG-IP RCE 批量检测

The most exhaustive list of reliable DNS resolvers.

The purpose of #Learn365 collection is to create informational content in multiple codecs and share with the community to allow knowledge advent and studying.

The Swiss Army knife for automated Web Application Testing

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

A list of interesting payloads, tips and tricks for bug bounty hunters.

Burp plugin able to find reflected XSS on page in real-time while browsing on site

Pemburu AKA GoldDigger.

Find, verify, and analyze leaked credentials

Jeeves SQLI Finder

Responser

An automated target reconnaissance pipeline.

A fast, simple, recursive content discovery tool written in Rust.

Find secret keys from JS file