A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
A collection of custom security tools for quick needs.
Python library and CLI for the Bug Bounty Recon API
Self-hosted passive subdomain continous monitoring tool.
Find sensitive information using dorks from different search-engines.
All In One, Fast, Easy Recon Tool
CloudSniffer is a powerful tool designed to aid in the discovery of the real IP address of a website protected by Cloudflare. It leverages brute force techniques by testing a list of IP addresses and analyzing the status codes returned by the server to uncover the actual IP address of the target website.
Rapidly enumerate subdomains and domains using rapiddns.io.
grapX will iterate through the URLs and grep the endpoints with all possible extensions.
Juniper Firewalls CVE-2023-36845 - RCE
DNS hijacking via dead records automation tool
A small tool to help developers understand a huge set of security requirements from appsec teams
Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.
Detect Program Bug Bounty
Subdosec is a fast, accurate subdomain takeover scanner with no false positives. It also offers a database of sites vulnerable to subdomain takeover (public results), along with detailed metadata like IP, CNAME, TITLE, and STATUS CODE for reconnaissance to identify potential new vulnerabilities.
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Online tips and explain the commands, for the better understanding of new hunters..
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
Extract endpoints from specific Git repository for fuzzing
hostinject (Host Header Injection) Tool is a Python script that allows you to perform host header injection vulnerability testing on a target URL or a list of URLs. It injects various header values and checks for potential vulnerabilities.
Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit
Add a description, image, and links to the bugbountytips topic page so that developers can more easily learn about it.
To associate your repository with the bugbountytips topic, visit your repo's landing page and select "manage topics."