Skip to main content
IT Blog IT Blog
  1. All Posts/

Bug-Bounty

Tools Shell

בס״ד

⚜️ Aภl๏miuภuຮ ⚜️


HacKingPro

TryHackMe | KoTH

⫷ **Privilege-Escalation**⫸

ScanPro | Linfo | Diablo

Offensive-Security | PenTest

Goals | Studies | HacKing | AnyTeam

Bug Bounty

GitHub Bounty

GitHub Security Bug Bounty

Software security researchers are increasingly engaging with internet companies to hunt down vulnerabilities.

Our bounty program gives a tip of the hat to these researchers and provides rewards of $30,000 or more for critical vulnerabilities.

Awesomes

  • Awesome Bug Bounty Tools

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-a-curated-list-of-various-bug-bounty-tools" class="anchor" aria-hidden="true" href="#a-curated-list-of-various-bug-bounty-tools"></a>A curated list of various bug bounty tools
  </h3>
  
  <p>
    https://github.com/vavkamil/awesome-bugbounty-tools
  </p>
</blockquote>

  • Awesome Bug Bounty

    <blockquote>
  <p>
    A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters.
  </p>
</blockquote>

  • Awesome CTF

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-a-curated-list-of-capture-the-flag-ctf-frameworks-libraries-resources-softwares-and-tutorials-this-list-aims-to-help-starters-as-well-as-seasoned-ctf-players-to-find-everything-related-to-ctfs-at-one-place" class="anchor" aria-hidden="true" href="#a-curated-list-of-capture-the-flag-ctf-frameworks-libraries-resources-softwares-and-tutorials-this-list-aims-to-help-starters-as-well-as-seasoned-ctf-players-to-find-everything-related-to-ctfs-at-one-place"></a>A curated list of <code>Capture The Flag</code> (<code>CTF</code>) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.
  </h3>
</blockquote>

  • Awesome Bug Bounty Builder

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-awesome-bug-bounty-builder-project---all-common-tools-for-find-your-vulnerabilities" class="anchor" aria-hidden="true" href="#awesome-bug-bounty-builder-project---all-common-tools-for-find-your-vulnerabilities"></a>Awesome Bug bounty builder Project &#8211; ALL common Tools for find your Vulnerabilities.
  </h3>
  
  <p>
    <a rel="nofollow noopener" target="_blank" href="https://user-images.githubusercontent.com/51442719/174515020-8d952fcc-7385-4a41-9e5d-2d388baf953d.png"></a>
  </p>
</blockquote>

Books

  • Hacking-Books Here Are Some Popular Hacking PDF

  • The Threat Hunter Playbook ~ The Threat Hunter Playbook

  • The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. All the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks. The use of notebooks not only allow us to share text, queries and expected output, but also code to help others run detection logic against pre-recorded security datasets locally or remotely through BinderHub cloud computing environments.

Cheatsheets

  • Bug Bounty Cheat Sheet

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-a-list-of-interesting-payloads-tips-and-tricks-for-bug-bounty-hunters" class="anchor" aria-hidden="true" href="#a-list-of-interesting-payloads-tips-and-tricks-for-bug-bounty-hunters"></a>A list of interesting payloads, tips and tricks for bug bounty hunters.
  </h3>
</blockquote>

  • Bug Bounty Cheat Sheet

    <blockquote>
  <p>
    A list of interesting payloads, tips and tricks for bug bounty hunters.
  </p>
</blockquote>

Cheacklists

  • Galaxy-Bugbounty-Checklist

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-tips-and-tutorials-for-bug-bounty-and-also-penetration-tests" class="anchor" aria-hidden="true" href="#tips-and-tutorials-for-bug-bounty-and-also-penetration-tests"></a>Tips and Tutorials for Bug Bounty and also Penetration Tests.
  </h3>
</blockquote>

Tools

  • Bug Bounty Methodology & Tools

    <blockquote>
  <h3 dir="auto">
  </h3>
</blockquote>

Here are some of the tools that we use when we perform Live Recon Passive ONLY on Twitch:

  1. Recon-ng
    https://github.com/lanmaster53/recon-ng
  2. httpx
    https://github.com/projectdiscovery/httpx
  3. isup.sh
    https://github.com/gitnepal/isup
  4. Arjun
    https://github.com/s0md3v/Arjun
  5. jSQL
    https://github.com/ron190/jsql-injection
  6. Smuggler
    https://github.com/defparam/smuggler
  7. Sn1per
    https://github.com/1N3/Sn1per
  8. Spiderfoot
    https://github.com/smicallef/spiderfoot
  9. Nuclei
    https://github.com/projectdiscovery/nuclei
  10. Jaeles
    https://github.com/jaeles-project/jaeles
  11. ChopChop
    https://github.com/michelin/ChopChop
  12. Inception
    https://github.com/proabiral/inception
  13. Eyewitness
    https://github.com/FortyNorthSecurity/EyeWitness
  14. Meg
    https://github.com/tomnomnom/meg
  15. Gau – Get All Urls
    https://github.com/lc/gau
  16. Snallygaster
    https://github.com/hannob/snallygaster
  17. NMAP
    https://github.com/nmap/nmap
  18. Waybackurls
    https://github.com/tomnomnom/waybackurls
  19. Gotty
    https://github.com/yudai/gotty
  20. GF
    https://github.com/tomnomnom/gf
  21. GF Patterns
    https://github.com/1ndianl33t/Gf-Patterns
  22. Paramspider
    https://github.com/devanshbatham/ParamSpider
  23. XSSER
    https://github.com/epsylon/xsser
  24. UPDOG
    https://github.com/sc0tfree/updog
  25. JSScanner
    https://github.com/dark-warlord14/JSScanner
  26. Takeover
    https://github.com/m4ll0k/takeover
  27. Keyhacks
    https://github.com/streaak/keyhacks
  28. S3 Bucket AIO Pwn
    https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn
  29. BHEH Sub Pwner Recon
    https://github.com/blackhatethicalhacking/bheh-sub-pwner
  30. GitLeaks
    https://github.com/zricethezav/gitleaks
  31. Domain-2IP-Converter
    https://github.com/blackhatethicalhacking/Domain2IP-Converter
  32. Dalfox
    https://github.com/hahwul/dalfox
  33. Log4j Scanner
    https://github.com/Black-Hat-Ethical-Hacking/log4j-scan
  34. Osmedeus
    https://github.com/j3ssie/osmedeus
  35. getJS
    https://github.com/003random/getJS

  • BugDog

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-a-powerfull-bug-hunting-tool-supports-sql-xss-php-code-execution-ssrf-i-had-appended-my-own-payloads-which-i-had-founded-during-my-bug-hunting-rest-you-can-add-your-custom-payloads-too-" class="anchor" aria-hidden="true" href="#a-powerfull-bug-hunting-tool-supports-sql-xss-php-code-execution-ssrf-i-had-appended-my-own-payloads-which-i-had-founded-during-my-bug-hunting-rest-you-can-add-your-custom-payloads-too-"></a>A Powerfull BUG HUNTING TOOL. Supports SQL, XSS, PHP code execution, SSRF,&#8230;. I had Appended My Own Payloads which I had founded during my BUG Hunting Rest You can add Your CUSTOM payloads too 😉
  </h3>
  
  <p>
    <a rel="nofollow noopener" target="_blank" href="https://user-images.githubusercontent.com/51442719/174846835-7ca2ee10-92ef-408e-9e16-a1ac04c5c107.png"></a>
  </p>
  
  <ul dir="auto">
    <li>
      <h3 dir="auto">
        <a rel="nofollow noopener" target="_blank" id="user-content-note-bugdog-is-made-with-python-and-requires-python2-to-run-perfectly" class="anchor" aria-hidden="true" href="#note-bugdog-is-made-with-python-and-requires-python2-to-run-perfectly"></a>NOTE: BugDog is made with python and requires python2 to run perfectly.
      </h3>
    </li>
  </ul>
</blockquote>

  • Bug-Bounty-Tools: Random Tools for Bug Bounty

  • BigBountyRecon

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-bigbountyrecon-tool-utilises-58-different-techniques-using-various-google-dorks-and-open-source-tools-to-expedite-the-process-of-initial-reconnaissance-on-the-target-organisation" class="anchor" aria-hidden="true" href="#bigbountyrecon-tool-utilises-58-different-techniques-using-various-google-dorks-and-open-source-tools-to-expedite-the-process-of-initial-reconnaissance-on-the-target-organisation"></a>BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
  </h3>
</blockquote>

<ul dir="auto">
  <li>
    <a rel="nofollow noopener" target="_blank" href="https://user-images.githubusercontent.com/51442719/173207844-0c15a4ae-f7af-4733-a82d-6dd49873d087.png"></a>
  </li>
</ul>

  • Hack-Pet: 

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-hack-pet-is-collection-of-command-snippets-that-are-useful-to-hackersbug-bounty-hunters-" class="anchor" aria-hidden="true" href="#hack-pet-is-collection-of-command-snippets-that-are-useful-to-hackersbug-bounty-hunters-"></a>hack-pet is collection of command snippets that are useful to hackers/bug bounty hunters.<br />
  </h3>
  
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-it-is-similar-to-the-recon_profile-but-it-uses-the-pet-pet-can-manage-the-command-set-more-progressively-" class="anchor" aria-hidden="true" href="#it-is-similar-to-the-recon_profile-but-it-uses-the-pet-pet-can-manage-the-command-set-more-progressively-"></a>It is similar to the recon_profile, but it uses the pet. pet can manage the command set more progressively.<br />
  </h3>
  
  <p>
    <a rel="nofollow noopener" target="_blank" href="https://user-images.githubusercontent.com/51442719/173320602-a127a785-8833-4af6-bbe1-dd05e6008fee.png"></a><br /> <a rel="nofollow noopener" target="_blank" href="https://user-images.githubusercontent.com/51442719/173320551-b871c846-be09-4d24-9005-e5a3a8e72d1b.png"></a>
  </p>
</blockquote>

  • CTF-tool

    <blockquote>
  <p>
    A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.
  </p>
</blockquote>

  • Bug bounty toolkit

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-here-you-can-find-a-list-of-differents-tools-that-you-can-use-in-bug-bounty-or-pentesting" class="anchor" aria-hidden="true" href="#here-you-can-find-a-list-of-differents-tools-that-you-can-use-in-bug-bounty-or-pentesting"></a>Here you can find a list of differents tools that you can use in bug bounty or pentesting.
  </h3>
  
  <h4 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-some-categories-and-tools-will-be-added-as-we-go" class="anchor" aria-hidden="true" href="#some-categories-and-tools-will-be-added-as-we-go"></a>Some categories and tools will be added as we go.
  </h4>
  
  <h4 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-if-you-have-questions-or-suggestions-dont-hesitate-to-contact-me-on-twitter-httpstwittercom_sehno_" class="anchor" aria-hidden="true" href="#if-you-have-questions-or-suggestions-dont-hesitate-to-contact-me-on-twitter-httpstwittercom_sehno_"></a>If you have questions or suggestions, don&#8217;t hesitate to contact me on twitter (<a rel="nofollow noopener" target="_blank" href="https://twitter.com/_sehno">https://twitter.com/_sehno</a>_)
  </h4>
</blockquote>

  • BugHuntingToolKit

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-this-is-a-tool-for-bug-hunters-in-this-tool-i-have-included-the-tools-which-bug-hunters-use" class="anchor" aria-hidden="true" href="#this-is-a-tool-for-bug-hunters-in-this-tool-i-have-included-the-tools-which-bug-hunters-use"></a>This Is A Tool For Bug Hunters in this tool i have included the tools which bug hunters use
  </h3>
</blockquote>

  • Parrots Recon

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-recon-automation-for-bugbounties" class="anchor" aria-hidden="true" href="#recon-automation-for-bugbounties"></a>Recon Automation for BugBounties
  </h3>
</blockquote>

  • OK-VPS

    <blockquote>
  <p>
    <a rel="nofollow noopener" target="_blank" href="https://user-images.githubusercontent.com/51442719/174768684-043fcd77-991d-42d8-bf2b-9aca2eec5825.png"></a>
  </p>
  
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-bug-bounty-vps-setup-tools-installer" class="anchor" aria-hidden="true" href="#bug-bounty-vps-setup-tools-installer"></a>Bug Bounty Vps Setup Tools Installer
  </h3>
  
  <h4 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-with-these-tools-you-can-install-most-of-the-bug-bounty-tools-with-just-one-command-and-the-tool-has-been-modified-and-spelled-many-tools--special-thanks-supr4s-because-most-of-these-tools-modify-his-tools" class="anchor" aria-hidden="true" href="#with-these-tools-you-can-install-most-of-the-bug-bounty-tools-with-just-one-command-and-the-tool-has-been-modified-and-spelled-many-tools--special-thanks-supr4s-because-most-of-these-tools-modify-his-tools"></a>With these tools you can install most of the bug bounty tools with just one command and The tool has been modified and spelled many tools ## special thanks @supr4s Because most of these tools modify his tools
  </h4>
</blockquote>

  • kali-repos

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-kali-linux-containers-for-bug-bounty-and-ctfs" class="anchor" aria-hidden="true" href="#kali-linux-containers-for-bug-bounty-and-ctfs"></a>Kali Linux containers for bug bounty and CTFs
  </h3>
</blockquote>

  • Bot-Bounty

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-python-script-for-telegram-bot-is-specially-built-for-pentest--bug-bounty-its-like-a-telegram-shell" class="anchor" aria-hidden="true" href="#python-script-for-telegram-bot-is-specially-built-for-pentest--bug-bounty-its-like-a-telegram-shell"></a>Python Script for Telegram Bot is specially built for pentest & bug bounty. It&#8217;s like a telegram shell.
  </h3>
  
  <h4 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-you-will-be-notified-when-your-taskcommand-line-is-finished-with-results-this-bot-make-long-time-tasks-by-you-taking-off-the-need-of-your-attention-if-its-finished" class="anchor" aria-hidden="true" href="#you-will-be-notified-when-your-taskcommand-line-is-finished-with-results-this-bot-make-long-time-tasks-by-you-taking-off-the-need-of-your-attention-if-its-finished"></a>You will be notified when your task(command line) is finished with results. This bot make long time tasks by you, taking off the need of your attention if it&#8217;s finished.
  </h4>
  
  <p>
    <a rel="nofollow noopener" target="_blank" href="https://user-images.githubusercontent.com/51442719/174773861-5271f931-18b8-46bc-b088-0ee7e1277a03.png"></a><br /> <a rel="nofollow noopener" target="_blank" href="https://user-images.githubusercontent.com/51442719/174773924-4e2f431b-ac2a-4dbf-9e93-114947b2892a.png"></a>
  </p>
</blockquote>

  • Subdomains recon 

    <ul dir="auto">
  <li>
    amass
  </li>
  <li>
    subfinder
  </li>
  <li>
    assetfinder
  </li>
  <li>
    dnsgen
  </li>
  <li>
    shuffledns
  </li>
  <li>
    httprobe
  </li>
  <li>
    aquatone
  </li>
</ul>

  • Manual recon 

    <ul dir="auto">
  <li>
    <a rel="nofollow noopener" target="_blank" href="https://www.shodan.io/">shodan</a>
  </li>
  <li>
    <a rel="nofollow noopener" target="_blank" href="https://censys.io/">censys</a>
  </li>
  <li>
    <a rel="nofollow noopener" target="_blank" href="https://www.google.com">google dorks</a>
  </li>
  <li>
    <a rel="nofollow noopener" target="_blank" href="https://pastebin.com/">pastebin</a>
  </li>
  <li>
    github
  </li>
</ul>

  • Enumeration / Crawling 

    <ul dir="auto">
  <li>
    <a rel="nofollow noopener" target="_blank" href="https://nmap.org/download.html">nmap</a>
  </li>
  <li>
    ffuf
  </li>
  <li>
    hakrawler
  </li>
  <li>
    gau
  </li>
  <li>
    paramspider
  </li>
  <li>
    arjun
  </li>
  <li>
    parameth
  </li>
</ul>

  • XSS 

    <ul dir="auto">
  <li>
    <a rel="nofollow noopener" target="_blank" href="https://xsshunter.com">xsshunter</a>
  </li>
  <li>
    xsscrapy
  </li>
  <li>
    dalfox
  </li>
</ul>

  • SQL Injection 

    <ul dir="auto">
  <li>
    sqlmap
  </li>
  <li>
    waybacksqliscanner
  </li>
</ul>

Wordlists

  • Bug-Bounty-Wordlists

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-a-repository-that-includes-all-the-important-wordlists-used-while-bug-hunting" class="anchor" aria-hidden="true" href="#a-repository-that-includes-all-the-important-wordlists-used-while-bug-hunting"></a>A repository that includes all the important wordlists used while bug hunting.
  </h3>
</blockquote>

  • a-full-list-of-wordlists

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-this-contain-the-burp-pack" class="anchor" aria-hidden="true" href="#this-contain-the-burp-pack"></a>this contain the burp pack
  </h3>
</blockquote>

  • FuzzDB

    <blockquote>
  <p>
    FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It&#8217;s the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.
  </p>
</blockquote>

  • wordlist-tools

    <blockquote>
  <p>
    A set of tools for making life easier with wordlists
  </p>
</blockquote>

More

  • The Bug Hunter’s Methodology (TBHM)

    <blockquote>
  <p>
    related to web application security assessments and more specifically towards bug hunting in bug bounties.
  </p>
</blockquote>

  • Galaxy-Bugbounty-Checklist: 

    <blockquote>
  <p>
    Tips and Tutorials for Bug Bounty and also Penetration Tests.
  </p>
</blockquote>

  • HowToHunt

    <blockquote>
  <p>
    Tutorials and Things to Do while Hunting Vulnerability.
  </p>
</blockquote>

  • Awesome-Bugbounty-Writeups

    <blockquote>
  <p>
    A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
  </p>
</blockquote>

  • AllAboutBugBounty

    <blockquote>
  <p>
    All about bug bounty (bypasses, payloads, and etc)
  </p>
</blockquote>

  • HolyTips

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-a-collection-of-notes-checklists-writeups-on-bug-bounty-hunting-and-web-application-security" class="anchor" aria-hidden="true" href="#a-collection-of-notes-checklists-writeups-on-bug-bounty-hunting-and-web-application-security"></a>A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
  </h3>
</blockquote>

  • KingOfBugBountyTips

    <blockquote>
  <h3 dir="auto">
    <a rel="nofollow noopener" target="_blank" id="user-content-our-main-goal-is-to-share-tips-from-some-well-known-bughunters-using-recon-methodology-we-are-able-to-find-subdomains-apis-and-tokens-that-are-already-exploitable-so-we-can-report-them-we-wish-to-influence-onelinetips-and-explain-the-commands-for-the-better-understanding-of-new-hunters" class="anchor" aria-hidden="true" href="#our-main-goal-is-to-share-tips-from-some-well-known-bughunters-using-recon-methodology-we-are-able-to-find-subdomains-apis-and-tokens-that-are-already-exploitable-so-we-can-report-them-we-wish-to-influence-onelinetips-and-explain-the-commands-for-the-better-understanding-of-new-hunters"></a>Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
  </h3>
</blockquote>