💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.
A python tool to check subdomain takeover vulnerability
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to collect old directories and paths for any domain which can helps you in your #OSINT and #recon process.
One stop place for Jira security reconnaissance and exploitation in your proximity
A Python script designed to monitor bug bounty programs for any changes and promptly notify users.
WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.
CloudSniffer is a powerful tool designed to aid in the discovery of the real IP address of a website protected by Cloudflare. It leverages brute force techniques by testing a list of IP addresses and analyzing the status codes returned by the server to uncover the actual IP address of the target website.
This is a useful Python script for extracting bug bounty or any other write-ups from every RSS.
Frida scripts for mobile application dynamic-analysis.
WebExtractor is a powerful OSINT and ethical hacking tool developed in Python. It is used to extract email addresses, phone numbers, and links from a target website
All In One, Fast, Easy Recon Tool
Domain Parser for IPAddress.com Reverse IP Lookup
Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server
simple recon tool to help you for searching vulnerability on web server
A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.
Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts
Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell.
Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.
grapX will iterate through the URLs and grep the endpoints with all possible extensions.
Add a description, image, and links to the bugbounty-tool topic page so that developers can more easily learn about it.
To associate your repository with the bugbounty-tool topic, visit your repo's landing page and select "manage topics."