Bug Bounty
Showing 21 of 21 projects
A curated collection of hacking tutorials, tools, and resources for security education and penetration testing.
A fast, passive subdomain enumeration tool for security researchers and penetration testers.
A curated collection of web security resources, tools, and research materials for learning penetration techniques.
A Python tool for fast subdomain enumeration using OSINT and bruteforce, designed for penetration testers and bug hunters.
A community-curated collection of payloads, tools, and techniques for bug bounty hunters and security researchers.
A curated list of bug bounty programs, write-ups, and resources for security researchers and ethical hackers.
A curated collection of XSS resources including payloads, polyglots, bypass techniques, and tools for security researchers.
A dynamic infrastructure framework for distributing security scanning workloads across multiple cloud instances.
A Python script that discovers endpoints and their parameters in JavaScript files for penetration testing and bug hunting.
A categorized collection of bug bounty write-ups organized by vulnerability type for security researchers.
A curated collection of proof-of-concept exploits for Common Vulnerabilities and Exposures (CVEs).
A collection of potentially dangerous file names and paths for security testing and fuzzing.
A semi-automatic OSINT framework and package manager for gathering intelligence and enumerating attack surfaces.
A curated collection of disclosed Android security reports from HackerOne and educational resources for vulnerability research.
A virtual host scanner for penetration testing that performs reverse lookups, detects catch-all scenarios, and works around wildcards and aliases.
Automated deployment of red team infrastructure using Docker with a web interface for managing offensive security tools.
A cross-platform static code analysis tool for mobile applications (APK/IPA) to find security vulnerabilities like hardcoded credentials and API keys.
A vulnerable Android CTF application demonstrating real-world security vulnerabilities and exploitation techniques.
A utility for bug hunters and organizations to identify Blind Cross-Site Scripting vulnerabilities via customizable payloads and notifications.
A fast scanning and attack toolkit for identifying and exploiting GitHub Actions vulnerabilities at scale.
A curated collection of CVEs, research, tools, and resources for WebSocket security testing and vulnerability research.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.