A list of interesting payloads, tips and tricks for bug bounty hunters.

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

Fast passive subdomain enumeration tool.

This is a useful Python script for extracting bug bounty or any other write-ups from every RSS.

An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms.

Automatic SQL injection and database takeover tool

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Fast web fuzzer written in Go

Hidden parameters discovery suite

HTTP parameter discovery suite.

In-depth attack surface mapping and asset discovery

Find domains and subdomains related to a given domain

Smart Setup Server For BugBounty

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

This is a useful Python script for generating a target specific wordlist for fuzzing backup files.

A Python script designed to monitor bug bounty programs for any changes and promptly notify users.