Bug Bounty
Explore 32 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
A fast and reliable port scanner for attack surface discovery
A repository containing material from a talk on sub-domain enumeration techniques
A repository containing material from a talk on sub-domain enumeration techniques
Converts the format of various S3 buckets for bug bounty and security testing.
Converts the format of various S3 buckets for bug bounty and security testing.
A company that helps organizations create security-aware teams and produce bug-free software.
A company that helps organizations create security-aware teams and produce bug-free software.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A comprehensive collection of security assessment lists for security testers.
A comprehensive collection of security assessment lists for security testers.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
A Burp plugin for identifying potential vulnerabilities in web applications
A Burp plugin for identifying potential vulnerabilities in web applications
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
Repository of tools for testing iPhone messaging by Project Zero
Repository of tools for testing iPhone messaging by Project Zero
A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.
A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
A collection of real-world scenarios to evaluate command injection detection and exploitation abilities
A collection of real-world scenarios to evaluate command injection detection and exploitation abilities
Comprehensive reference guide for bug bounty hunters with detailed information on various vulnerabilities, platforms, tools, and best practices.
Comprehensive reference guide for bug bounty hunters with detailed information on various vulnerabilities, platforms, tools, and best practices.
A repository containing hourly-updated data dumps of bug bounty platform scopes
A repository containing hourly-updated data dumps of bug bounty platform scopes
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Solve password-riddles on a website without logins or ads.
A platform offering hacking missions to test and enhance skills.
Platform for users to test cybersecurity skills by exploiting vulnerabilities.
Platform for users to test cybersecurity skills by exploiting vulnerabilities.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
RDP based Honeypot that creates virtual machines for incoming connections and analyzes traffic with Suricata.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
A deliberately vulnerable modern day app with lots of DOM related bugs
A deliberately vulnerable modern day app with lots of DOM related bugs
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A deliberately weak and insecure implementation of GraphQL for testing and practicing GraphQL security
A deliberately weak and insecure implementation of GraphQL for testing and practicing GraphQL security
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
A categorized collection of bug bounty write-ups for various vulnerabilities.
A categorized collection of bug bounty write-ups for various vulnerabilities.
A tool for testing Cross Site Scripting vulnerabilities
