Bug Bounty

MCP server enabling AI agents to autonomously run 150+ security tools

A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.

A JavaScript security scanning platform that detects exposed secrets, API keys, and vulnerabilities in JavaScript files through continuous monitoring and automated discovery.

SecTemplates provides free security program templates, runbooks, and documentation resources for information security professionals and engineering teams.

A fast and reliable port scanner written in Go, designed for attack surface discovery in bug bounties and penetration testing.

Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.

A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.

A subdomain enumeration tool for bug hunting and pentesting

A company that helps organizations create security-aware teams and produce bug-free software.

A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.

A fast web crawler for discovering endpoints and assets within web applications during security reconnaissance.

A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.

A black-box reconnaissance tool that discovers cloud infrastructure, files, and applications across major cloud providers for security testing purposes.

Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.

A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.

A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.

A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.

A HackerOne-managed bug bounty program dedicated to identifying and fixing security vulnerabilities in the Node.js ecosystem.

A comprehensive reference guide covering various web application vulnerabilities, testing techniques, and resources for bug bounty hunters and security researchers.

A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.

A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.

Solve password-riddles on a website without logins or ads.

A platform offering hacking missions to test and enhance skills.

Platform for users to test cybersecurity skills by exploiting vulnerabilities.