Bug Bounty
Explore 32 curated tools and resources
LATEST ADDITIONS
A fast and reliable port scanner for attack surface discovery
A repository containing material from a talk on sub-domain enumeration techniques
Converts the format of various S3 buckets for bug bounty and security testing.
A company that helps organizations create security-aware teams and produce bug-free software.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A comprehensive collection of security assessment lists for security testers.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
A Burp plugin for identifying potential vulnerabilities in web applications
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
Repository of tools for testing iPhone messaging by Project Zero
A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
A collection of real-world scenarios to evaluate command injection detection and exploitation abilities
Comprehensive reference guide for bug bounty hunters with detailed information on various vulnerabilities, platforms, tools, and best practices.
A repository containing hourly-updated data dumps of bug bounty platform scopes
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Solve password-riddles on a website without logins or ads.
A platform offering hacking missions to test and enhance skills.
Platform for users to test cybersecurity skills by exploiting vulnerabilities.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
A deliberately vulnerable modern day app with lots of DOM related bugs
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A deliberately weak and insecure implementation of GraphQL for testing and practicing GraphQL security
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
A categorized collection of bug bounty write-ups for various vulnerabilities.
A tool for testing Cross Site Scripting vulnerabilities
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security