This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers.(expectations)

List of reporting templates I have used since I started doing BBH.

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.

Hacking tools

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

Ruby library for interacting with Bugcrowd's VRT

Bugcrowd’s baseline priority ratings for common security vulnerabilities

A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the CLI.

this bash script aims in downloading the private rewarding scope, this can be modified by changinf the url https://bugcrowd.com/programs.json?vdp[]=false&sort[]=promoted-desc&hidden[]=false&page[]=0', this scripts stores all the urls under the code name of each project so it will create multiple text files under the folder bugcrowd_recon

CloneAllFollowersRepos is an essential tool in this exploration, enabling detailed analysis of your enterprise collaborators' repositories.

This repository is a collection of in-depth articles documenting the bug hunting journey within our codebase. Each article is dedicated to a specific bug, issue, or vulnerability that has been identified and resolved during the development process.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Tips and Tutorials for Bug Bounty and also Penetration Tests.

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

Pointer is a Fast Simple Lightweight Tool for Endpoint Discovery.

Python implementation of a Bugcrowd api client.

⚡Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...