A collection of awesome one-liner scripts especially for bug bounty tips.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

All Things Bug Bounty

Repository of Bug-Bounty Writeups

A basic webapp to test XSS payloads.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

oneliner commands for bug bounties

Bugcrowd’s baseline priority ratings for common security vulnerabilities

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Fast passive subdomain enumeration tool.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".

A list of resources for those interested in getting started in bug bounties

A Python script designed to monitor bug bounty programs for any changes and promptly notify users.

Burp Extension for a passive scanning JS files for endpoint links.

A python script that finds endpoints in JavaScript files

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

List of Google Dorks for sites that have responsible disclosure program / bug bounty program

Source code for Hacker101.com - a free online web and mobile security class.