💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
-
Updated
May 11, 2024 - Python
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.
A python tool to check subdomain takeover vulnerability
A Python script designed to monitor bug bounty programs for any changes and promptly notify users.
WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.
Frida scripts for mobile application dynamic-analysis.
Domain Parser for IPAddress.com Reverse IP Lookup
This is a useful Python script for extracting bug bounty or any other write-ups from Medium.com and other websites (soon).
Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server
All In One, Fast, Easy Recon Tool
CloudSniffer is a powerful tool designed to aid in the discovery of the real IP address of a website protected by Cloudflare. It leverages brute force techniques by testing a list of IP addresses and analyzing the status codes returned by the server to uncover the actual IP address of the target website.
simple recon tool to help you for searching vulnerability on web server
grapX will iterate through the URLs and grep the endpoints with all possible extensions.
A CDN Domain Fronting Tool or Websocket Discovery written in Python
Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell.
DNS hijacking via dead records automation tool
3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company
Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.
Find host header injections and perform Host Header attacks with other kind of bugs like web cache poisoning
Add a description, image, and links to the bugbounty-tool topic page so that developers can more easily learn about it.
To associate your repository with the bugbounty-tool topic, visit your repo's landing page and select "manage topics."