Automation for javascript recon in bug bounty.
-
Updated
Sep 9, 2023 - Shell
Automation for javascript recon in bug bounty.
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behind them for further investigation for a potential target.
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
R3C0Nizer is the first ever CLI based menu-driven web application B-Tier recon framework.
Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Random Tools for Bug Bounty
Enumerate Subdomains Through Google Dorks
TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.
Find Email Spoofing Vulnerablity of domains
API Key/Token Exploitation Made easy.
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Running nuclei Continuously
XSS Finder Via SSTI
Resources, repos and scripts for pentesters and bug bounty.
It grep subdomains, email/username, build custom wordlist etc from gau results
Bash script to automate Bug Bounty Reconnaissance
Add a description, image, and links to the bugbounty-tool topic page so that developers can more easily learn about it.
To associate your repository with the bugbounty-tool topic, visit your repo's landing page and select "manage topics."