Skip to main content
Context Awesome

awesome-bugbounty-tools

github.com/vavkamil/awesome-bugbounty-tools

A curated list of various bug bounty tools

6k
GitHub Stars
395
Curated Resources
4
Categories
20 hours ago
Last Refreshed
ReconExploitationMiscellaneousUncategorized

Use this list with your AI agent

Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:

"Show me buckets resources from awesome-bugbounty-tools"

Installation instructions →

What's inside

Miscellaneous

  • 2tearsinabucketBuckets

    Enumerate s3 buckets for a specific target.

  • aemhackerCMS

    Tools to identify vulnerable Adobe Experience Manager (AEM) webapps.

  • aemscanCMS

    Adobe Experience Manager Vulnerability Scanner

  • altdnsPermutation

    Generates permutations, alterations and mutations of subdomains and then resolves them.

  • alterxPermutation

    Fast and customizable subdomain wordlist generator using DSL. alterx takes patterns as input and generates subdomain permutation wordlist based on that pattern.

  • anewUseful

    A tool for adding new lines to files, skipping duplicates

Recon

  • AmassSubdomain Enumeration

    In-depth Attack Surface Mapping and Asset Discovery

  • aquatoneScreenshots

    Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.

  • ArjunParameters

    HTTP parameter discovery suite.

  • as3ntSubdomain Enumeration

    Another Subdomain ENumeration Tool

  • assetfinderSubdomain Enumeration

    Find domains and subdomains related to a given domain

  • bbotSubdomain Enumeration

    A recursive internet scanner for hackers

Exploitation

  • andorSQL Injection

    Blind SQL Injection Tool with Golang

  • AutorizeInsecure Direct Object References

    Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily

  • BitBlinderXSS Injection

    BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities

  • BlinderSQL Injection

    A python library to automate time-based blind SQL injection

  • BruteXSSXSS Injection

    BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application.

  • Burp-LFI-testsFile Inclusion

    Fuzzing for LFI using Burpsuite

Uncategorized

  • android-security-awesome

    A collection of android security related resources

  • asnmap

    Go CLI and Library for quickly mapping organization network ranges using ASN information.

  • awesome-mobile-security

    An effort to build a single place for all useful android and iOS security related stuff.

  • awesome-vulnerable-apps

    Awesome Vulnerable Applications

  • BigBountyRecon

    BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

  • bountyplz

    Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)

Showing a sample of 395 resources. View the full list on GitHub →