MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way …

Curated list of Unix binaries that can be exploited to bypass system security restrictions

Contextual Content Discovery Tool

Automated & Manual Wordlists provided by Assetnote

Work in progress...

Wi-Fi Exploitation Framework

A cheatsheet for exploiting server-side SVG processors.

A wrapper around grep, to help you grep for things

A tool for adding new lines to files, skipping duplicates

Accept URLs on stdin, replace all query string values with a user-supplied value

Most advanced XSS scanner.

🎯 SQL Injection Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

File upload vulnerability scanner and exploitation tool.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

declutters url lists for crawling/pentesting

Web application fuzzer

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A 1 Liner SQL Injection Attack using SQLMAP and various parameters that helps quickly check for a vulnerabilities during Bug Bounty

An AIO Tool to check for Vulnerable Amazon S3 Buckets as part of Bug Bounty, the uniqueness of this tool is that it can take a file full of buckets, and check all of them with various attack scenar…

A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)

XSS Rocket is written by Black Hat Ethical Hacking with the help of #ChatGPT as experimentation, with a lot of hours spent modifying the code generated by ChatGPT, and is designed for Offensive Sec…

Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

SQLMutant is a comprehensive SQL injection testing tool that provides several features to test for SQL injection vulnerabilities in web applications, uses various techniques to detect vulnerabiliti…

Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and exploits but also gather all the technology running behi…

ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.

Bug Bounty Tools used on Twitch - Recon

A curated list of various bug bounty tools

Collection of Threat Models