Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulation techniques. It also includes fuzzing for HTTP methods an…

DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.

list of regex patterns for oauth / api tokens with provided source

Dump files via Directory Traversal, LFI, Arbitrary File Read in a breeze with the help of ffuf

🕵️‍♂️🔍 A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.

Bugcrowd’s baseline priority ratings for common security vulnerabilities

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa…

Automated Tool for Testing Header Based Blind SQL Injection

Cheatsheet to exploit and learn SQL Injection.

Bug Bounty Testing Essential Guideline : Startup Bug Hunters

This is a SMS And Call Bomber For Linux And Termux

🎯 Fast CORS misconfiguration vulnerabilities scanner

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter

This tool is a simple LFI, RFI, RCE, and Joomla Components vulnerability scanner, created by JayCyberSecurity

A curated list of Android Security materials and resources For Pentesters and Bug Hunters

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer

Web Attack Cheat Sheet

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

A collection of one-liners for bug bounty hunting.

1337 Wordlists for Bug Bounty Hunting

HTTP Request Smuggling Detection Tool