Source code for Hacker101.com - a free online web and mobile security class.

Top disclosed reports from HackerOne

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

A big list of Android Hackerone disclosed reports and other resources.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. 挖洞辅助工具(漏洞扫描、信息收集)

Hacker101 CTF Writeup

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

HackerOne "in scope" domains

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Bugbounty scope tool

HackerOne Platform Documentation

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

A collection of hacker tools using HackerOne's API

List of reporting templates I have used since I started doing BBH.

Python library and CLI for the Bug Bounty Recon API