Source code for Hacker101.com - a free online web and mobile security class.

HackerOne Platform Documentation

Top disclosed reports from HackerOne

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A big list of Android Hackerone disclosed reports and other resources.

HackerOne资产更新 | 每日更新HackerOne资产，对HackerOne的资产进行爬行和整理，SRC资产更新仅会增加，不会进行删除，每天更新的可以进行差异化对比来获取到新的项目资产范围

BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔

Hacker101 CTF Writeup

HackerOne "in scope" domains

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. 挖洞辅助工具(漏洞扫描、信息收集)

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

Bugbounty scope tool

List of reporting templates I have used since I started doing BBH.

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

Hacking tools

Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]