HackerOne "in scope" domains

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

HackerOne资产更新 | 每日更新HackerOne资产，对HackerOne的资产进行爬行和整理，SRC资产更新仅会增加，不会进行删除，每天更新的可以进行差异化对比来获取到新的项目资产范围

Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities

Hacking tools

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

Bounty calculator for HackerOne users that have the display rewards option enabled

Track HackerOne reports and leaderboard changes on programs through a Discord webhook

Top disclosed reports from HackerOne

Bugbounty scope tool

Source code for Hacker101.com - a free online web and mobile security class.

List of reporting templates I have used since I started doing BBH.

Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]

Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.

A big list of Android Hackerone disclosed reports and other resources.

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. 挖洞辅助工具(漏洞扫描、信息收集)

A curated list of resources, tools, and wordlists for bug bounty hunters.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting