A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Gosint is a distributed asset information collection and vulnerability scanning platform
Change monitoring app that checks the content of web pages in different periods.
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
Discover hidden debugging parameters and uncover web application secrets
A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
This extension will help you to detect GET/POST based XSS vulnerability in any website easily
Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks
Opensource assets and vulnerability scanning tool
A simple browser extension to quickly find interesting security-related information on a webpage.
My personal bug bounty toolkit.
Nodesub is a command-line tool for finding subdomains in bug bounty programs
Find XSS payloads that actually work by filtering them based on real-world constraints instead of blind payload spraying.
⚡Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...