Bug Hunter Handbook
  • Introduction
  • Getting Started in InfoSec and Bug Bounties.
  • Presentations
  • Checklists / Guides
  • Useful Twitter Threads
  • List of Vulnerabilities
    • Recon and OSINT
      • Recon
      • Sensitive information using Github
      • Subdomain Enumeration
        • Resolvers
      • Javascript Enumeration
      • After Recon
      • Finding Information Using Public Resources
      • OSINT
      • Cloud
      • Wayback
      • Parameter / Content Discovery
      • Broken Link Highjacking
    • Host Header
    • Injection
      • Other Injection
    • DNS Rebinding
    • Cross Site Scripting (XSS)
      • Weaponizing XSS
      • WAF Bypass
    • Cross Origin Resource Sharing (CORS)
    • Local / Remote File Inclusion (LFI / RFI)
    • Server Side Request Forgery (SSRF)
    • Remote Code Execution (RCE)
    • XML Entity Injecton (XXE)
    • Price Manipulation
    • Directory / Path Traversal
    • Cross Site Request Forgery (CSRF)
      • JSON CSRF
    • Password Reset
    • Login Page Issues
    • Deserialization Attacks
    • File Upload
    • Account Takeover
    • Insecure Direct Object References (IDOR)
    • Open Redirect
    • Business Logic Flaws
    • Rate Limit Bypass / 2FA / OTP Bypass
    • Ruby on Rails
      • Mass Assginment
    • S3 Bucket
    • Race Condition
    • CRLF
    • SSTI
    • Prototype Pollution
  • Approach
  • API Security
  • Mobile Security
  • Fuzzing / Wordlists
  • BugBounty Short Write-ups
  • Burp Suite Tips and Tricks
  • HackerOne Reports
  • Response Manipulation
  • Client Vs Server Side Vulnerabilities
  • DevSecOps
  • Containers
    • Docker
    • Kubernetes
    • Containers
  • AWS
  • Azure
  • Others
    • Code Review
    • Web Sockets
    • Web Cache
    • HTTP Desync Attacks
    • Zone Transfer
    • CSP Bypass
    • Payment Bypasses
    • Http Parameter Pollution
    • Postmessage
    • Others
    • GraphQL
    • Unix / Linux
    • Email Related
    • Dependency confusion
    • Nginx Misconfigs
    • JIRA
    • OAUTH
  • Chaining of Bugs
  • Bug Bounty Automation
  • Mindmaps
  • Oneliner Collections
  • Red Teaming
  • Blue Teamining
  • Recon One Liners
  • Misc
  • Wordpress
  • Fuzzing / FuFF
  • OWASP ZAP
  • Bug List
  • Setting up burp collaborator
  • Admin Panel PwN
  • Credential Stuffing / Dump / HaveibeenPwned?
  • Tools Required
  • Nuclei Template
  • Other BugBounty Repos / Tips
  • Interview
  • Threat Modelling
  • AppSec
Powered by GitBook
On this page

Was this helpful?

Bug Bounty Automation

PreviousChaining of BugsNextMindmaps

Last updated 3 years ago

Was this helpful?

Rengine:-
An automated recon framework for web applications
https://github.com/yogeshojha/rengine

Jaeles:-
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.
https://github.com/jaeles-project/jaeles

DeepExploit:-
Fully automatic penetration test tool using Deep Reinforcement Learning.
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit

SAIVS:-
Spider Artificial Intelligence Vulnerability Scanner.
https://github.com/13o-bbr-bbq/SAIVS

GyoiThon:-
GyoiThon is Intelligence Gathering tool for Web Server.
https://github.com/gyoisamurai/GyoiThon

DeepGenerator:-
Fully automatically generate injection codes for web application assessment using Genetic Algorithm and Generative Adversarial Networks.
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/Generator

PyRecommender:-
PyRecommender can recommend optimal injection code for detecting web app vulnerabilities.
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/Recommender

- video

https://github.com/j3ssie/Osmedeus
https://twitter.com/c0rv4x/status/1131589593944526849
https://github.com/c0rvax/project-black
https://github.com/Mad-robot/Spartan
https://github.com/jaeles-project/jaeles
https://github.com/AlexisAhmed/BugBountyToolkit
https://www.youtube.com/watch?v=9fIhzGj148Y
https://github.com/LifeHack3r/Scavenger
https://github.com/yogeshojha/rengine
https://github.com/0xdekster/ReconNote
https://github.com/AlexisAhmed/BugBountyToolkit
https://github.com/Anon-Exploiter/subdomainsEnumerator
https://github.com/ShutdownRepo/Exegol
https://hub.docker.com/r/ca3s1m/bugbounty-toolkit
https://github.com/AvasDream/pentesting-dockerfiles
https://github.com/pry0cc/axiom
https://github.com/harsh-bothra/Bheem
https://github.com/rockybhai0516/maha/blob/main/maha.sh
https://github.com/Mad-robot/Spartan
https://github.com/x1mdev/ReconPi
https://github.com/six2dez/reconftw
https://sidxparab.medium.com/best-bugbounty-recon-toolebe635d3b363-ebe635d3b363
https://github.com/dreamer1eh/ultimate_bughunter_tools
https://github.com/intelowlproject/IntelOwl
https://github.com/Cyber-Guy1/BlackDragon
https://github.com/storenth/lazyrecon
https://www.oreilly.com/content/automating-xss-detection-in-the-ci-cd-pipeline-with-xss-checkmate/