JSFScan.sh – Automation For Javascript Recon In Bug Bounty

Blog can be found at https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7 Script made for all your javascript recon automation in bugbounty. Just pass subdomain list to it and options according to your preference. Features 1 – Gather Jsfile Links from different sources.2 – Import File Containing JSUrls3 – Extract Endpoints from Jsfiles4 – Find Secrets from Jsfiles5 – Get JsfilesRead More

PCWT – A Web Application That Makes It Easy To Run Your Pentest And Bug Bounty Projects

A web application that makes it easy to run your pentest and bug bounty projects. Description The app provides a convenient web interface for working with various types of files that are used during the pentest, automate port scan and subdomain search. Main page   Project settings Domains dashboard   Port scan You can scanRead More

Awesome Android Security – A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG – Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android’s Google Play Core Library: details, explanation and the PoC – CVE-2020-8913 Android: Access to appRead More

Bbrecon – Python Library And CLI For The Bug Bounty Recon API

Bug Bounty Recon (bbrecon) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet “safe harbor” attack surface, excluding out-of-scope targets.It comes with an ergonomic CLI and Python library.This repository holds the CLI and Python library. Please see the website for moreRead More

Quiver – Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing

Quiver is the tool to manage all of your tools. It’s an opinionated and curated collection of commands, notes and scripts for bug bounty hunting and penetration testing. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Global variables Prefills the command line, doesn’t hide commands from you Built-in logbook for on-the-fly notes, saving commands RendersRead More

Axiom – A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!

Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty and pentesting. Axiom right now is perfect for teams as small as one person, without costing you much at all to run. And by not much to run at all, I mean, less than 5 bucks a monthRead More

Needle – Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip

Chrome extension for Instant access to your bug bounty submission dashboard of various platforms + publicly disclosed reports + #bugbountytip Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark, type on the url bar and have fussRead More

Git-Scanner – A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public

This tool can scan websites with open .git repositories for Bug Hunting/ Pentesting Purposes and can dump the content of the .git repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list. Installation – git clone https://github.com/HightechSec/git-scanner- cd git-scanner- bash gitscanner.shRead More

X