A list of resources for those interested in getting started in bug bounties

Open-source vulnerability disclosure and bug bounty program database

BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

A handy plugin for copying requests/responses directly from Burp, some extra magic included.

bug bounty

This repo is for people that are searching for IT Security Specialists in their native language, or for people that are language learners and just want to immerse more!

A handy tool for bug bounty hunters/pentesters to check the http status codes of all the links/URLs collectively

NullTrace – Python 3 web recon and intelligence toolkit for authorized penetration testers and bug bounty hunters. Port scanning, CMS detection, WordPress recon, server-wide site enumeration, Cloudflare bypass checking, SQL error detection —

ShadowEye – Comprehensive OSINT framework for security researchers, bug bounty hunters, and investigators. Aggregates intelligence across usernames, phones, emails, domains, and more from a unified terminal interface. Fork of Mr.Holmes, security-audited and rebuilt.

A highly automated and modular bug bounty reconnaissance toolkit integrating over 15 industry-standard tools for streamlined subdomain enumeration, vulnerability detection, and OSINT gathering. Designed for efficiency, scalability, and precision in real-world security assessments.

All-in-one Dockerized recon toolkit for security researchers — combines Subfinder, Sublist3r, MassDNS, dnsx, Assetfinder, and Nmap for comprehensive domain and subdomain intelligence gathering.

Detect and verify code bugs using three isolated AI agents to improve accuracy and reduce false positives in adversarial bug hunting.