Discover the Best Open-Source Bug-bounty Projects Sorted by Stars

Get Insights into Stars Growth, Contributions, Diversity, Bus Factor, and Community Governance. Optimize Your Project's Performance and Collaborate with a Thriving Community.

Hack-with-Github/Awesome-Hacking

A collection of various awesome lists for hackers, pentesters and security researchers

androidawesomebug-bountyfuzzinghackingpenetration-testingpentesting-windowsreverse-engineeringsecurity

68,639

nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

bug-bountybug-bounty-huntersbugbountyeducationhackershackinglearn2hackpentestssrfweb-securityxss

9,367

yogeshojha/rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

bug-bountybugbountyhackinginformation-gatheringinfosecosintpenetration-testingpentestingreconrecon-enginereconnaissancerenginescannerscanner-webscanningsecurity-tools

5,814

j3ssie/osmedeus

A Workflow Engine for Offensive Security

bug-bountybugbountygogolanghackinghacking-toolinformation-gatheringosintosmedeuspenetration-testingpentest-toolpentestingreconnaissancescanningsecuritysecurity-tools

4,650

pry0cc/axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

axiombug-bountydnsgendnsxffufgaugowitnesshacking-vpshttprobehttpxmasscanmassdnsmegnmapnucleishufflednssubfindertmux

3,441

skerkour/black-hat-rust

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

auditbeaconbug-bountybug-huntingc2hackinginfosecoffensive-securitypentestpentestingphishingred-teamrustscannersecuritysecurity-toolsshellcodestrojanviruswasm

2,587

dwisiswant0/awesome-oneliner-bugbounty

A collection of awesome one-liner scripts especially for bug bounty tips.

awesomebashbug-bountybugbountybugbountytipshacktoberfestliner-scriptsone-linersrecon

2,153

zan8in/afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.

afrogbug-bountypenetration-testingpentestpocred-teamingvulnerability-scannervulnerability-scanning-tools

2,043

inonshk/31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

api-pentestapi-securitybug-bountybugbountybugbountytipsinfosecpentestsecurity

1,974

tom0li/collection-document

Collection of quality safety articles. Awesome articles.

awesomebounty-huntersbug-bountyclouddnsfuzzgithubhackerhackingjavalistpentestredteamresearchsecsecuritysrcwafwebxss

1,897

haccer/subjack

Subdomain Takeover tool written in Go

bug-bountybugbountygogolanghostileinfosecpentestingsecuritysubdomainsubdomain-takeovertakeover

1,749

kpcyrd/sn0int

Semi-automatic OSINT framework and package manager

bug-bountycertificate-transparencyintelligenceinvestigationlocationluaosintosint-frameworkpentestingreconreconnaissancerustsecuritysecurity-auditsecurity-scanner

1,589

nsonaniya2010/SubDomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

bug-bountybugbountycloud-storage-servicesexternal-javascriptsfind-secretsfind-subdomainsmadeinindiapython3s3-buckets3-bucketssecretfindersecretssecuritysecurity-automationsecurity-toolssubdomain-enumerationsubdomain-scanner

1,587

wagiro/BurpBounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

bug-bountybugbountyburp-extensionsburpsuitevulnerability-detectionvulnerability-scanner

1,539

Cyber-Guy1/API-SecurityEmpire

API Security Project aims to present unique attack & defense methods in API Security field

apiapisecuritybug-bountybugbountybugbountytipscyberseccybersecurityinformation-securityinfosecpenetration-testingtips

1,192

0xHJK/dumpall

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

bug-bountydumpallgithackhackingpentestingpython3scannersecurityspidersvntools

1,077

Uniswap/v3-periphery

🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3

automated-market-makerbug-bountyethereumperipherysmart-contractsuniswap

1,028

j3ssie/metabigor

OSINT tools and more but without API ke

asnbug-bountybugbountybugbounty-toolsbugbountytipsinfosecip-osintip-rangeosintpentestingreconreconnaissancesecuritysecurity-toolssubdomainsubdomains

991

yassineaboukir/sublert

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

bug-bountycertificate-transparencycertificate-transparency-logshackinginformation-gatheringmonitoring-toolpenetration-testingpentestpythonreconnaissancesecuritysublert

933

Get updates on the fastest growing repos and cool stats about GitHub right in your inbox

Once per month. No spam.