Awesome-Mirrors/awesome-bugbounty-tools
1
0
Fork 0
mirror of https://github.com/vavkamil/awesome-bugbounty-tools.git synced 2025-01-30 23:23:21 -05:00
Code Issues Packages Projects Releases Wiki Activity
6 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Kamil Vavra 7c19cdd2a4
Update README.md
2021-01-11 22:42:53 +01:00
README.md
Update README.md
2021-01-11 22:42:53 +01:00

README.md

Awesome Bug Bounty Tools Awesome

Curated list of various bug bounty tools

Contents

Exploitation

Lorem ipsum dolor sit amet

CORS Misconfiguration

Lorem ipsum dolor sit amet

  • Corsy - CORS Misconfiguration Scanner
  • CORStest - A simple CORS misconfiguration scanner
  • cors-scanner - A multi-threaded scanner that helps identify CORS flaws/misconfigurations

JSON Web Token

Lorem ipsum dolor sit amet

  • jwt_tool - A toolkit for testing, tweaking and cracking JSON Web Tokens
  • c-jwt-cracker - JWT brute force cracker written in C
  • jwt-heartbreaker - The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
  • jwtear - Modular command-line tool to parse, create and manipulate JWT tokens for hackers
  • jwt-key-id-injector - Simple python script to check against hypothetical JWT vulnerability.

Server Side Request Forgery

Lorem ipsum dolor sit amet

  • SSRFmap - Automatic SSRF fuzzer and exploitation tool

  • Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

  • ground-control - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

  • Gf-Patterns - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

  • SSRFire - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects

  • httprebind - Automatic tool for DNS rebinding-based SSRF attacks

  • ssrf-sheriff - A simple SSRF-testing sheriff written in Go

  • B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF

  • extended-ssrf-search - Smart ssrf scanner using different methods like parameter brute forcing in post and get...

  • gaussrf - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.

  • ssrfDetector - Server-side request forgery detector

  • grafana-ssrf - Authenticated SSRF in Grafana

  • sentrySSRF - Tool to searching sentry config on page or in javascript files and check blind SSRF

  • -

  • -

  • -

  • -

  • -

  • -

  • -

  • -

postMessage

Lorem ipsum dolor sit amet

  • postMessage-tracker - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
  • PostMessage_Fuzz_Tool - #BugBounty #BugBounty Tools #WebDeveloper Tool

Contribute

Contributions welcome! Read the contribution guidelines first.

License

CC0

To the extent possible under law, vavkamil has waived all copyright and related or neighboring rights to this work.

Description
A curated list of various bug bounty tools
awesomeawesome-listbugbountysecurity-toolstoolsweb-security
Readme CC0-1.0 576 KiB
Languages
Markdown 100%