Practical Bug Bounty
Home
Bug Bounty Course
Knowledge Base
Resources
Challenges
Platforms
Programs
Philosophy
Contribute
Community
About
Contact
Bug Bounty Resources
Discover Blog Posts, Articles, Repositories, Videos, HackerOne Reports.
Search
Resource Types
Blog Post
10
GitHub Repository
305
Article
172
Video
17
HackerOne Report
11965
Tags
security
58
security-tools
20
bugbounty
17
penetration-testing
15
hacking
12
hacktoberfest
12
pentesting
11
golang
11
infosec
11
reconnaissance
9
osint
8
scanner
7
recon
7
enumeration
7
secrets
7
security-scanner
6
secrets-detection
5
devsecops
5
hacking-tool
5
bug-bounty
4
go
4
web
4
appsec
4
xss
3
rust
3
chrome-extension
3
python
3
chrome
3
pentest-tool
3
redteam
3
secret
3
scanning
3
credentials
3
fuzzer
3
github-api
3
pentest
3
awesome
2
secret-management
2
owasp
2
list
2
vulnerability
2
awesome-list
2
pentesting-tools
2
security-vulnerability
2
vulnerability-detection
2
attack-surface
2
ruby
2
penetration-testing-tools
2
bugbounty-tool
2
hacking-tools
2
firefox-extension
2
s3
2
aws
2
nmap
2
security-audit
2
penetration-test
2
tool
2
information-gathering
2
web-application-security
2
fuzzing
2
wordlist
2
subdomain-takeover
2
xss-detection
2
bug
2
oscp
2
chrome-headless
2
chromium
2
screenshots
2
blueteam
2
crawler
2
crawling
2
offensive-security
2
headless-chrome
2
git
2
trufflehog
2
information-retrieval
2
subdomain
2
endpoints
1
endpoint-discovery
1
gau
1
wayback-machine
1
alienvault
1
parser
1
payloads
1
fuzz
1
api
1
automation
1
rails
1
exploitation
1
vulnerability-scanner
1
takeover
1
ethical-hacking
1
traversal
1
lfi
1
rfi
1
directory-traversal
1
path-traversal
1
web-security
1
file-include
1
lfi-shells
1
lfi-vulnerability
1
inclusion
1
directory-traversal-vulnerability
1
graphql
1
nosql-injection
1
pentest-tools
1
race-conditions
1
devops-tools
1
sqlmap
1
nosql
1
mongodb
1
sqlmapapi
1
autoscan
1
sqlmap-webui
1
security-automation
1
sqlinjection
1
xss-scanner
1
xss-exploit
1
xss-bruteforce
1
payload
1
cicd-pipeline
1
bugbountytips
1
browser-extension
1
firefox
1
firefox-addon
1
bxss
1
cross-site-scripting
1
xxe
1
dtd
1
cheatsheet
1
default-creds
1
gitleaks
1
dynamic-analysis
1
verification
1
precommit
1
leaks
1
fuzzy-matching
1
sensitive-data-exposure
1
gists
1
gist-search
1
github
1
serverless
1
cyint
1
secrets-management
1
passwords
1
secrets-scan
1
lint
1
linter
1
structured-data
1
structured-text
1
yaml-parser
1
json-parser
1
xml-parser
1
security-compliance
1
hardcoded
1
yar
1
s3-bucket
1
utility
1
plugins
1
amazon-s3
1
amazon-s3-bucket
1
amazon-web-services
1
extensions
1
bounty-hunters
1
bounty-hunting-tools
1
tools
1
wordpress
1
wpscan
1
wpvulndb
1
jwt-authentication
1
cracker
1
jwt
1
testing-tools
1
cracking
1
payload-generator
1
hostile
1
subdomain-takeovers
1
wordlist-generator
1
mapping
1
cve-scanner
1
nuclei-engine
1
vulnerability-assessment
1
sn1per
1
sn1per-professional
1
bugbounty-platform
1
pentest-scripts
1
osint-tool
1
osint-framework
1
attacksurface
1
attack-surface-management
1
web-application
1
asset-finder
1
secret-keys
1
scraper
1
zap
1
zap-development
1
dast
1
zaproxy
1
bypass
1
bounty
1
methodology
1
privilege-escalation
1
android
1
vulnerable
1
vulnerable-applications
1
bounty-hunting
1
recon-tool
1
content-security-policy
1
csp
1
offensivesecurity
1
network-security
1
attack-surfaces
1
subdomain-scanner
1
subdomains-enumeration
1
kali-linux
1
subdomains
1
scan
1
virtual-hosts
1
discovery-service
1
virtual-host
1
vhost
1
vhosts
1
hackthebox
1
ctf-tools
1
reverse-lookups
1
network
1
portscanner
1
dns-enumeration
1
port-enumeration
1
directories-enumeration
1
cybersecurity
1
footprinting
1
port
1
networking
1
docker
1
c-plus-plus
1
lua
1
port-scanner
1
machine-learning
1
linux
1
windows
1
osx
1
network-discovery
1
service-discovery
1
asynchronous
1
socket
1
libpcap
1
pcre
1
netcat
1
ping
1
headless
1
screenshot
1
reporting
1
gowitness
1
fingerprint
1
technologies
1
web-inventory
1
python3
1
wappalyzer
1
application-security
1
web-hacking
1
vulnerabilities
1
grunt-plugins
1
javascript
1
vulnerable-libraries
1
insecure-libraries
1
build-tool
1
software-composition-analysis
1
sbom
1
sbom-generator
1
sbom-tool
1
pipeline
1
content-discovery
1
url-bruteforcer
1
dirsearch
1
brute
1
red-teaming
1
perl
1
brute-force
1
dirbuster
1
dirb
1
dictionaries
1
bruteforce
1
bruteforce-wordlist
1
web-content-scanner
1
auditing
1
Clear Filters
race-the-web
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuou…
TheHackerDev
SQLiScanner
Automatic SQL injection with Charles and sqlmap api
0xbug
nosqli
NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Charlie-belmer
sleepy-puppy
Sleepy Puppy XSS Payload Management Framework
Netflix-Skunkworks
dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
hahwul
tracy
A tool designed to assist with finding all sinks and sources of a web application and display these…
nccgroup
bXSS
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site S…
LewisArdern
dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
GoSecure
changeme
A default credential scanner.
ztgrace
gitleaks
Protect and discover secrets using Gitleaks 🔑
gitleaks
3 / 6