Practical Bug Bounty
Home
Bug Bounty Course
Knowledge Base
Resources
Challenges
Platforms
Programs
Philosophy
Contribute
Community
About
Contact
Bug Bounty Resources
Discover Blog Posts, Articles, Repositories, Videos, HackerOne Reports.
Search
Resource Types
Blog Post
10
GitHub Repository
305
Article
172
Video
17
HackerOne Report
11965
Tags
security
58
security-tools
20
bugbounty
17
penetration-testing
15
hacking
12
hacktoberfest
12
pentesting
11
golang
11
infosec
11
reconnaissance
9
osint
8
scanner
7
recon
7
enumeration
7
secrets
7
security-scanner
6
secrets-detection
5
devsecops
5
hacking-tool
5
bug-bounty
4
go
4
web
4
appsec
4
xss
3
rust
3
chrome-extension
3
python
3
chrome
3
pentest-tool
3
redteam
3
secret
3
scanning
3
credentials
3
fuzzer
3
github-api
3
pentest
3
awesome
2
secret-management
2
owasp
2
list
2
vulnerability
2
awesome-list
2
pentesting-tools
2
security-vulnerability
2
vulnerability-detection
2
attack-surface
2
ruby
2
penetration-testing-tools
2
bugbounty-tool
2
hacking-tools
2
firefox-extension
2
s3
2
aws
2
nmap
2
security-audit
2
penetration-test
2
tool
2
information-gathering
2
web-application-security
2
fuzzing
2
wordlist
2
subdomain-takeover
2
xss-detection
2
bug
2
oscp
2
chrome-headless
2
chromium
2
screenshots
2
blueteam
2
crawler
2
crawling
2
offensive-security
2
headless-chrome
2
git
2
trufflehog
2
information-retrieval
2
subdomain
2
endpoints
1
endpoint-discovery
1
gau
1
wayback-machine
1
alienvault
1
parser
1
payloads
1
fuzz
1
api
1
automation
1
rails
1
exploitation
1
vulnerability-scanner
1
takeover
1
ethical-hacking
1
traversal
1
lfi
1
rfi
1
directory-traversal
1
path-traversal
1
web-security
1
file-include
1
lfi-shells
1
lfi-vulnerability
1
inclusion
1
directory-traversal-vulnerability
1
graphql
1
nosql-injection
1
pentest-tools
1
race-conditions
1
devops-tools
1
sqlmap
1
nosql
1
mongodb
1
sqlmapapi
1
autoscan
1
sqlmap-webui
1
security-automation
1
sqlinjection
1
xss-scanner
1
xss-exploit
1
xss-bruteforce
1
payload
1
cicd-pipeline
1
bugbountytips
1
browser-extension
1
firefox
1
firefox-addon
1
bxss
1
cross-site-scripting
1
xxe
1
dtd
1
cheatsheet
1
default-creds
1
gitleaks
1
dynamic-analysis
1
verification
1
precommit
1
leaks
1
fuzzy-matching
1
sensitive-data-exposure
1
gists
1
gist-search
1
github
1
serverless
1
cyint
1
secrets-management
1
passwords
1
secrets-scan
1
lint
1
linter
1
structured-data
1
structured-text
1
yaml-parser
1
json-parser
1
xml-parser
1
security-compliance
1
hardcoded
1
yar
1
s3-bucket
1
utility
1
plugins
1
amazon-s3
1
amazon-s3-bucket
1
amazon-web-services
1
extensions
1
bounty-hunters
1
bounty-hunting-tools
1
tools
1
wordpress
1
wpscan
1
wpvulndb
1
jwt-authentication
1
cracker
1
jwt
1
testing-tools
1
cracking
1
payload-generator
1
hostile
1
subdomain-takeovers
1
wordlist-generator
1
mapping
1
cve-scanner
1
nuclei-engine
1
vulnerability-assessment
1
sn1per
1
sn1per-professional
1
bugbounty-platform
1
pentest-scripts
1
osint-tool
1
osint-framework
1
attacksurface
1
attack-surface-management
1
web-application
1
asset-finder
1
secret-keys
1
scraper
1
zap
1
zap-development
1
dast
1
zaproxy
1
bypass
1
bounty
1
methodology
1
privilege-escalation
1
android
1
vulnerable
1
vulnerable-applications
1
bounty-hunting
1
recon-tool
1
content-security-policy
1
csp
1
offensivesecurity
1
network-security
1
attack-surfaces
1
subdomain-scanner
1
subdomains-enumeration
1
kali-linux
1
subdomains
1
scan
1
virtual-hosts
1
discovery-service
1
virtual-host
1
vhost
1
vhosts
1
hackthebox
1
ctf-tools
1
reverse-lookups
1
network
1
portscanner
1
dns-enumeration
1
port-enumeration
1
directories-enumeration
1
cybersecurity
1
footprinting
1
port
1
networking
1
docker
1
c-plus-plus
1
lua
1
port-scanner
1
machine-learning
1
linux
1
windows
1
osx
1
network-discovery
1
service-discovery
1
asynchronous
1
socket
1
libpcap
1
pcre
1
netcat
1
ping
1
headless
1
screenshot
1
reporting
1
gowitness
1
fingerprint
1
technologies
1
web-inventory
1
python3
1
wappalyzer
1
application-security
1
web-hacking
1
vulnerabilities
1
grunt-plugins
1
javascript
1
vulnerable-libraries
1
insecure-libraries
1
build-tool
1
software-composition-analysis
1
sbom
1
sbom-generator
1
sbom-tool
1
pipeline
1
content-discovery
1
url-bruteforcer
1
dirsearch
1
brute
1
red-teaming
1
perl
1
brute-force
1
dirbuster
1
dirb
1
dictionaries
1
bruteforce
1
bruteforce-wordlist
1
web-content-scanner
1
auditing
1
Clear Filters
s3reverse
The format of various s3 buckets is convert in one format. for bugbounty and security testing.
hahwul
S3BucketList
Chrome extension that lists Amazon S3 Buckets while browsing
AlecBlance
s3_objects_check
Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
nccgroup
wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test …
wpscanteam
c-jwt-cracker
JWT brute force cracker written in C
brendan-rius
jwt-hack
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate p…
hahwul
subjack
Subdomain Takeover tool written in Go
haccer
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
EdOverflow
second-order
Second-order subdomain takeover scanner
mhmdiaa
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
projectdiscovery
5 / 6