A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
A list of resources for those interested in getting started in bug bounties
翻译 - 那些有兴趣开始赏金的人的资源列表
该仓库提供了精选的 Nuclei 模板。Nuclei 是一个基于YAML模板,自定义的漏洞扫描工具。
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
翻译 - httpx是一种快速且多功能的HTTP工具包,允许使用retryablehttp库运行多个探测器,它旨在通过增加线程来保持结果的可靠性。
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
翻译 - reNgine是一个自动侦察框架,用于在Web应用程序的渗透测试期间收集信息。 reNgine具有可自定义的扫描引擎,可用于扫描网站,端点和收集信息。
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
翻译 - Web 安全测试指南是一个全面的开源指南,用于测试 Web 应用程序和 Web 服务的安全性。
Collection of methodology and test case for various web vulnerabilities.
翻译 - 寻找该漏洞时需要做的一些教程和事情。
An HTTP toolkit for security research.
翻译 - Hetty是用于安全性研究的HTTP工具包。它旨在成为Burp Suite Pro等商业软件的开源替代品,并具有针对信息安全和漏洞赏金社区需求而定制的强大功能。
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
翻译 - 简单的脚本进行全面侦察
#速查表 cheatsheets#One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
翻译 - 所有默认凭据的一个地方,可以帮助蓝色/红色团队成员活动查找具有默认密码password️的设备
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Scanning APK file for URIs, endpoints & secrets.
翻译 - 扫描URI,端点和秘密的APK文件。
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
翻译 - 灵感来自https://github.com/ngalongc/bug-bounty-reference的Bugbounty撰写的精选清单(Bug type wise)
Automated All-in-One OS Command Injection Exploitation Tool.
翻译 - 自动化的多合一OS命令注入和利用工具。
#网络爬虫#Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
翻译 - 简单,快速的Web搜寻器,旨在轻松,快速地发现Web应用程序中的端点和资产