awesome-bugbounty-tools/README.md

# Awesome Bug Bounty Tools [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

> Curated list of various bug bounty tools

## Contents

- [Recon](#Recon)
    - [Subdomains](#Subdomains)
    - [Ports](#Ports)
    - [Screenshots](#Screenshots)
    - [Technologies](#Technologies)
    - [Files/directories](#Files/directories)
    - [Secrets](#Secrets)
    - [Buckets](#Buckets)
    - [Git](#Git)

- [Exploitation](#Exploitation)
    - [CMS](#)
    - [Command Injection](#)
    - [CORS Misconfiguration](CORS Misconfiguration)
    - [CRLF Injection](#)
    - [CSRF Injection](#)
    - [Directory Traversal](#)
    - [File Inclusion](#)
    - [GraphQL Injection](#)
    - [HTTP Parameter Pollution](#)
    - [Insecure Deserialization](#)
    - [Insecure Direct Object References](#)
    - [JSON Web Token](#JSON Web Token)
    - [Open Redirect](#)
    - [Race Condition](#)
    - [Request Smuggling](#)
    - [Server Side Request Forgery](#)
    - [SQL Injection](#)
    - [Subdomain takeover](#)
    - [XSS Injection](#)
    - [XXE Injection](#)
    - [postMessage](#postMessage)


---

## Exploitation

Lorem ipsum dolor sit amet

### CORS Misconfiguration

Lorem ipsum dolor sit amet

- [Corsy](https://github.com/s0md3v/Corsy) - CORS Misconfiguration Scanner
- [CORStest](https://github.com/RUB-NDS/CORStest) - A simple CORS misconfiguration scanner
- [cors-scanner](https://github.com/laconicwolf/cors-scanner) - A multi-threaded scanner that helps identify CORS flaws/misconfigurations


### JSON Web Token

Lorem ipsum dolor sit amet

- [jwt_tool](https://github.com/ticarpi/jwt_tool) - A toolkit for testing, tweaking and cracking JSON Web Tokens
- [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) - JWT brute force cracker written in C
- [jwt-heartbreaker](https://github.com/wallarm/jwt-heartbreaker) - The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
- [jwtear](https://github.com/KINGSABRI/jwtear) - Modular command-line tool to parse, create and manipulate JWT tokens for hackers
- [jwt-key-id-injector](https://github.com/dariusztytko/jwt-key-id-injector) - Simple python script to check against hypothetical JWT vulnerability.

### Server Side Request Forgery

Lorem ipsum dolor sit amet

- [SSRFmap](https://github.com/swisskyrepo/SSRFmap) - Automatic SSRF fuzzer and exploitation tool
- [Gopherus](https://github.com/tarunkant/Gopherus) - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
- [ground-control](https://github.com/jobertabma/ground-control) - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
- [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
- [SSRFire](https://github.com/micha3lb3n/SSRFire) - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
- [httprebind](https://github.com/daeken/httprebind) - Automatic tool for DNS rebinding-based SSRF attacks
- [ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff) - A simple SSRF-testing sheriff written in Go
- [B-XSSRF](https://github.com/SpiderMate/B-XSSRF) - Toolkit to detect and keep track on Blind XSS, XXE & SSRF
- [extended-ssrf-search](https://github.com/Damian89/extended-ssrf-search) - Smart ssrf scanner using different methods like parameter brute forcing in post and get...
- [gaussrf](https://github.com/KathanP19/gaussrf) - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.
- [ssrfDetector](https://github.com/JacobReynolds/ssrfDetector) - Server-side request forgery detector
- [grafana-ssrf](https://github.com/RandomRobbieBF/grafana-ssrf) - Authenticated SSRF in Grafana
- [sentrySSRF](https://github.com/xawdxawdx/sentrySSRF) - Tool to searching sentry config on page or in javascript files and check blind SSRF


- []() - 
- []() - 
- []() - 
- []() - 
- []() - 
- []() - 
- []() - 
- []() - 


### postMessage

Lorem ipsum dolor sit amet

- [postMessage-tracker](https://github.com/fransr/postMessage-tracker) - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
- [PostMessage_Fuzz_Tool](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool) - #BugBounty #BugBounty Tools #WebDeveloper Tool

## Contribute

Contributions welcome! Read the [contribution guidelines](contributing.md) first.


## License

[![CC0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0)

To the extent possible under law, vavkamil has waived all copyright and
related or neighboring rights to this work.
Update README.md 2021-01-11 12:41:11 -07:00			`# Awesome Bug Bounty Tools [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)`

			`> Curated list of various bug bounty tools`

			`## Contents`

Update README.md 2021-01-11 14:16:06 -07:00			`- [Recon](#Recon)`
			`- [Subdomains](#Subdomains)`
			`- [Ports](#Ports)`
			`- [Screenshots](#Screenshots)`
			`- [Technologies](#Technologies)`
Update README.md 2021-01-11 14:21:01 -07:00			`- [Files/directories](#Files/directories)`
Update README.md 2021-01-11 14:16:06 -07:00			`- [Secrets](#Secrets)`
			`- [Buckets](#Buckets)`
			`- [Git](#Git)`

			`- [Exploitation](#Exploitation)`
			`- [CMS](#)`
			`- [Command Injection](#)`
Update README.md 2021-01-11 14:42:53 -07:00			`- [CORS Misconfiguration](CORS Misconfiguration)`
Update README.md 2021-01-11 14:16:06 -07:00			`- [CRLF Injection](#)`
			`- [CSRF Injection](#)`
			`- [Directory Traversal](#)`
			`- [File Inclusion](#)`
			`- [GraphQL Injection](#)`
			`- [HTTP Parameter Pollution](#)`
			`- [Insecure Deserialization](#)`
			`- [Insecure Direct Object References](#)`
Update README.md 2021-01-11 14:21:01 -07:00			`- [JSON Web Token](#JSON Web Token)`
Update README.md 2021-01-11 14:16:06 -07:00			`- [Open Redirect](#)`
			`- [Race Condition](#)`
			`- [Request Smuggling](#)`
			`- [Server Side Request Forgery](#)`
			`- [SQL Injection](#)`
			`- [Subdomain takeover](#)`
			`- [XSS Injection](#)`
			`- [XXE Injection](#)`
Update README.md 2021-01-11 14:42:53 -07:00			`- [postMessage](#postMessage)`
Update README.md 2021-01-11 14:16:06 -07:00

Update README.md 2021-01-11 12:41:11 -07:00			`---`

Update README.md 2021-01-11 14:21:01 -07:00			`## Exploitation`
Update README.md 2021-01-11 12:41:11 -07:00
			`Lorem ipsum dolor sit amet`

Update README.md 2021-01-11 14:42:53 -07:00			`### CORS Misconfiguration`
Update README.md 2021-01-11 12:41:11 -07:00
Update README.md 2021-01-11 14:42:53 -07:00			`Lorem ipsum dolor sit amet`

			`- [Corsy](https://github.com/s0md3v/Corsy) - CORS Misconfiguration Scanner`
			`- [CORStest](https://github.com/RUB-NDS/CORStest) - A simple CORS misconfiguration scanner`
			`- [cors-scanner](https://github.com/laconicwolf/cors-scanner) - A multi-threaded scanner that helps identify CORS flaws/misconfigurations`




			`### JSON Web Token`

			`Lorem ipsum dolor sit amet`

			`- [jwt_tool](https://github.com/ticarpi/jwt_tool) - A toolkit for testing, tweaking and cracking JSON Web Tokens`
			`- [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) - JWT brute force cracker written in C`
			`- [jwt-heartbreaker](https://github.com/wallarm/jwt-heartbreaker) - The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources`
			`- [jwtear](https://github.com/KINGSABRI/jwtear) - Modular command-line tool to parse, create and manipulate JWT tokens for hackers`
			`- [jwt-key-id-injector](https://github.com/dariusztytko/jwt-key-id-injector) - Simple python script to check against hypothetical JWT vulnerability.`
Update README.md 2021-01-11 12:41:11 -07:00
Update README.md 2021-01-11 14:42:53 -07:00			`### Server Side Request Forgery`

			`Lorem ipsum dolor sit amet`

			`- [SSRFmap](https://github.com/swisskyrepo/SSRFmap) - Automatic SSRF fuzzer and exploitation tool`
			`- [Gopherus](https://github.com/tarunkant/Gopherus) - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers`
			`- [ground-control](https://github.com/jobertabma/ground-control) - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.`
			`- [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep`
			`- [SSRFire](https://github.com/micha3lb3n/SSRFire) - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects`
			`- [httprebind](https://github.com/daeken/httprebind) - Automatic tool for DNS rebinding-based SSRF attacks`
			`- [ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff) - A simple SSRF-testing sheriff written in Go`
			`- [B-XSSRF](https://github.com/SpiderMate/B-XSSRF) - Toolkit to detect and keep track on Blind XSS, XXE & SSRF`
			`- [extended-ssrf-search](https://github.com/Damian89/extended-ssrf-search) - Smart ssrf scanner using different methods like parameter brute forcing in post and get...`
			`- [gaussrf](https://github.com/KathanP19/gaussrf) - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.`
			`- [ssrfDetector](https://github.com/JacobReynolds/ssrfDetector) - Server-side request forgery detector`
			`- [grafana-ssrf](https://github.com/RandomRobbieBF/grafana-ssrf) - Authenticated SSRF in Grafana`
			`- [sentrySSRF](https://github.com/xawdxawdx/sentrySSRF) - Tool to searching sentry config on page or in javascript files and check blind SSRF`


			`- []() -`
			`- []() -`
			`- []() -`
			`- []() -`
			`- []() -`
			`- []() -`
			`- []() -`
			`- []() -`


			`### postMessage`

			`Lorem ipsum dolor sit amet`
Update README.md 2021-01-11 12:41:11 -07:00
Update README.md 2021-01-11 14:42:53 -07:00			`- [postMessage-tracker](https://github.com/fransr/postMessage-tracker) - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon`
			`- [PostMessage_Fuzz_Tool](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool) - #BugBounty #BugBounty Tools #WebDeveloper Tool`
Update README.md 2021-01-11 12:41:11 -07:00
			`## Contribute`

			`Contributions welcome! Read the [contribution guidelines](contributing.md) first.`


			`## License`

			`[![CC0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0)`

			`To the extent possible under law, vavkamil has waived all copyright and`
			`related or neighboring rights to this work.`