• Stars
    star
    225
  • Rank 177,187 (Top 4 %)
  • Language
    PHP
  • Created over 6 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tools and datas related to Bug Bounty.

Last update: 2019-01-07



hackerone

Link: https://hackerone.com/
Country: US
Registration: public
Researchers: ?
Programs: 1200+
Visibility: public, private
Public disclosure: yes
Reputation: based on reports status and rewards
Additional metrics: signal, impact, badges
Payout methods: Paypal, Coinbase, bank transfer

Bugcrowd

Link: https://www.bugcrowd.com/
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation (kudos): based on reports criticity
Additional metrics: accuracy
Payout methods: Paypal, Payoneer


Yes We Hack (previously Bounty Factory)

Link: https://www.yeswehack.com/en/
Country: France
Registration: public
Researchers: ~750
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based on reports status, rewards and reports quality
Additional metrics: no
Payout methods: bank transfer


Yogosha

Link: https://www.yogosha.com/
Country: France
Registration: test required
Researchers: ~150
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: ?
Additional metrics: reports quality
Payout methods: bank transfer


HackenProof

Link: https://hackenproof.com/
Country: Estonia
Registration: public
Researchers: ~1000
Programs: ?
Visibility: public, private, vetted
Public disclosure: yes
Reputation: reports status and reports severity
Additional metrics: -
Payout methods: HKN (Hacken crypto currency)


cobalt

Link: https://cobalt.io/
Country: US
Registration: invitation required
Researchers: ?
Programs: ?
Visibility: invite only
Public disclosure: no
Reputation: none
Additional metrics: no
Payout methods: Paypal, Bitcoin


Synack Red Team

Link: https://www.synack.com/red-team/
Country: US
Registration: tutorial, video interview, technical assessments, background check, ID verification
Researchers: ~3000
Programs: ?
Visibility: private
Public disclosure: no
Reputation: reports quality, rewards, target hardening
Additional metrics: ?
Payout methods: Paypal


Intigriti

Link: https://www.intigriti.com/
Country: Belgium
Registration: public
Researchers: ?
Programs: ?
Visibility: public, confidential, private, vetted
Public disclosure: no
Reputation: based on reports criticity
Additional metrics: quality score
Payout methods: bank transfer


Zerocopter

Link: https://www.zerocopter.com/
Country: Netherlands
Registration: disabled
Researchers: ?
Programs: ?
Visibility: private, vetted
Public disclosure: no
Reputation: no
Additional metrics: no
Payout methods: Paypal, Bitcoin, bank transfer
Extra info: Rewards fixed by the platform (https://www.zerocopter.com/en/vulnerability-price-list)


Detectify

Link: https://cs.detectify.com/
Country: Sweden
Registration: invite only
Researchers: 150+
Programs: N/A
Visibility: private
Public disclosure: no
Reputation: vulnerability severity and popularity
Additional metrics: ?
Payout methods: payment handled through Bugcrowd
Extra infos: Vulnerabilities are submitted to Detectify continuously, implemented into Detectify scanners and researchers are rewarded as their vulnerabilities are found in Detectify customer's scans, a unique model which separates Detectify Crowdsource from other platforms. Detectify does not work with programs in that sense, but instead focus Detectify researchers' attention towards technology types used by a range of companies.

AntiHack.me

Link: https://www.antihack.me/
Country: Singapore
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based reports status and rewards
Additional metrics: hit rate, impact
Payout methods: Paypal


BugBounty.jp

Link: https://bugbounty.jp/
Country: Japan
Registration: public
Researchers: ~1500
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based on reports status and rewards
Additional metrics: -
Payout methods: Paypal, bank transfer (Japan)


CESPPA

Link: https://www.cesppa.com/
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private, exclusive
Public disclosure: no
Reputation: work in progress
Additional metrics: no
Payout methods: Paypal, cryptocurrency (BTC, LTC, ETH)
Extra infos: Triage team can be reached on Bug Bounty World slack at #cesppa

SafeHats

Link: https://safehats.com/
Country: India
Registration: public
Researchers: ?
Programs: ?
Visibility: private
Public disclosure: ?
Reputation (karma score): reports status and rewards
Additional metrics: relevancy score, bounty score
Payout methods: Paypal, Bitcoin


Federacy

Link: https://www.federacy.com/
Country: US
Registration: public
Researchers: ~20
Programs: ~20
Visibility: public, private
Public disclosure: no
Reputation: work in progress
Additional metrics: no
Payout methods: Paypal, Venmo, Bitcoin, Ethereum, Stripe on the way
Extra infos: Currently in a closed beta. If you signed up without an invitation code, there is a hard limit set on your account allowing only 3 reports to be submitted per week.

Hacktrophy

Link: https://hacktrophy.com/en/
Country: Slovak Republic
Registration: public
Researchers: 600+
Programs: ?
Visibility: public, private
Public disclosure: yes
Reputation: no
Additional metrics: no
Payout methods: Paypal, Bitcoin, bank transfer
Extra infos: Programs set reward limit by month/year.

Hackrfi

Link: https://hackr.fi/en/
Country: Finland
Registration: public
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: Paypal, bank transfer (Finland)


Open Bug Bounty

Link: https://www.openbugbounty.org/
Country: ?
Registration: public
Researchers: 7500+
Programs: N/A
Visibility: N/A
Public disclosure: yes
Reputation: ?
Additional metrics: recommendations, badges
Payout methods: up to the company
Extra infos: Open Bug Bounty is a non-profit Bug Bounty platform. The responsible disclosure platform allows independent security researchers to report XSS and similar security vulnerabilities on any website they discover.


BountyGraph

Link: https://bountygraph.com/ (closed)
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: Paypal, Stripe


BugsBounty

Link: https://bugsbounty.io/
Country: India
Registration: currently running internally
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: ?


Crowd Shield

Link: https://crowdshield.com/
Country: CA
Registration: public
Researchers: ?
Programs: ~20
Visibility: public, private
Public disclosure: yes
Reputation: reports criticity
Additional metrics: ?
Payout methods: ?


Cyber Army

Link: https://www.cyberarmy.id/
Country: Indonesia
Registration: public
Researchers: ~20
Programs: ~10
Visibility: ?
Public disclosure: no
Reputation: ?
Additional metrics: ?
Payout methods: ?


BugBountyZone

Link: https://www.bugbountyzone.com/
Country: France
Registration: good luck
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: ?


Secuna

Link: https://secuna.io/
Country: Philippines
Registration: Background check, ID verification, Video interview
Researchers: 100+
Programs: 5+
Visibility: Public, Private
Public disclosure: Yes
Reputation: Based on report status
Additional metrics: ?
Payout methods: PayPal and Bitcoin


0 day platforms:



Zerodium

Link: https://zerodium.com/
Country: US
Registration: no need
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: N/A
Additional metrics: N/A
Payout methods: wire transfer, Bitcoin


Zero Day Initiative

Link: https://www.zerodayinitiative.com/
Country: US
Registration: public
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: ?
Additional metrics: ?
Payout methods: wire transfer


Crowdfense

Link: https://www.crowdfense.com/
Country: UAE
Registration: no need
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: N/A
Additional metrics: N/A
Payout methods: ?


More Repositories

1

pentest-tools

A collection of custom security tools for quick needs.
Python
2,971
star
2

github-search

A collection of tools to perform searches on GitHub.
Python
1,233
star
3

github-subdomains

Find subdomains on GitHub.
Go
663
star
4

s3-buckets-finder

Find AWS S3 buckets and test their permissions.
PHP
353
star
5

cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare.
Python
258
star
6

github-endpoints

Find endpoints on GitHub.
Go
184
star
7

offsectools_www

A vast collection of security tools and resources curated by the community.
HTML
177
star
8

DataExtractor

A Burp Suite extension to extract datas from source code while browsing.
Python
136
star
9

related-domains

Find related domains of a given domain.
Python
84
star
10

dnspy

Find subdomains and takeovers.
Python
83
star
11

vhost-brute

A PHP tool to brute force vhost configured on a server.
PHP
78
star
12

actarus

Actarus is a custom tool for bug bounty
HTML
76
star
13

bugbountytips

Webapp to search tips on Twitter through #bugbountytips
CSS
67
star
14

github-regexp

Basically a regexp over a GitHub search.
Go
61
star
15

gitlab-subdomains

Find subdomains on GitLab.
Go
60
star
16

myrecon.py

My recon script
Python
52
star
17

keyhacks.sh

Automation of tokens/api keys testing.
Shell
48
star
18

google-search

Returns results from Google search.
Python
43
star
19

bxss

Alternative to XSS Hunter for blind XSS.
PHP
40
star
20

BBstats

Bug Bounty statistics tool.
PHP
30
star
21

BBvuln

A listing of the most common vuln that you can link in your PoCs
25
star
22

testxss

PHP tool to test XSS
PHP
22
star
23

favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.
Python
22
star
24

detectify-cves

Find CVEs that don't have a Detectify modules.
Python
20
star
25

csp-analyzer

Analyze Content-Security-Policy header of a given URL.
Python
15
star
26

gitgrep

Webapp to perform regexp search over GitHub search.
PHP
14
star
27

dnsexpire

Test domain expiration dates.
PHP
13
star
28

apk-analyzer

Analyze an APK archive.
Python
13
star
29

extract-endpoints

Extract endpoints from source files.
PHP
11
star
30

urlgrabber

PHP tool to grab urls of a specific site.
PHP
11
star
31

gitpillage

Extract data from a .git directory.
Python
10
star
32

shotTheWorld

PHP tool that takes screenshots of a given ips/ports combo list and then try to guess the service.
PHP
9
star
33

graphql-introspection-analyzer

Graphql introspection query analyzer.
Python
8
star
34

php-stegano-lsb

Hide file using Least Significant bits method.
PHP
7
star
35

testidor

PHP tool to test IDOR
PHP
6
star
36

dotfiles

me dotfiles
Shell
6
star
37

3rdparty-services

PHP tool to test 3rd party service validity
PHP
6
star
38

gwen001

6
star
39

autoknoxss

Custom PHP tool to automate calls to KNOXSS
PHP
6
star
40

act_custom

Custom scripts for Actarus
PHP
5
star
41

testcrlf

PHP tool to test CRLF
PHP
5
star
42

icmp-send-file

send file with ping
Shell
4
star
43

ipsites

PHP tool to find websites hosted by a given ip
PHP
4
star
44

thegarden

Vulnerable web application made with Laravel.
JavaScript
4
star
45

testcors

PHP tool to test CORS
PHP
3
star
46

testionion

PHP script to find onion websites
PHP
3
star
47

10degres.net_jenkins

http://10degres.net
HTML
3
star
48

testcsrf

PHP tool to test CSRF
PHP
3
star
49

ultimate-open-redirect

PHP tool to test open redirect
PHP
3
star
50

testssrf

PHP tool to test SSRF
PHP
3
star
51

MyPhpDirb

GoBuster like written in PHP
PHP
2
star
52

setricks

Small search engine tool usefull to find the position of a given website
PHP
2
star
53

gwen001.github.io

Silence is golden.
Go
2
star
54

testgo

my golang test
Go
1
star
55

poc_subto

JavaScript
1
star
56

github-stargizer

View stars evolution of GitHub repositories.
PHP
1
star