A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A complete security assessment tool that supports common web security issues scanning and custom POC | Be sure to read the document before using.

Recon-Ninja

The Nen Book is a list of personal notes and tips collected from a lot of recourses in different categories like: WebApp Security, API Security, Cloud Security, Network Pentesting, Code Review, Thr…

Top disclosed reports from HackerOne

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A cheat sheet that contains advanced queries for SQL Injection of all types.

how to look for Leaked Credentials !

All about bug bounty (bypasses, payloads, and etc)

Pull out bits of URLs provided on stdin

Fetches javascript file from a list of URLS or subdomains.

Mind-Maps of Several Things

10,000 H1 Disclosed Reports

OWASP Web Application Security Testing Checklist

My Private Bug Hunting Methodology

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

List of reporting templates I have used since I started doing BBH.

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

The Bug Hunters Methodology

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Tips and Tutorials for Bug Bounty and also Penetration Tests.