A collection of various awesome lists for hackers, pentesters and security researchers

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org

Web path scanner

A list of resources for those interested in getting started in bug bounties

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

All about bug bounty (bypasses, payloads, and etc)

The all-in-one browser extension for offensive security professionals 🛠

A list of interesting payloads, tips and tricks for bug bounty hunters.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

A curated list of various bug bounty tools

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

A collection of awesome one-liner scripts especially for bug bounty tips.

This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".

🕵️ OSINT Tools for gathering information and actions forensics 🕵️

Semi-automatic OSINT framework and package manager

This is a resource factory for anyone looking forward to starting bug hunting and would require guidance as a beginner.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

This challenge is Inon Shkedy's 31 days API Security Tips.

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!