Source code for Hacker101.com - a free online web and mobile security class.

Top disclosed reports from HackerOne

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A big list of Android Hackerone disclosed reports and other resources.

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. 挖洞辅助工具(漏洞扫描、信息收集)

DarkAngel 是一款全自动白帽漏洞扫描器，从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。

$50 Million CTF from Hackerone - Writeup

Hacker101 CTF Writeup

HackerOne "in scope" domains

Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

Here you can find mostly all disclosed h1 reports

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Bugbounty scope tool

HackerOne资产更新 | 每日更新HackerOne资产，对HackerOne的资产进行爬行和整理，SRC资产更新仅会增加，不会进行删除，每天更新的可以进行差异化对比来获取到新的项目资产范围

A collection of hacker tools using HackerOne's API

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

MCP server that connects AI assistants to HackerOne for bug bounty hunting

Python library and CLI for the Bug Bounty Recon API

Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]

[depreciated] Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd

Collection of Combination of 👨🏻‍💻Ethical Hacking, 🐧Linux, Cyber security, 💰Bug Bounty, Penetration testing, Networking and more IT Related Books that are Publicly Available.

smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter