Source code for Hacker101.com - a free online web and mobile security class.

Top disclosed reports from HackerOne

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A big list of Android Hackerone disclosed reports and other resources.

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. 挖洞辅助工具(漏洞扫描、信息收集)

Hacker101 CTF Writeup

HackerOne "in scope" domains

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Bugbounty scope tool

MCP server that connects AI assistants to HackerOne for bug bounty hunting

Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools

A collection of hacker tools using HackerOne's API

Open-source Claude Code skills, agents, and slash commands for AI-powered penetration testing, bug bounty hunting, and security research