Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.
-
Updated
Jul 14, 2026 - Python
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.
Web path scanner
AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.
A Claude Code skill bundle for bug hunting and external red-team work — 71 skills, 15 slash commands, 681 disclosed-report patterns curated across 24 core vulnerability classes, plus enterprise identity + infrastructure attack matrices.
ChatGPT Plus/Team/Pro 订阅协议端到端重放工具集 · hCaptcha 视觉求解器 · 反欺诈机制实证研究 / End-to-end protocol replay toolkit for ChatGPT Plus/Team/Pro subscription with from-scratch hCaptcha solver and empirical anti-fraud research
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Obtain GraphQL API schema even if the introspection is disabled
Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
Open-source vulnerability disclosure and bug bounty program database
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔
Bug bounty agent framework for Claude Code, Codex, Gemini, Cursor, Windsurf, Copilot, and OpenClaw — 48 agents, 26 commands, 19 CLI tools, 2 MCP servers, autonomous hunt loops, exploit chain builder.
162 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with origin IP discovery, subdomain takeover, GitHub secret hunting, browser fingerprint evasion, SCADA enumeration, and automated CMS detection.
ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
Pentesting automation platform that combines hacking tools to complete assessments
A modern tool written in Python that automates your xss findings.
A python tool to check subdomain takeover vulnerability
MCP server that connects AI assistants to HackerOne for bug bounty hunting