A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Overview

📂 Public Bug Bounty Targets Data


By BugBountyResources

Logo

A collection of over 5.1M sub-domains and assets belonging to bug bounty targets, all put in a single file (using a script ).

Goal of this repo is to track changes in targets and add/remove new/old targets, in order to perform reconnaissance en-masse, by putting them all in one place. Collecting all sub-domains at one place can make certain bulk operations like bulk vulnerability testing by fingerprinting easy, all at once!

Also, it is supposed to work as a mirror of the ProjectDiscovery's public bug bounty assets recon data.

⚒️ Workflow

⚙️ Install & Usage

[email protected]:~/recon/assets# ./targets_extract.py -h
usage: targets_extract.py [-h] [-d DIRECTORY] [-o OUTPUT] [-c PROCESSES]

If needed, specify output directory or, file name. Example:
./targets_extract.py -o assets.txt to store to ./output/assets.txt, optionally
specify directory (./targets_extract.py -d mydir). Also, you can increase
number of processes with -c flag to make it even faster.

optional arguments:
  -h, --help            show this help message and exit
  -d DIRECTORY, --directory DIRECTORY
                        Specify an output directory [Default: ./output]
  -o OUTPUT, --output OUTPUT
                        Specify an output file name [Default: all.txt]
  -c PROCESSES, --processes PROCESSES
                        Specify number of processes for faster extraction
                        [Default: 30]
  • Clone the repo: git clone https://github.com/BugBountyResources/targets.git
  • Navigate into the repo using: cd targets
  • Give execute permissions to script: chmod +x targets_extract.py
  • Run script: ./targets_extract.py

🛠️ Further Customize

  • If you want to add more processes (for download & zip extraction), use the -c flag - ./targets_extract.py -c 60
  • If you want to output to custom file (saved to output/all.txt by default), you can specify the file name in -o flag - ./targets_extract.py -o custom.txt
  • If you want to store output in custom folder add an addition -d flag - ./targets_extract.py -d custom_directory

📊 Stats


File Number of Assets
Download Part 1 2.55M (2,556,493)
Download Part 2 2.55M (2,556,493)

Total collected: 5.1M assets (5,112,986 assets)

ℹ️ Source of Data


Data collected from ProjectDiscovery's Chaos Project.

🙌 Credits


Owner
Bug Bounty Resources
Bug Bounty Resources
Sentinel-1 SAR time series analysis for OSINT use

SARveillance Sentinel-1 SAR time series analysis for OSINT use. Description Generates a time lapse GIF of the Sentinel-1 satellite images for the loca

21 Dec 09, 2022
BloodyAD is an Active Directory Privilege Escalation Framework

BloodyAD Framework BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combi

757 Jan 07, 2023
信息收集自动化工具

水泽-信息收集自动化工具 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 0x01 介绍 作者:Ske 团队:0x727,未来一段时间将陆续开源工具,地址:https://github.com/0x727 定位:协助

0x727 2.7k Jan 09, 2023
Hammer-DDos - Hammer DDos With Python

Hammer-DDos $ apt update $ apt upgrade $ apt install python $ apt install git $

1 Jan 24, 2022
Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

elyesa 5 Nov 09, 2022
This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

Fuzzing PDFs like its 1990s This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things. Some discl

Chaithu 14 Sep 30, 2022
Sample exploits for Zephyr CVE-2021-3625

CVE-2021-3625 This repository contains a few example exploits for CVE-2021-3625. All Zephyr-based usb devices up to (and including) version 2.5.0 suff

7 Nov 10, 2022
NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

NexScanner NexScanner is a tool which helps you scan a website for sub-domains and also to find login pages in the website like the admin login panel

8 Sep 03, 2022
com_media allowed paths that are not intended for image uploads to RCE

CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs

KIEN HOANG 67 Nov 09, 2022
Open Source Tool - Cybersecurity Graph Database in Neo4j

GraphKer Open Source Tool - Cybersecurity Graph Database in Neo4j |G|r|a|p|h|K|e|r| { open source tool for a cybersecurity graph database in neo4j } W

Adamantios - Marios Berzovitis 27 Dec 06, 2022
Kunyu, more efficient corporate asset collection

Kunyu(坤舆) - More efficient corporate asset collection English | 中文文档 0x00 Introduce Tool introduction Kunyu (kunyu), whose name is taken from , is act

Knownsec, Inc. 772 Jan 05, 2023
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022
Detection tool of malware(s) by checksum (useful for forensic)

🐍 malware_checker.py Detection tool of malware(s) by checksum (useful for forensic) 📦 Dependencies installation $ pip3 install -r requirements.txt

Fayred 1 Jan 30, 2022
Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

evil-stalker How to run First of all, you must install the necessary libraries.

rock3d 6 Nov 16, 2022
This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

신재욱 17 Sep 25, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

Cracker 331 Jan 01, 2023
Deobfuscate Log4Shell payloads with ease

Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release

Oxeye 137 Jan 02, 2023
A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

X-Force Red 26 Mar 15, 2022
Hashpic - Hashpic creates an image from a MD5 or SHA512 hash

Hashpic Hashpic creates an image from the MD5 hash of your input. Since v0.2.0 i

0xflotus 15 Nov 23, 2022
SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

Andri Wahyudi 13 Jul 04, 2021