YesWeCaido
YesWeCaido is a Caido plugin that allows you to fetch all bug bounty programs on YesWeHack with all their details to your Caido instance.
By default, it will fetch all public programs. If you provide your JWT for your YesWeHack account you will then be able to see the full list of all your private programs.
💡Tips
When you select a program, YesWeCaido can automatically add the scope to Caido along with the custom User-Agent that the program provides.
Find all the details on how to install YesWeCaido at the official Github page:
YesWeBurp
YesWeBurp is a Burp Suite extension that allows you to fetch all bug bounty programs on YesWeHack with all their details to your Burp instance.
By default, it will fetch all public programs. If you log in via the extension, you will be able to see a full list of all your private programs.
Find all the details on how to install YesWeBurp at the official Github page:
PwnFox
PwnFox is a Firefox/Burp extension that has been described as "the IDOR hunter’s best friend."
With Firefox, PwnFox lets you containerize up to eight different sessions within a single browser and view color-coded traffic directly in Burp’s tabs. Features include one-click BurpProxy, Container Profiles, PostMessage Logger, Toolbox Injection, and a Security Header Remover.
Find all the details on how to install PwnFox at the official Github page:
Dom-Explorer
Dom-Explorer is a web tool for testing various HTML parsers and sanitizers - useful for identifying potential XSS mutations.
Supported sanitizers include Ammonia, Angular, DomPurify, JsXss, and SafeValues, while available parsers include DomParser, Parse5, srcdocParser, and TemplateParser. Pipelines can chain multiple parsers to visualize each transformation step-by-step.
They can be shared, embedded in websites, saved/reused, and even synchronized in real time across multiple browser tabs.
Find all the details on how to install Dom-explorer at the official Github page: https://github.com/yeswehack/Dom-Explorer
PP-Finder
A powerful tool for tackling prototype pollution, a JavaScript vulnerability class that can lead to remote code execution.
PP-Finder simplifies the process of identifying prototype pollution candidates and spotting vulnerabilities in JavaScript codebases. It scans all JavaScript files within a target directory and generates an instrumented version, highlighting potentially vulnerable code.source code. Its main purpose is to assist in identifying prototype pollution vectors by scanning and flagging suspicious patterns.
Find all the details on how to install PP-Finder at the official Github page:
Your pwning companion
PwnMachine is a self hosting solution based on docker aiming to provide an easy to use pwning station for bug hunters.
The basic install include a web interface, a DNS server and a reverse proxy.
Readme, Install and details available: here.
XSStools
XSStools is a development framework for cross-site scripting (XSS) exploitation that simplifies payload creation.
Its function library lets you quickly build powerful payloads and wrap them for reuse across different contexts using various built-in wrappers. XSStools also assists with clickjacking exploitation - just provide the target element to generate a proof of concept, a task that’s usually time-consuming. A full collection of exfiltration methods is included. JavaScript framework that simplifies XSS payload development. It lets you easily build, wrap, and exfiltrate data using various methods like postMessage, fetch, or sendBeacon. It includes tools for payload encoding, DOM interaction, clickjacking, and automated keylogging.
Find all the details on how to use xsstools at the official Github page: