public-bugbounty-programs icon indicating copy to clipboard operation
public-bugbounty-programs copied to clipboard

verified publisher icon projectdiscovery

Metadata

Community curated list of public bug bounty and responsible disclosure programs.

trafficstars

Public BugBounty Programs

License contributions welcome Follow on Twitter Chat on Discord

This JSON file controls the public bug bounty programs listed on chaos.projectdiscovery.io. Please create a pull-request with the programs for which you'd like to see recon data.

We are currently accepting entries in JSON format. See an example below:

{
   "name":"HackerOne",
   "url":"https://hackerone.com/security",
   "bounty": true,
   "swag": true,
   "domains":[
      "hackerone.com",
      "hackerone.net",
      "hacker101.com",
      "hackerone-ext-content.com"
   ]
}

💬 Discussions

If you have any questions/doubts/ideas to discuss, please create a "Discussion" using the GitHub Discussions board.

👨‍💻 Community

Join our Discord Community.
Follow @PDChaos and PDiscoveryIO on Twitter.
You can also contact us at [email protected].

📋 Notes

  • Only domain name values are accepted in the domains field.
  • We do not support wildcard input like *.tld or *.tld.*.
  • domains field includes TLD names associated with the target program, not based on scope of the program.
  • Subdomains are populated using Passive API (chaos dataset).

📌 References

  • https://github.com/arkadiyt/bounty-targets-data
  • https://github.com/disclose/diodb/blob/master/program-list.json
  • https://firebounty.com

Thank you for your contribution and for keeping the community vibrant. :heart:

Metadata

1.0k
Stars
356
Forks
Watchers

Owner

verified publisher icon projectdiscovery

Metadata

Community curated list of public bug bounty and responsible disclosure programs.

Back