hktalent/public-bugbounty-programs

Community curated list of public bug bounty and responsible disclosure programs.

Public BugBounty Programs

This JSON file controls the public bug bounty programs listed on chaos.projectdiscovery.io. Please create a pull-request with the programs for which you'd like to see recon data.

We are currently accepting entries in JSON format. See an example below:

{
   "name":"HackerOne",
   "url":"https://hackerone.com/security",
   "bounty": true,
   "swag": true,
   "domains":[
      "hackerone.com",
      "hackerone.net",
      "hacker101.com",
      "hackerone-ext-content.com"
   ]
}

💬 Discussions

If you have any questions/doubts/ideas to discuss, please create a "Discussion" using the GitHub Discussions board.

👨‍💻 Community

Join our Discord Community.
Follow @PDChaos and PDiscoveryIO on Twitter.
You can also contact us at chaos@projectdiscovery.io.

📋 Notes

• Only domain name values are accepted in the domains field.
• We do not support wildcard input like *.tld or *.tld.*.
• domains field includes TLD names associated with the target program, not based on scope of the program.
• Subdomains are populated using Passive API (chaos dataset).

📌 References

• https://github.com/arkadiyt/bounty-targets-data
• https://github.com/disclose/diodb/blob/master/program-list.json
• https://firebounty.com

Thank you for your contribution and for keeping the community vibrant. ❤️