This JSON file controls the public bug bounty programs listed on chaos.projectdiscovery.io. Please create a pull-request with the programs for which you'd like to see recon data.
We are currently accepting entries in JSON format. See an example below:
{
"name":"HackerOne",
"url":"https://hackerone.com/security",
"bounty": true,
"swag": true,
"domains":[
"hackerone.com",
"hackerone.net",
"hacker101.com",
"hackerone-ext-content.com"
]
}
If you have any questions/doubts/ideas to discuss, please create a "Discussion" using the GitHub Discussions board.
Join our Discord Community.
Follow @PDChaos and PDiscoveryIO on Twitter.
You can also contact us at chaos@projectdiscovery.io.
- Only domain name values are accepted in the
domains
field. - We do not support wildcard input like
*.tld
or*.tld.*
. - domains field includes TLD names associated with the target program, not based on scope of the program.
- Subdomains are populated using Passive API (chaos dataset).
- https://github.com/arkadiyt/bounty-targets-data
- https://github.com/disclose/diodb/blob/master/program-list.json
- https://firebounty.com
Thank you for your contribution and for keeping the community vibrant. ❤️