/public-bugbounty-programs

Community curated list of public bug bounty and responsible disclosure programs.

Primary LanguageGoMIT LicenseMIT

Public BugBounty Programs

License contributions welcome Follow on Twitter Chat on Discord

This JSON file controls the public bug bounty programs listed on chaos.projectdiscovery.io. Please create a pull-request with the programs for which you'd like to see recon data.

We are currently accepting entries in JSON format. See an example below:

{
   "name":"HackerOne",
   "url":"https://hackerone.com/security",
   "bounty": true,
   "swag": true,
   "domains":[
      "hackerone.com",
      "hackerone.net",
      "hacker101.com",
      "hackerone-ext-content.com"
   ]
}

💬 Discussions

If you have any questions/doubts/ideas to discuss, please create a "Discussion" using the GitHub Discussions board.

👨‍💻 Community

Join our Discord Community.
Follow @PDChaos and PDiscoveryIO on Twitter.
You can also contact us at chaos@projectdiscovery.io.

📋 Notes

  • Only domain name values are accepted in the domains field.
  • We do not support wildcard input like *.tld or *.tld.*.
  • domains field includes TLD names associated with the target program, not based on scope of the program.
  • Subdomains are populated using Passive API (chaos dataset).

📌 References

Thank you for your contribution and for keeping the community vibrant. ❤️