public-bugbounty-programs
Community curated list of public bug bounty and responsible disclosure programs.
Top Related Projects
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
A list of resources for those interested in getting started in bug bounties
A list of interesting payloads, tips and tricks for bug bounty hunters.
Quick Overview
The projectdiscovery/public-bugbounty-programs repository is a curated list of public bug bounty programs available on various platforms. It provides a centralized resource for security researchers and ethical hackers to find and participate in bug bounty programs across different organizations and industries.
Pros
- Comprehensive collection of public bug bounty programs
- Regularly updated with new programs and changes
- Easy-to-read JSON format for programmatic access
- Includes information on program scope, rewards, and platforms
Cons
- May not include all available bug bounty programs
- Requires manual updates, which could lead to outdated information
- Limited additional details beyond basic program information
- Lacks built-in search or filtering capabilities
As this is not a code library, we'll skip the code examples and getting started instructions sections.
Competitor Comparisons
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Pros of bounty-targets-data
- More frequent updates (daily) compared to weekly updates
- Includes additional data sources like HackerOne and Bugcrowd
- Provides data in multiple formats (JSON, CSV, TXT)
Cons of bounty-targets-data
- Less user-friendly for manual browsing due to data format
- Requires additional processing to extract specific program details
- May include some outdated or inactive programs
Code comparison
bounty-targets-data:
require 'net/https'
require 'uri'
def download_raw_file(url)
uri = URI.parse(url)
response = Net::HTTP.get_response(uri)
response.body.force_encoding('UTF-8')
end
public-bugbounty-programs:
import requests
import json
def fetch_programs():
url = "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/main/programs.json"
response = requests.get(url)
return json.loads(response.text)
Both repositories aim to provide information about bug bounty programs, but they differ in their approach and data presentation. bounty-targets-data offers more frequent updates and diverse data sources, while public-bugbounty-programs provides a more curated and easily browsable list of programs. The code snippets demonstrate the different languages and methods used to fetch data in each project.
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Pros of Awesome-Bugbounty-Writeups
- Provides a curated list of high-quality bug bounty writeups, offering valuable learning resources
- Organized by vulnerability types, making it easier to find specific examples
- Includes a section on tools and resources for bug bounty hunting
Cons of Awesome-Bugbounty-Writeups
- Focuses on writeups rather than providing a comprehensive list of active bug bounty programs
- May not be as frequently updated as Public-bugbounty-programs
- Lacks direct links to program submission pages or platforms
Code Comparison
While both repositories primarily consist of markdown files, Public-bugbounty-programs includes a JSON file containing program information:
{
"programs": [
{
"name": "Example Program",
"url": "https://example.com/bugbounty",
"bounty": true,
"domains": ["example.com", "*.example.com"]
}
]
}
Awesome-Bugbounty-Writeups, on the other hand, is structured as a markdown file with categorized links:
## Cross-Site Scripting (XSS)
- [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A)
- [CSS Injection Vulnerability in Gmail](https://blog.azuki.vip/csrf/)
Both repositories serve different purposes, with Public-bugbounty-programs focusing on program discovery and Awesome-Bugbounty-Writeups emphasizing learning and skill development in bug bounty hunting.
A list of resources for those interested in getting started in bug bounties
Pros of Resources-for-Beginner-Bug-Bounty-Hunters
- Comprehensive learning resources for beginners, including tutorials, tools, and methodologies
- Organized structure with categories for different aspects of bug bounty hunting
- Active community contributions and regular updates
Cons of Resources-for-Beginner-Bug-Bounty-Hunters
- Lacks a direct list of public bug bounty programs
- May be overwhelming for absolute beginners due to the vast amount of information
- Some links may become outdated over time
Code Comparison
Resources-for-Beginner-Bug-Bounty-Hunters:
## Resources for Beginners
- [Introduction to Bug Bounty Hunting](https://www.youtube.com/watch?v=mQjTgDuLsp4)
- [Bug Bounty Hunting Methodology](https://www.youtube.com/watch?v=8VLNPIIgKbM)
public-bugbounty-programs:
- name: HackerOne
url: https://hackerone.com/directory/programs
bounty: true
swag: true
The code comparison shows that Resources-for-Beginner-Bug-Bounty-Hunters focuses on providing educational content, while public-bugbounty-programs offers a structured list of bug bounty programs with relevant information.
A list of interesting payloads, tips and tricks for bug bounty hunters.
Pros of bugbounty-cheatsheet
- Provides a comprehensive collection of resources and techniques for bug bounty hunting
- Includes specific payloads and methodologies for various types of vulnerabilities
- Regularly updated with community contributions and new techniques
Cons of bugbounty-cheatsheet
- Focuses more on technical aspects rather than providing a list of active bug bounty programs
- May require more technical knowledge to effectively utilize the information provided
- Less structured in terms of organizing information about specific bug bounty programs
Code Comparison
While a direct code comparison isn't relevant for these repositories, we can compare the structure of their content:
bugbounty-cheatsheet:
## Cross-Site Scripting (XSS)
### Reflected XSS
```javascript
<script>alert('XSS')</script>
<scriPt>alert(String.fromCharCode(88,83,83))</scriPt>
public-bugbounty-programs:
```yaml
- name: HackerOne
url: https://hackerone.com/security
bounty: true
swag: true
The bugbounty-cheatsheet repository focuses on providing technical information and payloads, while public-bugbounty-programs lists bug bounty programs in a structured format.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Public BugBounty Programs
Community curated list of public bug bounty and responsible disclosure programs.
The chaos-bugbounty-list.json file serves as the central management system for the public bug bounty programs displayed on chaos.projectdiscovery.io. We welcome your contributions to this list. If there are specific programs for which you'd like to see reconnaissance data, please submit a pull request.
We are currently accepting submissions in JSON format. Here's an example of the structure we require:
{
"name":"HackerOne",
"url":"https://hackerone.com/security",
"bounty": true,
"swag": true,
"domains":[
"hackerone.com",
"hackerone.net",
"hacker101.com",
"hackerone-ext-content.com"
]
}
Your contributions will help us to continually improve and expand the range of public bug bounty programs we feature.
ð¬ Discussions
For any inquiries, suggestions, or topics you'd like to discuss, we encourage you to initiate a "Discussion" using our GitHub Discussions platform.
ð¨âð» Community
We invite you to join our Discord Community for more interactive discussions.
Stay updated with our latest news and activities by following ProjectDiscovery on Twitter.
For direct communication, feel free to reach us at contact@projectdiscovery.io.
ð Guidelines
- Please note that only domain name values are accepted in the
domains
field. - We do not support wildcard inputs such as
*.tld
or*.tld.*
. - The domains field should include TLD names associated with the target program, not necessarily based on the scope of the program.
- Subdomains are populated using our dataset Passive API
ð References
- https://github.com/arkadiyt/bounty-targets-data
- https://github.com/disclose/diodb/blob/master/program-list.json
- https://firebounty.com
We greatly appreciate your contributions and your efforts in keeping our community dynamic and engaging. :heart:
Top Related Projects
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
A list of resources for those interested in getting started in bug bounties
A list of interesting payloads, tips and tricks for bug bounty hunters.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot