Skip to content

projectdiscovery/public-bugbounty-programs

Repository files navigation

Public BugBounty Programs

Community curated list of public bug bounty and responsible disclosure programs.

The chaos-bugbounty-list.json file serves as the central management system for the public bug bounty programs displayed on chaos.projectdiscovery.io. We welcome your contributions to this list. If there are specific programs for which you'd like to see reconnaissance data, please submit a pull request.

We are currently accepting submissions in JSON format. Here's an example of the structure we require:

{
   "name":"HackerOne",
   "url":"https://hackerone.com/security",
   "bounty": true,
   "swag": true,
   "domains":[
      "hackerone.com",
      "hackerone.net",
      "hacker101.com",
      "hackerone-ext-content.com"
   ]
}

Your contributions will help us to continually improve and expand the range of public bug bounty programs we feature.

💬 Discussions

For any inquiries, suggestions, or topics you'd like to discuss, we encourage you to initiate a "Discussion" using our GitHub Discussions platform.

👨‍💻 Community

We invite you to join our Discord Community for more interactive discussions.
Stay updated with our latest news and activities by following ProjectDiscovery on Twitter.
For direct communication, feel free to reach us at contact@projectdiscovery.io.

📋 Guidelines

  • Please note that only domain name values are accepted in the domains field.
  • We do not support wildcard inputs such as *.tld or *.tld.*.
  • The domains field should include TLD names associated with the target program, not necessarily based on the scope of the program.
  • Subdomains are populated using our dataset Passive API

📌 References

We greatly appreciate your contributions and your efforts in keeping our community dynamic and engaging. ❤️