Public BugBounty Programs
Community curated list of public bug bounty and responsible disclosure programs.
The chaos-bugbounty-list.json file serves as the central management system for the public bug bounty programs displayed on chaos.projectdiscovery.io. We welcome your contributions to this list. If there are specific programs for which you'd like to see reconnaissance data, please submit a pull request.
We are currently accepting submissions in JSON format. Here's an example of the structure we require:
{
"name":"HackerOne",
"url":"https://hackerone.com/security",
"bounty": true,
"swag": true,
"domains":[
"hackerone.com",
"hackerone.net",
"hacker101.com",
"hackerone-ext-content.com"
]
}
Your contributions will help us to continually improve and expand the range of public bug bounty programs we feature.
💬 Discussions
For any inquiries, suggestions, or topics you'd like to discuss, we encourage you to initiate a "Discussion" using our GitHub Discussions platform.
👨💻 Community
We invite you to join our Discord Community for more interactive discussions.
Stay updated with our latest news and activities by following ProjectDiscovery on Twitter.
For direct communication, feel free to reach us at [email protected].
📋 Guidelines
- Please note that only domain name values are accepted in the
domains
field. - We do not support wildcard inputs such as
*.tld
or*.tld.*
. - The domains field should include TLD names associated with the target program, not necessarily based on the scope of the program.
- Subdomains are populated using our dataset Passive API
📌 References
- https://github.com/arkadiyt/bounty-targets-data
- https://github.com/disclose/diodb/blob/master/program-list.json
- https://firebounty.com
We greatly appreciate your contributions and your efforts in keeping our community dynamic and engaging.