Public Bugbounty Programs

This is a source for programs available on chaos.projectdiscovery.io. Please send pull-request of public bug bounty programs that you want to include in our public list with recon data.

We are currently accepting in JSON format, an example is below:

{
   "name":"HackerOne",
   "url":"https://hackerone.com/security",
   "bounty":true,
   "domains":[
      "hackerone.com",
      "hackerone.net",
      "hacker101.com",
      "hackerone-ext-content.com"
   ]
}

📋 Notes:

• Only domain name values are accepted in the domains field.
• We do not support wildcard input like *.tld or *.tld.*.
• domains field includes TLD names associated with the target program, not based on scope of the program.
• Subdomains are populated using Passive API (chaos dataset).

Thanks again for your contribution and keeping the community vibrant. ❤️

---

If you want to remove any program from the list, please contact us at contact@projectdiscovery.io.

Resources

• https://github.com/arkadiyt/bounty-targets-data
• https://github.com/disclose/disclose/tree/master/program-list