This is a source of public programs listed on chaos.projectdiscovery.io. Please send pull-request of public bug bounty programs that you want to include in our public list with recon data.
We are currently accepting in JSON format, an example is below:
{
"name":"HackerOne",
"url":"https://hackerone.com/security",
"bounty": true,
"swag": true,
"domains":[
"hackerone.com",
"hackerone.net",
"hacker101.com",
"hackerone-ext-content.com"
]
}Have questions / doubts / ideas to discuss? feel free to open a discussion using Github discussions board.
You are welcomed to join our Discord Community. You can also follow us on Twitter to keep up with everything related to projectdiscovery, got question? please reach out to us at chaos@projectdiscovery.io
- Only domain name values are accepted in the
domainsfield. - We do not support wildcard input like
*.tldor*.tld.*. - domains field includes TLD names associated with the target program, not based on scope of the program.
- Subdomains are populated using Passive API (chaos dataset).
- https://github.com/arkadiyt/bounty-targets-data
- https://github.com/disclose/diodb/blob/master/program-list.json
- https://firebounty.com
Thanks again for your contribution and keeping the community vibrant. ❤️