A curated GitHub repository of bounty-targets-data that's in-scope and eligible for bounty.
To make it easier to do security research, pen-test (whitebox perspective), local setup CVE (by reverting to known-vulnerability commit), mass-scan, static analysis (Semgrep, CodeQL, .etc) and other things where the utilities are similar.
In-scopes
- https://github.com/WorldHealthOrganization/app
- https://github.com/orion-labs/node-orion
- https://github.com/orion-labs/node-red-contrib-orion
- https://github.com/callstats-io
- https://github.com/jitsi
- https://github.com/orgs/8x8
- https://github.com/duckduckgo/duckduckgo-privacy-extension
- https://github.com/adobe/svg-native-viewer
- https://github.com/rails/rails
- https://github.com/WordPress
- https://github.com/concrete5/concrete5
- https://github.com/slackhq/nebula
- https://github.com/irccloud/android
- https://github.com/irccloud/ios
- https://github.com/irccloud/irccloud-desktop
- https://github.com/smooch/smooch-android
- https://github.com/smooch/smooch-ios
- https://github.com/smooch/smooch-web
- https://github.com/urbandictionary
- https://github.com/qiwi
- https://github.com/WordPoints
- https://github.com/WordPoints/wordpoints
- https://github.com/mapbox
- https://github.com/globaleaks/GlobaLeaks
- https://github.com/innocraft
- https://github.com/matomo-org
- https://github.com/matomo-org/matomo
- https://github.com/revive-adserver/revive-adserver
- https://github.com/binary-com
- https://github.com/bwillis/versioncake
- https://github.com/bcit-ci/CodeIgniter
- https://github.com/ruby/ruby
- https://github.com/rubygems/rubygems
- https://github.com/paragonie/anti-csrf
- https://github.com/paragonie/certainty
- https://github.com/paragonie/chronicle
- https://github.com/paragonie/constant_time_encoding
- https://github.com/paragonie/easydb
- https://github.com/paragonie/gpg-mailer
- https://github.com/paragonie/halite
- https://github.com/paragonie/paseto
- https://github.com/paragonie/password_lock
- https://github.com/paragonie/random_compat
- https://github.com/paragonie/sapient
- https://github.com/paragonie/sodium_compat
- https://github.com/mainwp/mainwp
- https://github.com/mainwp/mainwp-child
- https://github.com/PowerDNS/pdns
- https://github.com/dovecot/core
- https://github.com/dovecot/pigeonhole
- https://github.com/open-xchange/appsuite-frontend
- https://github.com/open-xchange/appsuite-middleware
- https://github.com/phpbb/phpbb
- https://github.com/AspenWeb
- https://github.com/pyca/bcrypt
- https://github.com/pyca/cryptography
- https://github.com/pyca/pynacl
- https://github.com/pyca/pyopenssl
- https://github.com/plaid/plaid-link-android
- https://github.com/plaid/plaid-link-examples
- https://github.com/plaid/plaid-link-ios
- https://github.com/plaid/plaid-ruby
- https://github.com/plaid/react-native-plaid-link-sdk
- https://github.com/plaid/react-plaid-link
- https://github.com/brave-intl/bat-balance
- https://github.com/brave-intl/bat-client
- https://github.com/brave-intl/bat-go
- https://github.com/brave-intl/bat-ledger
- https://github.com/brave-intl/bat-publisher
- https://github.com/brave-intl/publishers
- https://github.com/brave/brave-core
- https://github.com/brave/brave-ios
- https://github.com/brave/vault-updater
- https://github.com/vanilla/addons
- https://github.com/vanilla/community
- https://github.com/vanilla/vanilla
- https://github.com/WeblateOrg/docker
- https://github.com/WeblateOrg/translation-finder
- https://github.com/WeblateOrg/weblate
- https://github.com/WeblateOrg/website
- https://github.com/WeblateOrg/wlc
- https://github.com/johnbillion/query-monitor
- https://github.com/johnbillion/user-switching
- https://github.com/johnbillion/wp-crontrol
- https://github.com/cuvva/docs
- https://github.com/bitwarden
- https://github.com/bitwarden/cli
- https://github.com/bitwarden/desktop
- https://github.com/delight-im
- https://github.com/hyperledger/fabric
- https://github.com/hyperledger/fabric-baseimage
- https://github.com/hyperledger/fabric-ca
- https://github.com/hyperledger/fabric-chaincode-java
- https://github.com/hyperledger/fabric-chaincode-node
- https://github.com/hyperledger/fabric-chaintool
- https://github.com/hyperledger/fabric-samples
- https://github.com/hyperledger/fabric-sdk-go
- https://github.com/hyperledger/fabric-sdk-java
- https://github.com/hyperledger/fabric-sdk-node
- https://github.com/hyperledger/fabric-sdk-py
- https://github.com/hyperledger/fabric-sdk-rest
- https://github.com/nodejs/node
- https://github.com/valvesoftware
- https://github.com/elastic/beats
- https://github.com/elastic/elasticsearch
- https://github.com/elastic/kibana
- https://github.com/elastic/logstash
- https://github.com/lifeomic/cli
- https://github.com/EdOverflow
- https://github.com/securitytxt
- https://github.com/cosmos/cosmos-sdk
- https://github.com/cosmos/gaia
- https://github.com/cosmos/iavl
- https://github.com/cosmos/ibc-go
- https://github.com/cosmos/ledger-cosmos
- https://github.com/iqlusioninc/signatory
- https://github.com/iqlusioninc/tmkms
- https://github.com/iqlusioninc/yubihsm
- https://github.com/tendermint/tendermint
- https://github.com/dhui/passhash
- https://github.com/rsksmart/powpeg-node
- https://github.com/rsksmart/rskj
- https://github.com/rsksmart/tokenbridge
- https://github.com/gtsatsis/RLAPI-v3-OOP
- https://github.com/crypto-org-chain/chain-main
- https://github.com/crypto-com/cro-staking
- https://github.com/crypto-com/swap-contracts-core
- https://github.com/crypto-com/swap-contracts-periphery
- https://github.com/arkadiyt/aws_public_ips
- https://github.com/arkadiyt/bounty-targets
- https://github.com/arkadiyt/ssrf_filter
- https://github.com/arkadiyt/zoom-redirector
- https://github.com/smartcontractkit/chainlink
- https://github.com/eslint/eslint
- https://github.com/eslint/eslint-github-bot
- https://github.com/DefectDojo/django-DefectDojo
- https://github.com/curl/curl
- https://github.com/status-im/status-go
- https://github.com/status-im/status-react
- https://github.com/EndlessHosting
- https://github.com/Agoric/agoric-sdk
- https://github.com/Agoric/ses-shim
- https://github.com/tokencard/contracts
- https://github.com/impresscms/impresscms
- https://github.com/kubernetes-csi
- https://github.com/kubernetes-retired
- https://github.com/kubernetes-client
- https://github.com/kubernetes-incubator
- https://github.com/kubernetes-security
- https://github.com/kubernetes-sigs
- https://github.com/kubernetes/api
- https://github.com/kubernetes/apiextensions-apiserver
- https://github.com/kubernetes/apimachinery
- https://github.com/kubernetes/apiserver
- https://github.com/kubernetes/autoscaler
- https://github.com/kubernetes/cli-runtime
- https://github.com/kubernetes/client-go
- https://github.com/kubernetes/cloud-provider
- https://github.com/kubernetes/cloud-provider-alibaba-cloud
- https://github.com/kubernetes/cloud-provider-aws
- https://github.com/kubernetes/cloud-provider-azure
- https://github.com/kubernetes/cloud-provider-gcp
- https://github.com/kubernetes/cloud-provider-openstack
- https://github.com/kubernetes/cloud-provider-sample
- https://github.com/kubernetes/cloud-provider-vsphere
- https://github.com/kubernetes/cluster-bootstrap
- https://github.com/kubernetes/cluster-registry
- https://github.com/kubernetes/code-generator
- https://github.com/kubernetes/community
- https://github.com/kubernetes/component-base
- https://github.com/kubernetes/cri-api
- https://github.com/kubernetes/csi-api
- https://github.com/kubernetes/csi-translation-lib
- https://github.com/kubernetes/dashboard
- https://github.com/kubernetes/dns
- https://github.com/kubernetes/enhancements
- https://github.com/kubernetes/examples
- https://github.com/kubernetes/frakti
- https://github.com/kubernetes/funding
- https://github.com/kubernetes/gengo
- https://github.com/kubernetes/git-sync
- https://github.com/kubernetes/ingress-gce
- https://github.com/kubernetes/ingress-nginx
- https://github.com/kubernetes/k8s
- https://github.com/kubernetes/klog
- https://github.com/kubernetes/kompose
- https://github.com/kubernetes/kops
- https://github.com/kubernetes/kube-aggregator
- https://github.com/kubernetes/kube-controller-manager
- https://github.com/kubernetes/kube-deploy
- https://github.com/kubernetes/kube-openapi
- https://github.com/kubernetes/kube-proxy
- https://github.com/kubernetes/kube-scheduler
- https://github.com/kubernetes/kube-state-metrics
- https://github.com/kubernetes/kubeadm
- https://github.com/kubernetes/kubectl
- https://github.com/kubernetes/kubelet
- https://github.com/kubernetes/kubernetes
- https://github.com/kubernetes/kubernetes-anywhere
- https://github.com/kubernetes/kubernetes-template-project
- https://github.com/kubernetes/legacy-cloud-providers
- https://github.com/kubernetes/metrics
- https://github.com/kubernetes/minikube
- https://github.com/kubernetes/node-api
- https://github.com/kubernetes/node-problem-detector
- https://github.com/kubernetes/org
- https://github.com/kubernetes/perf-tests
- https://github.com/kubernetes/publishing-bot
- https://github.com/kubernetes/release
- https://github.com/kubernetes/repo-infra
- https://github.com/kubernetes/sample-apiserver
- https://github.com/kubernetes/sample-cli-plugin
- https://github.com/kubernetes/sample-controller
- https://github.com/kubernetes/security
- https://github.com/kubernetes/sig-release
- https://github.com/kubernetes/steering
- https://github.com/kubernetes/test-infra
- https://github.com/kubernetes/utils
- https://github.com/kubernetes/website
- https://github.com/diem/diem
- https://github.com/solidusio/solidus
- https://github.com/solidusio/solidus_auth_devise
- https://github.com/oasisprotocol/curve25519-voi
- https://github.com/oasisprotocol/deoxysii
- https://github.com/oasisprotocol/deoxysii-rust
- https://github.com/oasisprotocol/ed25519
- https://github.com/oasisprotocol/oasis-core
- https://github.com/oasisprotocol/oasis-sdk
- https://github.com/oasisprotocol/oasis-wallet-ext
- https://github.com/oasisprotocol/oasis-wallet-web
- https://github.com/DopplerHQ/cli
- https://github.com/skalenetwork/libBLS
- https://github.com/skalenetwork/sgxwallet
- https://github.com/skalenetwork/skale-consensus
- https://github.com/skalenetwork/skale-manager
- https://github.com/aiven
- https://github.com/OpenMage/magento-lts
- https://github.com/maticnetwork/bor
- https://github.com/maticnetwork/contracts
- https://github.com/maticnetwork/heimdall
- https://github.com/18F/docker-ruby-ubuntu
- https://github.com/18F/federalist
- https://github.com/18F/federalist-builder
- https://github.com/18F/federalist-docker-build
- https://github.com/18F/federalist-proxy
- https://github.com/18F/identity-idp
- https://github.com/18F/identity-saml-rails
- https://github.com/18F/identity-saml-sinatra
- https://github.com/GSA/data
- https://github.com/GSA/datagov-deploy
- https://github.com/Switcheo/switcheo-tradehub-zil
- https://github.com/Zilliqa/Devex-apollo
- https://github.com/Zilliqa/ZRC
- https://github.com/Zilliqa/Zilliqa
- https://github.com/Zilliqa/Zilliqa-JavaScript-Library
- https://github.com/Zilliqa/ceres
- https://github.com/Zilliqa/dev-explorer
- https://github.com/Zilliqa/gozilliqa-sdk
- https://github.com/Zilliqa/nucleus-wallet
- https://github.com/Zilliqa/schnorr
- https://github.com/Zilliqa/scilla
- https://github.com/Zilliqa/staking-contract
- https://github.com/Zilliqa/zilliqa-multisig-wallet
- https://github.com/sifchain/sifnode
- https://github.com/fastify
- https://github.com/mcu-tools/mcuboot
- https://github.com/samuel-lucas6/ChaCha20-BLAKE2b
- https://github.com/samuel-lucas6/Kryptor
- https://github.com/Electron
- https://github.com/Nginx
- https://github.com/apache/airflow
- https://github.com/apache/httpd
- https://github.com/django
- https://github.com/openssl/openssl
- https://github.com/rails
- https://github.com/ruby
- https://github.com/HorizenOfficial/zen
- https://github.com/endojs/endo
- https://github.com/liberapay/liberapay
- https://github.com/spiffe/spiffe
- https://github.com/spiffe/spire
- https://github.com/endojs
- https://github.com/rust-lang/rust
- https://github.com/pyca/infra
- https://github.com/trufflesuite/drizzle
- https://github.com/trufflesuite/drizzle-utils
- https://github.com/trufflesuite/ganache
- https://github.com/trufflesuite/ganache-ui
- https://github.com/trufflesuite/preserves
- https://github.com/trufflesuite/truffle
- https://github.com/trufflesuite/trufflesuite
- https://github.com/trufflesuite/vscode-ext
- https://github.com/cloudflare
- https://github.com/adobe
- https://github.com/argoproj/argoproj
- https://github.com/rack/rack
- https://github.com/pixiv/charcoal
- https://github.com/raivo-otp/apns-server
- https://github.com/raivo-otp/ios-application
- https://github.com/raivo-otp/issuer-icons
- https://github.com/raivo-otp/macos-receiver
- https://github.com/hyperledger/fabric-amcl
- https://github.com/hyperledger/fabric-chaincode-go
- https://github.com/hyperledger/fabric-cli
- https://github.com/hyperledger/fabric-config
- https://github.com/hyperledger/fabric-contract-api-go
- https://github.com/hyperledger/fabric-gateway
- https://github.com/hyperledger/fabric-gateway-java
- https://github.com/hyperledger/fabric-lib-go
- https://github.com/hyperledger/fabric-private-chaincode
- https://github.com/hyperledger/fabric-protos
- https://github.com/hyperledger/fabric-protos-go
- https://github.com/hyperledger/fabric-protos-go-apiv2
You can download a collection of repositories in the list.txt file, thus you can do mass cloning with:
$ cat list.txt | grep / | xargs -I % git clone https://github.com/%
Using
grep
because there's scope that is wildcard (organizational, not per-repository).
💡 Please note that each program also has out of scope that we do NOT provide; review before reporting to the relevant program to avoid not applicable submissions (if you want to make a disclosures) nor do we relate the scope to the program platform so please check the SECURITY.md
file for each repository/organization.