CLI tool to scan multiple bounty platforms and surface the best opportunities.
- Multi-source scanning: GitHub Issues, Immunefi, Code4rena
- Smart filtering: Removes low-value, stale, and documentation-only bounties
- EV ranking: Scores opportunities by expected value (payout × confidence / effort)
- Blacklist support: Exclude protocols from research
- Markdown reports: Human-readable output for quick review
git clone https://github.com/friendlygeorge/bounty-scanner.git
cd bounty-scanner
pip install -r requirements.txt# Full scan (all sources)
python3 scanner.py
# GitHub bounties only
python3 scanner.py --source github
# Immunefi programs only
python3 scanner.py --source immunefi
# Filter by minimum payout
python3 scanner.py --min-payout 100
# JSON output
python3 scanner.py --json
# Skip quality filters
python3 scanner.py --no-filterDefault output goes to bounty-opportunities.md. Use --output to change:
python3 scanner.py --output my-report.mdCreate a blacklist.md file with protocols to exclude:
# Blacklist
### Moonwell
- **Reason:** 93% utilization traps, security history
### SomeProject
- **Reason:** Not interestedThen run:
python3 scanner.py --blacklist blacklist.mdEach opportunity gets an EV Score based on:
- Payout — Known or estimated bounty amount
- Effort — Estimated hours to complete
- Confidence — Based on freshness, source reliability, and payout certainty
EV Score = (Payout / Effort) × Confidence
| Factor | Impact |
|---|---|
| Source: C4/Sherlock | 0.9x (high quality) |
| Source: Immunefi | 0.8x (managed platform) |
| Source: GitHub | 0.4x (varies widely) |
| Freshness: <7 days | +0.2 bonus |
| Freshness: <14 days | +0.15 bonus |
| Known payout | +0.1 bonus |
Searches for issues labeled bounty or bounty + help-wanted. Filters out GSSoC/GSoC documentation tasks.
Scans 270+ bug bounty programs across DeFi protocols. Programs sorted by max bounty. Flags KYC requirements.
Checks for active audit competitions. Note: C4 can have weeks with no active contests.
MIT