Skip to content
Tools and datas related to bug bounty programs.
PHP
Branch: master
Clone or download
Latest commit fde4002 Mar 19, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
hackerone platforms Nov 8, 2018
images 0day platform Jan 7, 2019
templates-reports templates reports Jan 20, 2019
README.md date Jan 8, 2019
tips-by-edoverflow.md ed tips Mar 19, 2019

README.md

Last update: 2019-01-07



hackerone

Link: https://hackerone.com/
Country: US
Registration: public
Researchers: ?
Programs: 1200+
Visibility: public, private
Public disclosure: yes
Reputation: based on reports status and rewards
Additional metrics: signal, impact, badges
Payout methods: Paypal, Coinbase, bank transfer

Bugcrowd

Link: https://www.bugcrowd.com/
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation (kudos): based on reports criticity
Additional metrics: accuracy
Payout methods: Paypal, Payoneer


Yes We Hack (previously Bounty Factory)

Link: https://www.yeswehack.com/en/
Country: France
Registration: public
Researchers: ~750
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based on reports status, rewards and reports quality
Additional metrics: no
Payout methods: bank transfer


Yogosha

Link: https://www.yogosha.com/
Country: France
Registration: test required
Researchers: ~150
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: ?
Additional metrics: reports quality
Payout methods: bank transfer


HackenProof

Link: https://hackenproof.com/
Country: Estonia
Registration: public
Researchers: ~1000
Programs: ?
Visibility: public, private, vetted
Public disclosure: yes
Reputation: reports status and reports severity
Additional metrics: -
Payout methods: HKN (Hacken crypto currency)


cobalt

Link: https://cobalt.io/
Country: US
Registration: invitation required
Researchers: ?
Programs: ?
Visibility: invite only
Public disclosure: no
Reputation: none
Additional metrics: no
Payout methods: Paypal, Bitcoin


Synack Red Team

Link: https://www.synack.com/red-team/
Country: US
Registration: tutorial, video interview, technical assessments, background check, ID verification
Researchers: ~3000
Programs: ?
Visibility: private
Public disclosure: no
Reputation: reports quality, rewards, target hardening
Additional metrics: ?
Payout methods: Paypal


Intigriti

Link: https://www.intigriti.com/
Country: Belgium
Registration: public
Researchers: ?
Programs: ?
Visibility: public, confidential, private, vetted
Public disclosure: no
Reputation: based on reports criticity
Additional metrics: quality score
Payout methods: bank transfer


Zerocopter

Link: https://www.zerocopter.com/
Country: Netherlands
Registration: disabled
Researchers: ?
Programs: ?
Visibility: private, vetted
Public disclosure: no
Reputation: no
Additional metrics: no
Payout methods: Paypal, Bitcoin, bank transfer
Extra info: Rewards fixed by the platform (https://www.zerocopter.com/en/vulnerability-price-list)


Detectify

Link: https://cs.detectify.com/
Country: Sweden
Registration: invite only
Researchers: 150+
Programs: N/A
Visibility: private
Public disclosure: no
Reputation: vulnerability severity and popularity
Additional metrics: ?
Payout methods: payment handled through Bugcrowd
Extra infos: Vulnerabilities are submitted to Detectify continuously, implemented into Detectify scanners and researchers are rewarded as their vulnerabilities are found in Detectify customer's scans, a unique model which separates Detectify Crowdsource from other platforms. Detectify does not work with programs in that sense, but instead focus Detectify researchers' attention towards technology types used by a range of companies.

AntiHack.me

Link: https://www.antihack.me/
Country: Singapore
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based reports status and rewards
Additional metrics: hit rate, impact
Payout methods: Paypal


BugBounty.jp

Link: https://bugbounty.jp/
Country: Japan
Registration: public
Researchers: ~1500
Programs: ?
Visibility: public, private
Public disclosure: no
Reputation: based on reports status and rewards
Additional metrics: -
Payout methods: Paypal, bank transfer (Japan)


CESPPA

Link: https://www.cesppa.com/
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: public, private, exclusive
Public disclosure: no
Reputation: work in progress
Additional metrics: no
Payout methods: Paypal, cryptocurrency (BTC, LTC, ETH)
Extra infos: Triage team can be reached on Bug Bounty World slack at #cesppa

SafeHats

Link: https://safehats.com/
Country: India
Registration: public
Researchers: ?
Programs: ?
Visibility: private
Public disclosure: ?
Reputation (karma score): reports status and rewards
Additional metrics: relevancy score, bounty score
Payout methods: Paypal, Bitcoin


Federacy

Link: https://www.federacy.com/
Country: US
Registration: public
Researchers: ~20
Programs: ~20
Visibility: public, private
Public disclosure: no
Reputation: work in progress
Additional metrics: no
Payout methods: Paypal, Venmo, Bitcoin, Ethereum, Stripe on the way
Extra infos: Currently in a closed beta. If you signed up without an invitation code, there is a hard limit set on your account allowing only 3 reports to be submitted per week.

Hacktrophy

Link: https://hacktrophy.com/en/
Country: Slovak Republic
Registration: public
Researchers: 600+
Programs: ?
Visibility: public, private
Public disclosure: yes
Reputation: no
Additional metrics: no
Payout methods: Paypal, Bitcoin, bank transfer
Extra infos: Programs set reward limit by month/year.

Hackrfi

Link: https://hackr.fi/en/
Country: Finland
Registration: public
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: Paypal, bank transfer (Finland)


Open Bug Bounty

Link: https://www.openbugbounty.org/
Country: ?
Registration: public
Researchers: 7500+
Programs: N/A
Visibility: N/A
Public disclosure: yes
Reputation: ?
Additional metrics: recommendations, badges
Payout methods: up to the company
Extra infos: Open Bug Bounty is a non-profit Bug Bounty platform. The responsible disclosure platform allows independent security researchers to report XSS and similar security vulnerabilities on any website they discover.


BountyGraph

Link: https://bountygraph.com/ (closed)
Country: US
Registration: public
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: Paypal, Stripe


BugsBounty

Link: https://bugsbounty.io/
Country: India
Registration: currently running internally
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: ?


Crowd Shield

Link: https://crowdshield.com/
Country: CA
Registration: public
Researchers: ?
Programs: ~20
Visibility: public, private
Public disclosure: yes
Reputation: reports criticity
Additional metrics: ?
Payout methods: ?


Cyber Army

Link: https://www.cyberarmy.id/
Country: Indonesia
Registration: public
Researchers: ~20
Programs: ~10
Visibility: ?
Public disclosure: no
Reputation: ?
Additional metrics: ?
Payout methods: ?


BugBountyZone

Link: https://www.bugbountyzone.com/
Country: France
Registration: good luck
Researchers: ?
Programs: ?
Visibility: ?
Public disclosure: ?
Reputation: ?
Additional metrics: ?
Payout methods: ?


0 day platforms:



Zerodium

Link: https://zerodium.com/
Country: US
Registration: no need
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: N/A
Additional metrics: N/A
Payout methods: wire transfer, Bitcoin


Zero Day Initiative

Link: https://www.zerodayinitiative.com/
Country: US
Registration: public
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: ?
Additional metrics: ?
Payout methods: wire transfer


Crowdfense

Link: https://www.crowdfense.com/
Country: UAE
Registration: no need
Researchers: N/A
Programs: N/A
Visibility: N/A
Public disclosure: no
Reputation: N/A
Additional metrics: N/A
Payout methods: ?


You can’t perform that action at this time.