Bug Bounty

Public Bug Bounty and Vulnerability Disclosure programs with less competition.

1. Open Bug Bounty Community

https://www.openbugbounty.org/bugbounty-list/

The complete list of bug bounty and security vulnerability disclosure programs launched and operated by open bug bounty community.

Resources — Disclosure Email, Website security page, Number of reports fixed.

2. Bugcrowd crowdsourced bug bounty list

Bug Bounty Program List - All Active Programs in 2022 | Bugcrowd

The most comprehensive, up to date crowdsourced list of bug bounty and security vulnerability disclosure programs from across the web curated by the hacker community.

Filters — Program Name, Bug Bounty eligible, Swag, Hall of Fame, Submission URL, Safe harbor.

3. Project Discovery Chaos web program list

GitHub - projectdiscovery/public-bugbounty-programs: Community curated list of public bug bounty…

The JSON file including the public bug bounty programs listed on chaos.projectdiscovery.io.

{
   "name":"HackerOne",
   "url":"https://hackerone.com/security",
   "bounty": true,
   "swag": true,
   "domains":[
      "hackerone.com",
      "hackerone.net",
      "hacker101.com",
      "hackerone-ext-content.com"
   ]
}

4. Disclose DB program list

https://raw.githubusercontent.com/disclose/diodb/master/program-list.json

A true, community-powered, vendor agnostic directory of all known VDP and BBPs, contact details, policy location, preferred languages, and the status of: Safe harbor, Availability rewards, hall of fame, swag, Disclosure policy.

5. FireBounty

FireBounty | The Ultimate Vulnerability Disclosure Policy and Bug Bounty List!

6. Government VDPs

GitHub - cablej/hack-your-government: A list of governments with Vulnerability Disclosure Policies

Vulnerability disclosure policies and bug bounty programs are becoming standard across industry and government. Beginning with the U.S. Department of Defense, several government agencies worldwide have implemented vulnerability disclosure programs.

This is a list of government agencies that have bug bounty programs or vulnerability disclosure policies.

Note: This list is not an invitation to hack any of the listed organizations. Ensure that you comply with all listed terms of an organization’s vulnerability disclosure policy.

Includes details about — Organization, Type, Rewards, Link, Notes.

Dutch Government Websites (New)

Scope: https://gist.github.com/R0X4R/81e6c50c091a20b060afe5c259b58cfa

7. Google dorks List

GitHub - sushiwushi/bug-bounty-dorks: List of Google Dorks for sites that have responsible…

List of Google Dorks to search for companies that have a responsible disclosure program or bug bounty program which are not affiliated with known bug bounty platforms such as HackerOne or BugCrowd.

If you found this article helpful 👇🏻

1. Follow me Pradeep J.
2. Clap up to 50 times.
3. https://buymeacoffee.com/sam5epi0l
4. Comment your queries.
5. Check out other articles.
6. Open terminal — https://sam5epi0l.github.io/