Zama Bounty Program: Contribute to the FHE space and Zama's open source libraries and get rewarded 💰

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

List of Google Dorks for sites that have responsible disclosure program / bug bounty program

Asset inventory of over 800 public bug bounty programs.

🐛 A list of writeups from the Google VRP Bug Bounty program

Community curated list of public bug bounty and responsible disclosure programs.

Open-source vulnerability disclosure and bug bounty program database

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

Bounty program for CryptoKitties smart contract

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.

Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]

Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains participating in bug bounty programs.

A Python script designed to monitor bug bounty programs for any changes and promptly notify users.

Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hacking, Social Engineering, Privacy, Incident Response, Threat Assestment, Personal Security, Ai Security, Android Security, Iot Security, Standards.

Self-hosted bug bounty programs that are "scammy" or unethical

Web application with vulnerabilities found in real cases, both in pentests and in Bug Bounty programs.

Nodesub is a command-line tool for finding subdomains in bug bounty programs

Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.

Bounty program for improvements to Tcl and certain Tcl packages

Reference list of useful links to learn about programming, networking, hacking, cybersecurity, ctf, bounty bug write-up, and more

Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

RChain Bounty Program

Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

This are some Dorks and Platform to find the Bug Bounty Programs.

Every time a Bug Bounty Program in Immunefi modifies its policy, assets-in-scope, or bounties-table, a bot will commit those changes to this repo. To get a before/after diff of a project go to `./project/{project-name}.json` and check it's latest commit.