Analysis updated 2026-07-03
Download the plain-text domain list and pipe it into your recon or subdomain enumeration tool to quickly find testable targets.
Load the raw JSON files from a specific platform to filter bug bounty programs by reward range, asset type, or program age.
Set up a cron job that pulls the latest domain list every hour so your tooling always runs against current in-scope targets.
Check wildcard entries against a target before submitting a report to confirm the specific subdomain is not excluded.
| arkadiyt/bounty-targets-data | aquasecurity/cloudsploit | efforg/privacybadger | |
|---|---|---|---|
| Stars | 3,731 | 3,731 | 3,731 |
| Language | — | JavaScript | JavaScript |
| Setup difficulty | easy | moderate | easy |
| Complexity | 1/5 | 3/5 | 1/5 |
| Audience | developer | ops devops | general |
Figures from each repo's GitHub metadata at analysis time.
This repository is a regularly updated data dump of bug bounty program scopes collected from major platforms including HackerOne, Bugcrowd, Intigriti, Federacy, and YesWeHack. Bug bounty programs are arrangements where companies invite security researchers to find and report vulnerabilities in their systems in exchange for a reward. Each program specifies which websites and services are in scope, meaning researchers are allowed to test them. The files in this repo give you a consolidated, ready-to-use list of those in-scope targets. The main files are a plain text list of domains (specific website addresses that are eligible for testing) and a separate list of wildcard domains (entries like .example.com, which cover all subdomains of a given site). Wildcard entries come with a caution: a program might allow .example.com but specifically exclude certain subdomains, so checking the individual program rules before submitting a report is important. Additional JSON files contain the full raw data from each platform, which includes more detail than the simplified domain lists. These are useful if you want to build tooling on top of the data or filter by specific program criteria. The files update every 30 minutes, so the list reflects near-current program scope changes. The code that fetches and processes this data lives in a separate companion repository called bounty-targets. This repository itself is just the output: a place to pull the latest scope data without having to run the scraper yourself. It is a practical reference for security researchers who want to know what is currently testable across the major bug bounty platforms without visiting each platform individually.
A regularly updated data dump of bug bounty program scopes from HackerOne, Bugcrowd, Intigriti, and other major platforms, giving security researchers a single place to find which websites and services are currently open for testing.
No license specified in the explanation, treat as all-rights-reserved until confirmed.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.