djadmin/awesome-bug-bounty

★ 5,642Audience · developerComplexity · 1/5Setup · easy

Mindmap

mindmap
  root((repo))
    Sections
      Getting started guides
      Researcher write-ups
      Platforms
      Company programs
    Platforms listed
      HackerOne
      Bugcrowd
      Intigriti
      Cobalt
    Audience
      New researchers
      Experienced hunters
    Contribution
      Pull requests welcome

mindmap root((repo)) Sections Getting started guides Researcher write-ups Platforms Company programs Platforms listed HackerOne Bugcrowd Intigriti Cobalt Audience New researchers Experienced hunters Contribution Pull requests welcome

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Find the bug bounty submission page for a specific company by looking it up in the alphabetical company list.

USE CASE 2

Read real vulnerability discovery write-ups from researchers to learn techniques and what counts as a valid finding.

USE CASE 3

Discover bug bounty platforms like HackerOne, Bugcrowd, and Intigriti to decide where to register and start hunting.

USE CASE 4

Contribute a newly launched bug bounty program or a researcher write-up by submitting a pull request.

Getting it running

Difficulty · easy Time to first run · 5min

No specific license stated for the repository content.

In plain English

Bug bounty programs are arrangements where companies invite independent security researchers to find and report vulnerabilities in their software, and pay out rewards for valid findings. This repository is a curated reference list for people who want to participate in these programs, compiled from publicly available sources. The list is organized into four sections. The first is a getting-started section with links to introductory articles about how bug bounty hunting works as a practice. The second is a collection of write-ups from individual researchers, each linked to their personal blog or write-up archive, showing real examples of the kinds of vulnerabilities people have found and how they found them. Reading write-ups is a common way for new researchers to learn techniques and understand what constitutes a reportable finding. The third section lists the major platforms that host bug bounty programs on behalf of companies, such as HackerOne, Bugcrowd, Intigriti, Cobalt, Synack, and others. These platforms act as intermediaries, handling submission, triage, and payment between researchers and companies. The fourth and largest section is an alphabetical list of individual company programs, with a link to each company's submission page, email address, or platform profile. It covers hundreds of organizations ranging from major tech companies to smaller services. This repository has no code. It is a plain Markdown file maintained as an open reference. Anyone can contribute by submitting a pull request to add a newly launched program or a write-up that is not yet listed. The README contains a link to contributing guidelines for those who want to help keep the list current.

Copy-paste prompts

Prompt 1

I'm new to bug bounty hunting. Based on the awesome-bug-bounty list, which platforms should I join first and what introductory resources should I read?

Prompt 2

I want to find write-ups about SQL injection vulnerabilities from the researcher list. How is the list organized and how do I filter by vulnerability type?

Prompt 3

Which companies in the awesome-bug-bounty list run their programs directly rather than through a platform like HackerOne?

Prompt 4

How do I submit a new company's bug bounty program to the awesome-bug-bounty repository? What information do I need to include in the pull request?

Prompt 5

I'm deciding between HackerOne, Bugcrowd, and Intigriti to start bug hunting. What is each platform known for and how do I pick the right one?

Open on GitHub → Explain another repo

← djadmin on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.