git404hub

what is bounty-targets-data fr?

arkadiyt/bounty-targets-data — explained in plain English

Analysis updated 2026-07-03

3,731Audience · developerComplexity · 1/5Setup · easy

tl;dr

A regularly updated data dump of bug bounty program scopes from HackerOne, Bugcrowd, Intigriti, and other major platforms, giving security researchers a single place to find which websites and services are currently open for testing.

vibe map

mindmap
  root((bounty-targets-data))
    What it does
      Lists in-scope domains
      Wildcard domain entries
      Full raw JSON per platform
    Data Sources
      HackerOne
      Bugcrowd
      Intigriti
      YesWeHack
    Update Cadence
      Every 30 minutes
      Near real-time scope
    Use Cases
      Feed recon tools
      Filter by platform
      Build custom tooling
    Audience
      Security researchers
      Bug bounty hunters

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Download the plain-text domain list and pipe it into your recon or subdomain enumeration tool to quickly find testable targets.

VIBE 2

Load the raw JSON files from a specific platform to filter bug bounty programs by reward range, asset type, or program age.

VIBE 3

Set up a cron job that pulls the latest domain list every hour so your tooling always runs against current in-scope targets.

VIBE 4

Check wildcard entries against a target before submitting a report to confirm the specific subdomain is not excluded.

what's the stack?

JSONText filesGitHub Actions

how it stacks up fr

arkadiyt/bounty-targets-dataaquasecurity/cloudsploitefforg/privacybadger
Stars3,7313,7313,731
LanguageJavaScriptJavaScript
Setup difficultyeasymoderateeasy
Complexity1/53/51/5
Audiencedeveloperops devopsgeneral

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min
No license specified in the explanation, treat as all-rights-reserved until confirmed.

in plain english

This repository is a regularly updated data dump of bug bounty program scopes collected from major platforms including HackerOne, Bugcrowd, Intigriti, Federacy, and YesWeHack. Bug bounty programs are arrangements where companies invite security researchers to find and report vulnerabilities in their systems in exchange for a reward. Each program specifies which websites and services are in scope, meaning researchers are allowed to test them. The files in this repo give you a consolidated, ready-to-use list of those in-scope targets. The main files are a plain text list of domains (specific website addresses that are eligible for testing) and a separate list of wildcard domains (entries like .example.com, which cover all subdomains of a given site). Wildcard entries come with a caution: a program might allow .example.com but specifically exclude certain subdomains, so checking the individual program rules before submitting a report is important. Additional JSON files contain the full raw data from each platform, which includes more detail than the simplified domain lists. These are useful if you want to build tooling on top of the data or filter by specific program criteria. The files update every 30 minutes, so the list reflects near-current program scope changes. The code that fetches and processes this data lives in a separate companion repository called bounty-targets. This repository itself is just the output: a place to pull the latest scope data without having to run the scraper yourself. It is a practical reference for security researchers who want to know what is currently testable across the major bug bounty platforms without visiting each platform individually.

prompts (copy fr)

prompt 1
Here is a list of bug bounty in-scope domains from bounty-targets-data: [paste domains]. Write a Python script that deduplicates them, strips subdomains, and outputs a sorted list of unique root domains.
prompt 2
I have the raw JSON from bounty-targets-data for HackerOne. Write a script that parses it and prints only programs offering rewards above $500 for high-severity findings.
prompt 3
Using the wildcard domains list from bounty-targets-data, write a Bash one-liner that feeds each entry into subfinder to enumerate live subdomains and saves results per domain.
prompt 4
Help me write a GitHub Action that downloads the latest bounty-targets-data domain list every 6 hours and diffs it against the previous version so I get notified of new in-scope targets.

Frequently asked questions

what is bounty-targets-data fr?

A regularly updated data dump of bug bounty program scopes from HackerOne, Bugcrowd, Intigriti, and other major platforms, giving security researchers a single place to find which websites and services are currently open for testing.

What license does bounty-targets-data use?

No license specified in the explanation, treat as all-rights-reserved until confirmed.

How hard is bounty-targets-data to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is bounty-targets-data for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.