djadmin/awesome-bug-bounty — explained in plain English
Analysis updated 2026-06-26
Find the bug bounty submission page for a specific company by looking it up in the alphabetical company list.
Read real vulnerability discovery write-ups from researchers to learn techniques and what counts as a valid finding.
Discover bug bounty platforms like HackerOne, Bugcrowd, and Intigriti to decide where to register and start hunting.
Contribute a newly launched bug bounty program or a researcher write-up by submitting a pull request.
| djadmin/awesome-bug-bounty | dagrejs/dagre | lmoroney/dlaicourse | |
|---|---|---|---|
| Stars | 5,642 | 5,641 | 5,641 |
| Language | — | TypeScript | Jupyter Notebook |
| Setup difficulty | easy | easy | moderate |
| Complexity | 1/5 | 2/5 | 2/5 |
| Audience | developer | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Bug bounty programs are arrangements where companies invite independent security researchers to find and report vulnerabilities in their software, and pay out rewards for valid findings. This repository is a curated reference list for people who want to participate in these programs, compiled from publicly available sources. The list is organized into four sections. The first is a getting-started section with links to introductory articles about how bug bounty hunting works as a practice. The second is a collection of write-ups from individual researchers, each linked to their personal blog or write-up archive, showing real examples of the kinds of vulnerabilities people have found and how they found them. Reading write-ups is a common way for new researchers to learn techniques and understand what constitutes a reportable finding. The third section lists the major platforms that host bug bounty programs on behalf of companies, such as HackerOne, Bugcrowd, Intigriti, Cobalt, Synack, and others. These platforms act as intermediaries, handling submission, triage, and payment between researchers and companies. The fourth and largest section is an alphabetical list of individual company programs, with a link to each company's submission page, email address, or platform profile. It covers hundreds of organizations ranging from major tech companies to smaller services. This repository has no code. It is a plain Markdown file maintained as an open reference. Anyone can contribute by submitting a pull request to add a newly launched program or a write-up that is not yet listed. The README contains a link to contributing guidelines for those who want to help keep the list current.
A curated reference list for security researchers with links to bug bounty platforms, individual company programs, researcher write-ups, and introductory guides for getting started in bug bounty hunting.
No specific license stated for the repository content.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.