whatisgithub

What is awesome-bug-bounty?

djadmin/awesome-bug-bounty — explained in plain English

Analysis updated 2026-06-26

5,642Audience · developerComplexity · 1/5Setup · easy

In one sentence

A curated reference list for security researchers with links to bug bounty platforms, individual company programs, researcher write-ups, and introductory guides for getting started in bug bounty hunting.

Mindmap

mindmap
  root((repo))
    Sections
      Getting started guides
      Researcher write-ups
      Platforms
      Company programs
    Platforms listed
      HackerOne
      Bugcrowd
      Intigriti
      Cobalt
    Audience
      New researchers
      Experienced hunters
    Contribution
      Pull requests welcome
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Find the bug bounty submission page for a specific company by looking it up in the alphabetical company list.

USE CASE 2

Read real vulnerability discovery write-ups from researchers to learn techniques and what counts as a valid finding.

USE CASE 3

Discover bug bounty platforms like HackerOne, Bugcrowd, and Intigriti to decide where to register and start hunting.

USE CASE 4

Contribute a newly launched bug bounty program or a researcher write-up by submitting a pull request.

How does it compare?

djadmin/awesome-bug-bountydagrejs/dagrelmoroney/dlaicourse
Stars5,6425,6415,641
LanguageTypeScriptJupyter Notebook
Setup difficultyeasyeasymoderate
Complexity1/52/52/5
Audiencedeveloperdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min
No specific license stated for the repository content.

So what is it?

Bug bounty programs are arrangements where companies invite independent security researchers to find and report vulnerabilities in their software, and pay out rewards for valid findings. This repository is a curated reference list for people who want to participate in these programs, compiled from publicly available sources. The list is organized into four sections. The first is a getting-started section with links to introductory articles about how bug bounty hunting works as a practice. The second is a collection of write-ups from individual researchers, each linked to their personal blog or write-up archive, showing real examples of the kinds of vulnerabilities people have found and how they found them. Reading write-ups is a common way for new researchers to learn techniques and understand what constitutes a reportable finding. The third section lists the major platforms that host bug bounty programs on behalf of companies, such as HackerOne, Bugcrowd, Intigriti, Cobalt, Synack, and others. These platforms act as intermediaries, handling submission, triage, and payment between researchers and companies. The fourth and largest section is an alphabetical list of individual company programs, with a link to each company's submission page, email address, or platform profile. It covers hundreds of organizations ranging from major tech companies to smaller services. This repository has no code. It is a plain Markdown file maintained as an open reference. Anyone can contribute by submitting a pull request to add a newly launched program or a write-up that is not yet listed. The README contains a link to contributing guidelines for those who want to help keep the list current.

Copy-paste prompts

Prompt 1
I'm new to bug bounty hunting. Based on the awesome-bug-bounty list, which platforms should I join first and what introductory resources should I read?
Prompt 2
I want to find write-ups about SQL injection vulnerabilities from the researcher list. How is the list organized and how do I filter by vulnerability type?
Prompt 3
Which companies in the awesome-bug-bounty list run their programs directly rather than through a platform like HackerOne?
Prompt 4
How do I submit a new company's bug bounty program to the awesome-bug-bounty repository? What information do I need to include in the pull request?
Prompt 5
I'm deciding between HackerOne, Bugcrowd, and Intigriti to start bug hunting. What is each platform known for and how do I pick the right one?

Frequently asked questions

What is awesome-bug-bounty?

A curated reference list for security researchers with links to bug bounty platforms, individual company programs, researcher write-ups, and introductory guides for getting started in bug bounty hunting.

What license does awesome-bug-bounty use?

No specific license stated for the repository content.

How hard is awesome-bug-bounty to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is awesome-bug-bounty for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.