Bug Bounty Resources And Readings
#100DaysOfCode
GitHub Links for the Resources
Bug-Bounty-References
Awesome-Bug-Bounty
Bug-Hunting Methodology
Awesome Hacking
Bug-Bounty Cheatsheet
BugCrowd University
Bug Bounty POCs
XSS-POCs
Bugcrowd-POC-Forum
Bugcrowd-researchers-Writeups
Pentester’s - Top writeups
Secgeek Writeups
Hackerone Unofficial Public Reports
A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters.
Table of Contents
Getting Started
- How to Become a Successful Bug Bounty Hunter
- Researcher Resources - How to become a Bug Bounty Hunter
- Bug Bounties 101
- The life of a bug bounty hunter
- Awsome list of bugbounty cheatsheets
- Getting Started - Bug Bounty Hunter Methodology
Write Ups & Authors
- sakurity.com/blog - by Egor Homakov
- respectxss.blogspot.in - by Ashar Javed
- labs.detectify.com - by Frans Rosén
- cliffordtrigo.info - by Clifford Trigo
- stephensclafani.com - by Stephen Sclafani
- sasi2103.blogspot.co.il - by Sasi Levi
- pwnsecurity.net - by Shashank
- breaksec.com - by Nir Goldshlager
- pwndizzle.blogspot.in - by Alex Davies
- c0rni3sm.blogspot.in - by yappare
- exploit.co.il/blog - by Shai rod
- ibreak.software - by Riyaz Ahemed Walikar
- panchocosil.blogspot.in - by Francisco Correa
- breakingmesh.blogspot.in - by Sahil Sehgal
- websecresearch.com - by Ajay Singh Negi
- securitylearn.net - by Satish Bommisetty
- secinfinity.net - by Prakash Sharma
- websecuritylog.com - by jitendra jaiswal
- medium.com/@ajdumanhug - by Allan Jay Dumanhug
- Web Hacking 101 - by Peter Yaworski
Platforms
- HackerOne
- Bugcrowd
- Cobalt
- Bountysource
- Bounty Factory
- Coder Bounty
- FreedomSponsors
- FOSS Factory
- Synack
Available Programs
- 123Contact Form
- 99designs
- Abacus
- Acquia
- ActiveCampaign
- ActiveProspect
- Adobe
- AeroFS
- Airbitz
- Airbnb
- Algolia
- Altervista
- Amara
- Amazon Web Services
- Amazon.com
- ANCILE Solutions Inc.
- Anghami
- ANXBTC
- Apache httpd
- Appcelerator
- Apple
- Apptentive
- Aptible
- Ardour
- ARM mbed
- Asana
- ASP4all
- AT&T
- Atlassian
- Attack-Secure
- Authy
- Automattic
- Avast!
- Avira
- AwardWallet
- Badoo
- Barracuda
- Basecamp
- Beanstalk
- BillGuard
- Billys Billing
- Binary.com
- Binary.com Cashier
- BitBandit.eu
- Bitcasa
- BitCasino
- BitGo
- BitHealth
- BitHunt
- BitMEX
- Bitoasis
- Bitpagos
- Bitrated
- Bitreserve
- Bitspark
- Bitwage
- BitWall
- BitYes
- BlackBerry
- Blackboard
- Blackphone
- Blesta
- Block.io
- Block.io, Inc.
- Blockchain.info
- BlockScore
- Bookfresh
- Box
- Braintree
- BTC_sx
- Buffer
- BX.in.th
- C2FO
- Campaign Monitor
- CARD.com
- Catchafire
- Caviar
- CCBill
- CERT/CC
- Certly
- ChainPay
- ChangeTip
- Chargify
- Chromium Project
- Circle
- CircleCI
- Cisco
- Clojars
- CloudFlare
- Cobalt
- Code Climate
- CodeIgniter
- CodePen
- Coin Republic
- Coin.Space
- Coinage
- Coinbase
- CoinDaddy
- Coinkite
- Coinport
- coins.ph
- Cointrader.net
- Coinvoy
- Compose
- concrete5
- Constant Contact
- Counterparty
- Coupa
- Coursera
- cPanel
- cPaperless
- Crix.io
- CrowdShield
- Cryptocat
- Cupcake
- CustomerInsight
- Cylance
- Dato Capital
- Detectify
- DigitalOcean
- DigitalSellz
- Django
- Doorkeeper
- DoSomething
- DPD
- Dropbox
- Dropbox Acquisitions
- Drupal
- eBay
- Eclipse
- EMC
- Enano
- Engine Yard
- Envoy
- Eobot
- EthnoHub
- Etsy
- EVE
- Event Espresso
- Evernote
- Expatistan
- ExpressionEngine
- Ezbob
- Faceless
- Factlink
- FanFootage
- FastSlots
- Flash
- Flood
- Flow Dock
- Flox
- Fluxiom
- Fog Creek
- FormAssembly
- Founder Bliss
- Foursquare
- Freelancer
- Gallery
- Gamma
- Gemfury
- General Motors
- GhostMail
- GitHub
- GitLab
- GlassWire
- Gliph
- GlobaLeaks
- Google PRP
- Google VRP
- Gratipay
- GreenAddress
- Greenhouse.io
- Grok Learning
- HackerOne
- Harmony
- Heroku
- Hex-Rays
- Hive Wallet
- Hootsuite
- HTC
- Huawei
- Hubdia
- Humble Bundle
- Ian Dunn
- IBM
- ICEcoder
- Iconfinder
- Ifixit
- Imgur
- ImpressPages
- Indeed
- Independent Reserve
- Informatica
- IntegraXor
- Internetwache
- InVision
- IRCCloud
- itBit Exchange
- ITRP
- joola.io
- Joomla
- JRuby
- jsDelivr
- Juniper
- Kadira
- Kaneva
- Kayako
- Kenna
- Keybase
- Khan Academy
- Kraken
- Lancor Income
- LastPass
- LaunchKey
- Lean Testing
- leetfiles
- Librato
- LibSass
- Liferay
- Line
- LiveEnsure
- LocalBitcoins
- Localize
- Logentries
- Lookout
- Magento
- MAGIX
- Mahara
- MaiCoin
- Mail.Ru
- Mailbird
- MailChimp
- ManageBGL
- ManageWP
- MapLogin
- Marktplatts
- Mavenlink
- Maximum
- MCProHosting
- MEGA
- Mercury
- Meteor
- meXBT
- Microsoft
- Mimecast
- Mobile Vikings
- Modus CSR
- MoneyBird
- MoneyStream
- Moodle
- Motorola Solutions
- Mozilla
- mynxt.info
- Natures Organics
- NCSC
- Nearby Live
- Nest
- Netflix
- Nexmo
- Nginx
- Nitrous
- Nokia Networks
- NoPass
- NZRS
- Offensive Security
- ok.ru
- OKCoin
- OkCupid
- Olark
- Opal Cryptocurrency
- Openfolio
- OpenSSL
- OpenStack
- OpenText
- Opera
- Optimizely
- Oracle
- ownCloud
- PagerDuty
- Panasonic Avionics
- Pantheon
- Panzura
- Paragon Initiative Enterprises
- Paychoice
- PayMill
- PayPal
- Perl
- Phabricator
- PHP
- Pidgin
- PikaPay
- PinoyHackNews
- Piwik Open Source Analytics
- Plone
- Poloniex
- Postmark
- Prezi
- Projectplace
- PullReview
- Puppet labs
- PureVPN
- Python
- QIWI
- Quadriga CX
- QuickBT
- Rackspace
- Rdbhost_service
- Red Hat
- Relaso
- RelateIQ
- Release Wire
- Respondly
- Revive Adserver
- Ribose
- Ripio
- Ripple
- Riskalyze
- Romit
- Ruby
- Ruby on Rails
- Salesforce
- Samsung TV
- Sandbox Escape
- SAP
- Schuberg Philis
- Scorpion Software
- Secret
- Secure Works
- Sellfy
- ServiceRocket
- ShareLaTeX
- Sherpany
- Shopify
- Sifter
- Silent Circle
- Simple
- SiteGround
- Skoodat
- Skrill
- Slack
- Snapchat
- Snappy
- Sonatype
- Sony
- SoundCloud
- SpectroCoin
- Spendbitcoins
- SplashID
- Splitwise
- Spotify
- Sprout Social
- Square
- Square Open Source
- StatusPage
- StopTheHacker
- Subledger
- Subrosa
- Sucuri
- Symantec
- Taptalk
- Tarsnap
- TeamUnify
- Tele2
- Telekom
- The Internet
- The Mastercoin Foundation
- ThisData
- TimeTrex
- ToyTalk
- Trello
- Tuenti
- Twilio
- Twitch
- Uber
- Ubiquiti Networks
- Unitag
- Urban Dictionary
- Uzbey
- Valve Software
- VCE
- Venmo
- Version Cake
- Viadeo
- Vimeo
- VK.com
- Volusion
- VPNSox
- vulners.com
- Vultr
- Webconverger
- Websecurify
- Weebly
- WePay
- Whisper
- WHMCS
- Windthorst ISD
- withinsecurity
- WizeHive
- WordPoints
- Wordware
- WP API
- Xen Project
- Xmarks
- Yahoo
- Yandex
- Yanomo
- Yesware
- Zapier
- Zaption
- ZenCash
- Zendesk
- Zetetic
- Ziggo
- Zimbra
- Zoho
- Zomato
- Zopim
- Zynga