This repo contains data dumps of Hackerone and Bugcrowd scopes (i.e. the domains that are eligible for bug bounty reports). The files provided are:
Main files:
- domains.txt: full list of domains, without wildcards.
- wildcards.txt: full list of wildcard domains. Note: A program might have
*.example.com
in-scope butexcluded.example.com
out-of-scope so check your program rules before submitting reports.
Extra files:
- bugcrowd_data.json: raw Bugcrowd data.
- hackerone_data.json: raw Hackerone data.
- federacy_data.json: raw Federacy data.
- hackenproof_data.json: raw Hackenproof data.
- intigriti_data.json: raw Intigriti data.
- yeswehack_data.json: raw YesWeHack data.
- hackerone_schema.graphql: Hackerone's graphql api schema.
The last change was detected on Wednesday 10/12/2022 20:30 (UTC)
. New changes (if any) are picked up hourly.
The code used to generate these files lives in the bounty-targets repo.
Feel free to contact me on twitter: https://twitter.com/arkadiyt