├── LICENSE
├── README.md
├── code-of-conduct.md
└── contributing.md


/LICENSE:
--------------------------------------------------------------------------------
  1 | CC0 1.0 Universal
  2 | 
  3 | Statement of Purpose
  4 | 
  5 | The laws of most jurisdictions throughout the world automatically confer
  6 | exclusive Copyright and Related Rights (defined below) upon the creator and
  7 | subsequent owner(s) (each and all, an "owner") of an original work of
  8 | authorship and/or a database (each, a "Work").
  9 | 
 10 | Certain owners wish to permanently relinquish those rights to a Work for the
 11 | purpose of contributing to a commons of creative, cultural and scientific
 12 | works ("Commons") that the public can reliably and without fear of later
 13 | claims of infringement build upon, modify, incorporate in other works, reuse
 14 | and redistribute as freely as possible in any form whatsoever and for any
 15 | purposes, including without limitation commercial purposes. These owners may
 16 | contribute to the Commons to promote the ideal of a free culture and the
 17 | further production of creative, cultural and scientific works, or to gain
 18 | reputation or greater distribution for their Work in part through the use and
 19 | efforts of others.
 20 | 
 21 | For these and/or other purposes and motivations, and without any expectation
 22 | of additional consideration or compensation, the person associating CC0 with a
 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
 25 | and publicly distribute the Work under its terms, with knowledge of his or her
 26 | Copyright and Related Rights in the Work and the meaning and intended legal
 27 | effect of CC0 on those rights.
 28 | 
 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be
 30 | protected by copyright and related or neighboring rights ("Copyright and
 31 | Related Rights"). Copyright and Related Rights include, but are not limited
 32 | to, the following:
 33 | 
 34 |   i. the right to reproduce, adapt, distribute, perform, display, communicate,
 35 |   and translate a Work;
 36 | 
 37 |   ii. moral rights retained by the original author(s) and/or performer(s);
 38 | 
 39 |   iii. publicity and privacy rights pertaining to a person's image or likeness
 40 |   depicted in a Work;
 41 | 
 42 |   iv. rights protecting against unfair competition in regards to a Work,
 43 |   subject to the limitations in paragraph 4(a), below;
 44 | 
 45 |   v. rights protecting the extraction, dissemination, use and reuse of data in
 46 |   a Work;
 47 | 
 48 |   vi. database rights (such as those arising under Directive 96/9/EC of the
 49 |   European Parliament and of the Council of 11 March 1996 on the legal
 50 |   protection of databases, and under any national implementation thereof,
 51 |   including any amended or successor version of such directive); and
 52 | 
 53 |   vii. other similar, equivalent or corresponding rights throughout the world
 54 |   based on applicable law or treaty, and any national implementations thereof.
 55 | 
 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of,
 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
 59 | and Related Rights and associated claims and causes of action, whether now
 60 | known or unknown (including existing as well as future claims and causes of
 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum
 62 | duration provided by applicable law or treaty (including future time
 63 | extensions), (iii) in any current or future medium and for any number of
 64 | copies, and (iv) for any purpose whatsoever, including without limitation
 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
 66 | the Waiver for the benefit of each member of the public at large and to the
 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver
 68 | shall not be subject to revocation, rescission, cancellation, termination, or
 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work
 70 | by the public as contemplated by Affirmer's express Statement of Purpose.
 71 | 
 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be
 73 | judged legally invalid or ineffective under applicable law, then the Waiver
 74 | shall be preserved to the maximum extent permitted taking into account
 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
 76 | is so judged Affirmer hereby grants to each affected person a royalty-free,
 77 | non transferable, non sublicensable, non exclusive, irrevocable and
 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in
 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration
 80 | provided by applicable law or treaty (including future time extensions), (iii)
 81 | in any current or future medium and for any number of copies, and (iv) for any
 82 | purpose whatsoever, including without limitation commercial, advertising or
 83 | promotional purposes (the "License"). The License shall be deemed effective as
 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the
 85 | License for any reason be judged legally invalid or ineffective under
 86 | applicable law, such partial invalidity or ineffectiveness shall not
 87 | invalidate the remainder of the License, and in such case Affirmer hereby
 88 | affirms that he or she will not (i) exercise any of his or her remaining
 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims
 90 | and causes of action with respect to the Work, in either case contrary to
 91 | Affirmer's express Statement of Purpose.
 92 | 
 93 | 4. Limitations and Disclaimers.
 94 | 
 95 |   a. No trademark or patent rights held by Affirmer are waived, abandoned,
 96 |   surrendered, licensed or otherwise affected by this document.
 97 | 
 98 |   b. Affirmer offers the Work as-is and makes no representations or warranties
 99 |   of any kind concerning the Work, express, implied, statutory or otherwise,
100 |   including without limitation warranties of title, merchantability, fitness
101 |   for a particular purpose, non infringement, or the absence of latent or
102 |   other defects, accuracy, or the present or absence of errors, whether or not
103 |   discoverable, all to the greatest extent permissible under applicable law.
104 | 
105 |   c. Affirmer disclaims responsibility for clearing rights of other persons
106 |   that may apply to the Work or any use thereof, including without limitation
107 |   any person's Copyright and Related Rights in the Work. Further, Affirmer
108 |   disclaims responsibility for obtaining any necessary consents, permissions
109 |   or other rights required for any use of the Work.
110 | 
111 |   d. Affirmer understands and acknowledges that Creative Commons is not a
112 |   party to this document and has no duty or obligation with respect to this
113 |   CC0 or use of the Work.
114 | 
115 | For more information, please see
116 | <http://creativecommons.org/publicdomain/zero/1.0/>
117 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Awesome Bug Bounty [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
  2 | A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters.
  3 | 
  4 | ## Table of Contents
  5 | - [Getting Started](#getting-started)
  6 | - [Write Ups & Authors](#write-ups--authors)
  7 | - [Platforms](#platforms)
  8 | - [Available Programs](#available-programs)
  9 | - [Contribution guide](contributing.md)
 10 | 
 11 | ### Getting Started
 12 | - [How to Become a Successful Bug Bounty Hunter](https://hackerone.com/blog/what-great-hackers-share)
 13 | - [Researcher Resources - How to become a Bug Bounty Hunter](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102)
 14 | - [Bug Bounties 101](https://whitton.io/articles/bug-bounties-101-getting-started/)
 15 | - [The life of a bug bounty hunter](http://www.alphr.com/features/378577/q-a-the-life-of-a-bug-bounty-hunter)
 16 | - [Awsome list of bugbounty cheatsheets](https://github.com/EdOverflow/bugbounty-cheatsheet)
 17 | - [Getting Started - Bug Bounty Hunter Methodology](https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology)
 18 | 
 19 | ### Write Ups & Authors
 20 | - [sakurity.com/blog](http://sakurity.com/blog)  -  by [Egor Homakov](https://twitter.com/homakov)
 21 | - [respectxss.blogspot.in](http://respectxss.blogspot.in/)  -  by [Ashar Javed](https://twitter.com/soaj1664ashar)
 22 | - [labs.detectify.com](http://labs.detectify.com/)  -  by [Frans Rosén](https://twitter.com/fransrosen)
 23 | - [cliffordtrigo.info](https://www.cliffordtrigo.info/)  -  by [Clifford Trigo](https://twitter.com/MrTrizaeron)
 24 | - [stephensclafani.com](http://stephensclafani.com/)  -  by [Stephen Sclafani](https://twitter.com/Stephen)
 25 | - [sasi2103.blogspot.co.il](http://sasi2103.blogspot.co.il/)  -  by [Sasi Levi](https://twitter.com/sasi2103)
 26 | - [pwnsecurity.net](http://www.pwnsecurity.net/)  -  by [Shashank](https://twitter.com/cyberboyIndia)
 27 | - [breaksec.com](https://www.breaksec.com/)  -  by [Nir Goldshlager](https://twitter.com/Nirgoldshlager)
 28 | - [pwndizzle.blogspot.in](http://pwndizzle.blogspot.in/)  -  by [Alex Davies](https://twitter.com/pwndizzle)
 29 | - [c0rni3sm.blogspot.in](http://c0rni3sm.blogspot.in/)  -  by [yappare](https://twitter.com/yappare)
 30 | - [exploit.co.il/blog](http://exploit.co.il/blog/)  -  by [Shai rod](https://twitter.com/NightRang3r)
 31 | - [ibreak.software](https://ibreak.software/)  -  by [Riyaz Ahemed Walikar](https://twitter.com/riyazwalikar)
 32 | - [panchocosil.blogspot.in](http://panchocosil.blogspot.in/)  -  by [Francisco Correa](https://twitter.com/@panchocosil)
 33 | - [breakingmesh.blogspot.in](http://breakingmesh.blogspot.in/)  -  by [Sahil Sehgal](https://twitter.com/xXSehgalXx)
 34 | - [websecresearch.com](http://www.websecresearch.com/)  -  by [ Ajay Singh Negi](https://twitter.com/ajaysinghnegi)
 35 | - [securitylearn.net](http://www.securitylearn.net/about/)  -  by [Satish Bommisetty](https://twitter.com/satishb3)
 36 | - [secinfinity.net](http://www.secinfinity.net/)  -  by Prakash Sharma
 37 | - [websecuritylog.com](http://www.websecuritylog.com/)  -  by [jitendra jaiswal](https://twitter.com/jeetjaiswal22)
 38 | - [medium.com/@ajdumanhug](https://medium.com/@ajdumanhug) - by [Allan Jay Dumanhug](https://www.twitter.com/ajdumanhug)
 39 | - [Web Hacking 101](https://leanpub.com/web-hacking-101) - by [Peter Yaworski](https://twitter.com/yaworsk)
 40 | 
 41 | 
 42 | ### Platforms
 43 | - [YesWeHack](https://yeswehack.com/)
 44 | - [intigriti](https://intigriti.com/)
 45 | - [HackerOne](https://hackerone.com/)
 46 | - [Bugcrowd](https://bugcrowd.com/)
 47 | - [Cobalt](https://cobalt.io/)
 48 | - [Bountysource](https://www.bountysource.com/)
 49 | - [Bounty Factory](https://bountyfactory.io/)
 50 | - [Coder Bounty](http://www.coderbounty.com/)
 51 | - [FreedomSponsors](https://freedomsponsors.org/)
 52 | - [FOSS Factory](http://www.fossfactory.org/)
 53 | - [Synack](https://www.synack.com/)
 54 | - [HackenProof](https://hackenproof.com/)
 55 | - [Detectify](https://cs.detectify.com/)
 56 | - [Bugbountyjp](https://bugbounty.jp/)
 57 | - [Safehats](https://safehats.com/)
 58 | - [BugbountyHQ](https://www.bugbountyhq.com/)
 59 | - [Hackerhive](https://hackerhive.io/)
 60 | - [Hacktrophy](https://hacktrophy.com/)
 61 | - [AntiHACK](https://www.antihack.me/)
 62 | - [CESPPA](https://www.cesppa.com/)
 63 | 
 64 | ### Available Programs
 65 | - [123Contact Form](http://www.123contactform.com/security-acknowledgements.htm)
 66 | - [99designs](https://hackerone.com/99designs)
 67 | - [Abacus](https://bugcrowd.com/abacus)
 68 | - [Acquia](mailto:security@acquia.com)
 69 | - [ActiveCampaign](mailto:security@activecampaign.com)
 70 | - [ActiveProspect](mailto:security@activeprospect.com)
 71 | - [Adobe](https://hackerone.com/adobe)
 72 | - [AeroFS](mailto:security@aerofs.com)
 73 | - [Airbitz](https://cobalt.io/airbitz)
 74 | - [Airbnb](https://hackerone.com/airbnb)
 75 | - [Algolia](https://hackerone.com/algolia)
 76 | - [Altervista](http://en.altervista.org/feedback.php?who=feedback)
 77 | - [Altroconsumo](https://go.intigriti.com/altroconsumo)
 78 | - [Amara](mailto:security@amara.org)
 79 | - [Amazon Web Services](mailto:aws-security@amazon.com)
 80 | - [Amazon.com](mailto:security@amazon.com)
 81 | - [ANCILE Solutions Inc.](https://bugcrowd.com/ancile)
 82 | - [Anghami](https://hackerone.com/anghami)
 83 | - [ANXBTC](https://cobalt.io/anxbtc)
 84 | - [Apache httpd](https://hackerone.com/ibb-apache)
 85 | - [Appcelerator](mailto:Infosec@appcelerator.com)
 86 | - [Apple](mailto:product-security@apple.com)
 87 | - [Apptentive](https://www.apptentive.com/contact)
 88 | - [Aptible](mailto:security@aptible.com)
 89 | - [Ardour](http://tracker.ardour.org/my_view_page.php)
 90 | - [Arkane](https://go.intigriti.com/arkanenetwork)
 91 | - [ARM mbed](mailto:whitehat@polarssl.org)
 92 | - [Asana](mailto:security@asana.com)
 93 | - [ASP4all](mailto:support@asp4all.nl)
 94 | - [AT&T](https://bugbounty.att.com/bugform.php)
 95 | - [Atlassian](https://securitysd.atlassian.net/servicedesk/customer/portal/2)
 96 | - [Attack-Secure](mailto:admin@attack-secure.com)
 97 | - [Authy](mailto:security@authy.com)
 98 | - [Automattic](https://hackerone.com/automattic)
 99 | - [Avast!](mailto:bugs@avast.com)
100 | - [Avira](mailto:vulnerabilities@avira.com)
101 | - [AwardWallet](https://cobalt.io/awardwallet)
102 | - [Badoo](https://corp.badoo.com/en/security/#send_bid)
103 | - [Barracuda](https://bugcrowd.com/barracuda)
104 | - [Base](https://go.intigriti.com/base)
105 | - [Basecamp](mailto:security@basecamp.com)
106 | - [Beanstalk](https://wildbit.wufoo.com/forms/wildbit-security-response)
107 | - [BillGuard](https://cobalt.io/billguard)
108 | - [Billys Billing](https://cobalt.io/billys-billing)
109 | - [Binary.com](https://hackerone.com/binary)
110 | - [Binary.com Cashier](https://hackerone.com/binary_cashier)
111 | - [BitBandit.eu](https://cobalt.io/bitbandit-eu)
112 | - [Bitcasa](mailto:security@bitcasa.com)
113 | - [BitCasino](https://cobalt.io/bitcasino)
114 | - [BitGo](https://cobalt.io/bitgo)
115 | - [BitHealth](https://cobalt.io/bithealth)
116 | - [BitHunt](https://hackerone.com/bithunt)
117 | - [BitMEX](https://cobalt.io/bitmex)
118 | - [Bitoasis](https://cobalt.io/bitoasis)
119 | - [Bitpagos](https://cobalt.io/bitpagos)
120 | - [Bitrated](https://cobalt.io/bitrated)
121 | - [Bitreserve](https://cobalt.io/bitreserve)
122 | - [Bitspark](https://cobalt.io/bitspark)
123 | - [Bitwage](https://cobalt.io/bitwage)
124 | - [BitWall](mailto:request@bitwall.io)
125 | - [BitYes](https://cobalt.io/bityes)
126 | - [BlackBerry](https://global.blackberry.com/secure/report-an-issue/en.html)
127 | - [Blackboard](mailto:learnsecurity@blackboard.com)
128 | - [Blackphone](https://bugcrowd.com/blackphone)
129 | - [Blesta](mailto:security@blesta.com)
130 | - [Block.io](https://hackerone.com/blockio)
131 | - [Block.io, Inc.](https://cobalt.io/block-io-inc)
132 | - [Blockchain.info](https://cobalt.io/blockchain-info)
133 | - [BlockScore](https://cobalt.io/blockscore)
134 | - [Bookfresh](https://hackerone.com/bookfresh)
135 | - [Box](mailto:security-reports@box.com)
136 | - [Braintree](mailto:security@braintreepayments.com)
137 | - [Brussels Airlines](https://go.intigriti.com/brusselsairlines)
138 | - [BTC_sx](https://cobalt.io/btc-sx)
139 | - [Buffer](mailto:security@bufferapp.com)
140 | - [BX.in.th](https://cobalt.io/bx-in-th)
141 | - [C2FO](https://hackerone.com/c2fo)
142 | - [Campaign Monitor](https://help.campaignmonitor.com/contact)
143 | - [CARD.com](https://bugcrowd.com/card)
144 | - [Catchafire](https://cobalt.io/catchafire)
145 | - [Caviar](https://hackerone.com/caviar)
146 | - [CCBill](mailto:bugrewards@ccbill.com)
147 | - [CERT/CC](https://hackerone.com/cert)
148 | - [Certly](https://hackerone.com/certly)
149 | - [ChainPay](https://cobalt.io/chainpay)
150 | - [ChangeTip](https://cobalt.io/changetip)
151 | - [Chargify](https://bugcrowd.com/chargify)
152 | - [Chromium Project](https://code.google.com/p/chromium/issues/entry?template=Security%20Bug)
153 | - [Circle](https://cobalt.io/circle)
154 | - [CircleCI](mailto:security@circleci.com)
155 | - [Cisco](http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html#roosfassv)
156 | - [ClickUp](https://clickup.com/bug-bounty)
157 | - [Clojars](mailto:contact@clojars.org)
158 | - [CloudFlare](https://hackerone.com/cloudflare)
159 | - [Cobalt](https://cobalt.io/cobalt)
160 | - [Code Climate](mailto:security@codeclimate.com)
161 | - [CodeIgniter](https://hackerone.com/codeigniter)
162 | - [CodePen](https://bugcrowd.com/codepen)
163 | - [Coin Republic](https://cobalt.io/coin-republic)
164 | - [Coin.Space](https://hackerone.com/coinspace)
165 | - [Coinage](https://cobalt.io/coinage)
166 | - [Coinbase](https://hackerone.com/coinbase)
167 | - [CoinDaddy](https://cobalt.io/coindaddy)
168 | - [Coinkite](mailto:feedback@coinkite.com?subject=%5BVulnerability%5D%20-%20)
169 | - [Coinport](https://cobalt.io/coinport)
170 | - [coins.ph](https://cobalt.io/coins-ph)
171 | - [Cointrader.net](https://cobalt.io/cointrader-net)
172 | - [Coinvoy](https://cobalt.io/coinvoy)
173 | - [Collishop](https://go.intigriti.com/collishop)
174 | - [Colruyt](https://go.intigriti.com/colruyt)
175 | - [Compose](mailto:security@compose.io)
176 | - [concrete5](https://hackerone.com/concrete5)
177 | - [Constant Contact](mailto:vulnerability@constantcontact.com)
178 | - [Counterparty](https://cobalt.io/counterparty)
179 | - [Coupa](mailto:security@coupa.com)
180 | - [Coursera](https://hackerone.com/coursera)
181 | - [cPanel](mailto:security@cpanel.net)
182 | - [cPaperless](mailto:support@cPaperless.com)
183 | - [Crix.io](https://cobalt.io/crixio)
184 | - [Cross Border Fines](https://go.intigriti.com/crossborderfines)
185 | - [CrowdShield](https://crowdshield.com/bug-bounty-list.php?bug_bounty_program=crowdshield)
186 | - [Cryptocat](https://github.com/cryptocat/cryptocat/issues)
187 | - [Cupcake](mailto:security@cupcake.io)
188 | - [CustomerInsight](mailto:admin@customerinsight.ca)
189 | - [Cylance](https://hackerone.com/cylance)
190 | - [Dato Capital](mailto:security%40datocapital.com)
191 | - [Detectify](mailto:disclosure@detectify.com)
192 | - [De Volkskrant](https://go.intigriti.com/devolkskrant)
193 | - [Delen Private Bank](https://go.intigriti.com/delen)
194 | - [DigitalOcean](mailto:security@digitalocean.com)
195 | - [DigitalSellz](https://hackerone.com/digitalsellz)
196 | - [Django](https://hackerone.com/django)
197 | - [Doorkeeper](mailto:info@doorkeeper.jp)
198 | - [DoSomething](https://cobalt.io/dosomething)
199 | - [DPD](mailto:security@dpd.zendesk.com)
200 | - [Dragon King](https://hackenproof.com/neverdie/dragon-king)
201 | - [Dreambaby](https://go.intigriti.com/dreamland)
202 | - [Dreamland](https://go.intigriti.com/dream)
203 | - [Dropbox](https://hackerone.com/dropbox)
204 | - [Dropbox Acquisitions](https://hackerone.com/dropbox-acquisitions)
205 | - [Drupal](https://www.drupal.org/node/101494)
206 | - [eBay](http://pages.ebay.com/securitycenter/Researchers.html)
207 | - [Eclipse](mailto:security@eclipse.org)
208 | - [eHealth Hub VZN KUL](https://go.intigriti.com/ehealthhubvznkul)
209 | - [EMC](mailto:security_alert@emc.com)
210 | - [Enano](mailto:security@enanocms.org)
211 | - [Engine Yard](mailto:security@engineyard.com)
212 | - [Envoy](https://hackerone.com/envoy)
213 | - [Eobot](https://cobalt.io/eobot)
214 | - [EthnoHub](mailto:security@ethnohub.com)
215 | - [Etsy](https://www.etsy.com/bounty)
216 | - [EVE](mailto:security@ccpgames.com)
217 | - [Event Espresso](http://eventespresso.com/report-a-security-vulnerability)
218 | - [Everitoken](https://hackenproof.com/everitoken/everitoken-blockchain)
219 | - [Evernote](mailto:security@evernote.com)
220 | - [EURid](https://go.intigriti.com/eurid)
221 | - [Expatistan](mailto:gerardo@expatistan.com)
222 | - [ExpressionEngine](https://hackerone.com/expressionengine)
223 | - [Ezbob](https://cobalt.io/ezbob)
224 | - [Facebook](https://www.facebook.com/whitehat)
225 | - [Faceless](https://hackerone.com/faceless)
226 | - [Factlink](https://hackerone.com/factlink)
227 | - [FanFootage](https://hackerone.com/fanfootage)
228 | - [FastSlots](https://cobalt.io/fastslots)
229 | - [Flash](https://hackerone.com/flash)
230 | - [Flood](mailto:support@flood.io)
231 | - [Flow Dock](mailto:security@flowdock.com)
232 | - [Flox](https://hackerone.com/flox)
233 | - [Fluxiom](mailto:security@fluxiom.com)
234 | - [Fog Creek](http://www.fogcreek.com/contact)
235 | - [FormAssembly](mailto:security@formassembly.com)
236 | - [Founder Bliss](https://cobalt.io/founder-bliss)
237 | - [Foursquare](mailto:security@foursquare.com)
238 | - [Freelancer](mailto:security-reporting@freelancer.com)
239 | - [Gallery](mailto:security@galleryproject.org)
240 | - [Gamma](mailto:security-alert@intergamma.nl)
241 | - [Gemfury](mailto:security@gemfury.com)
242 | - [General Motors](https://hackerone.com/gm)
243 | - [GhostMail](https://hackerone.com/gmguys)
244 | - [GitHub](https://bounty.github.com/submit-a-vulnerability.html)
245 | - [GitLab](https://hackerone.com/gitlab)
246 | - [GlassWire](https://hackerone.com/glasswire)
247 | - [Gliph](mailto:security@gli.ph)
248 | - [GlobaLeaks](https://hackerone.com/globaleaks)
249 | - [Google PRP](mailto:security-patches@google.com)
250 | - [Google VRP](https://www.google.com/about/appsecurity/reward-program/index.html)
251 | - [Grammarly](https://hackerone.com/grammarly)
252 | - [Gratipay](https://hackerone.com/gratipay)
253 | - [GreenAddress](https://cobalt.io/greenaddress)
254 | - [Greenhouse.io](https://hackerone.com/greenhouse)
255 | - [Grok Learning](mailto:security@groklearning.com)
256 | - [HackenProof](https://hackenproof.com/hacken/hackenproof)
257 | - [HackerOne](https://hackerone.com/security)
258 | - [Harmony](mailto:security@collectiveidea.com)
259 | - [Heroku](https://bugcrowd.com/heroku)
260 | - [Hex-Rays](mailto:bugbounty@hex-rays.com)
261 | - [Hive Wallet](https://cobalt.io/hive-wallet)
262 | - [Hootsuite](mailto:security@hootsuite.com)
263 | - [HTC](mailto:security@htc.com)
264 | - [Huawei](mailto:psirt@huawei.com)
265 | - [Hubdia](https://hackerone.com/hubdia)
266 | - [Humble Bundle](https://bugcrowd.com/humblebundle)
267 | - [IAM KU Leuven](https://go.intigriti.com/kuleuvenlogin)
268 | - [Ian Dunn](https://hackerone.com/iandunn-projects)
269 | - [IBM](https://www.ibm.com/scripts/contact/contact/us/en/security_vulnerabilities)
270 | - [ICEcoder](https://bugcrowd.com/icecoder)
271 | - [Iconfinder](mailto:support@iconfinder.com)
272 | - [Ifixit](mailto:security@ifixit.com)
273 | - [Imgur](https://hackerone.com/imgur)
274 | - [ImpressPages](https://cobalt.io/impresspages)
275 | - [Indeed](https://bugcrowd.com/indeed)
276 | - [Independent Reserve](https://cobalt.io/independent-reserve)
277 | - [Informatica](https://hackerone.com/informatica)
278 | - [IntegraXor](http://www.integraxor.com/support.html)
279 | - [Internetwache](mailto:security@internetwache.org)
280 | - [InVision](https://hackerone.com/invision)
281 | - [IRCCloud](https://hackerone.com/irccloud)
282 | - [itBit Exchange](https://hackerone.com/itbit)
283 | - [ITRP](mailto:security@itrp.com)
284 | - [itsme](https://go.intigriti.com/itsme)
285 | - [joola.io](https://hackerone.com/joola-io)
286 | - [Joomla](http://vel.joomla.org/submit-vel)
287 | - [JRuby](mailto:security@jruby.org)
288 | - [jsDelivr](https://hackerone.com/jsdelivr)
289 | - [Juniper](mailto:sirt@juniper.net)
290 | - [Kadira](https://hackerone.com/kadira)
291 | - [Kaneva](mailto:security@kaneva.com)
292 | - [Kayako](http://my.kayako.com/Tickets/Submit)
293 | - [Kenna](https://bugcrowd.com/riskio)
294 | - [Keybase](https://hackerone.com/keybase)
295 | - [Khan Academy](https://hackerone.com/khanacademy)
296 | - [SKB Kontur](https://kontur.ru/.well-known/security.txt)
297 | - [Kraken](mailto:bugbounty@kraken.com)
298 | - [Kinepolis](https://go.intigriti.com/kinepolis)
299 | - [Kuna](https://hackenproof.com/kuna/kuna-crypto-exchange)
300 | - [Lancor Income](https://cobalt.io/lancor-income)
301 | - [LastPass](mailto:security@lastpass.com)
302 | - [LaunchKey](mailto:security@launchkey.com)
303 | - [Lean Testing](https://hackerone.com/leantesting)
304 | - [Librato](mailto:security@librato.com)
305 | - [LibSass](https://hackerone.com/libsass)
306 | - [Liferay](mailto:security@liferay.com)
307 | - [Line](https://bugbounty.linecorp.com/en/)
308 | - [LinkedIn](mailto:security@linkedin.com)
309 | - [LiveEnsure](http://www.liveensure.com/contact.php)
310 | - [LocalBitcoins](https://cobalt.io/localbitcoins)
311 | - [Localize](https://hackerone.com/localize)
312 | - [Logentries](mailto:security@logentries.com)
313 | - [Lookout](mailto:security@lookout.com)
314 | - [Magento](mailto:security@magento.com)
315 | - [MAGIX](mailto:security@magix.net)
316 | - [Mahara](mailto:security@mahara.org)
317 | - [MaiCoin](https://cobalt.io/maicoin)
318 | - [Mail.Ru](https://hackerone.com/mailru)
319 | - [Mailbird](https://cobalt.io/mailbird)
320 | - [MailChimp](http://mailchimp.com/about/security-response/)
321 | - [ManageBGL](https://cobalt.io/managebgl)
322 | - [ManageWP](mailto:security@managewp.com)
323 | - [MapLogin](https://hackerone.com/maplogin)
324 | - [Marietje Schaake](https://go.intigriti.com/marietjeschaake)
325 | - [Marktplatts](https://hackerone.com/marktplaats)
326 | - [Mavenlink](https://hackerone.com/mavenlink)
327 | - [Maximum](https://hackerone.com/maximum)
328 | - [MCProHosting](https://bugcrowd.com/mcprohostings)
329 | - [MEGA](mailto:bugs@mega.co.nz)
330 | - [Mercury](https://cobalt.io/mercury)
331 | - [Meteor](https://hackerone.com/meteor)
332 | - [meXBT](https://cobalt.io/mexbt)
333 | - [Microsoft](mailto:secure@microsoft.com)
334 | - [Mimecast](mailto:disclosure@mimecast.com)
335 | - [Mobile Vikings](https://go.intigriti.com/mobilevikings)
336 | - [Mobile Vikings](https://hackerone.com/mobilevikings)
337 | - [Modus CSR](mailto:security@moduscsr.com)
338 | - [MoneyBird](mailto:security@moneybird.com)
339 | - [MoneyStream](https://hackerone.com/moneystream)
340 | - [Moodle](mailto:security@moodle.org)
341 | - [Motorola Solutions](mailto:security@motorolasolutions.com)
342 | - [Mozilla](https://www.mozilla.org/en-US/security/bug-bounty/)
343 | - [mynxt.info](https://cobalt.io/mynxt-info)
344 | - [NCSC](mailto:cert@ncsc.nl)
345 | - [Nearby Live](https://hackerone.com/nearby)
346 | - [Nest](mailto:security@nest.com)
347 | - [Netflix](mailto:security-report@netflix.com)
348 | - [Neverdie Smart Contract](https://hackenproof.com/neverdie/neverdie-smart-contract)
349 | - [Neverdie Web](https://hackenproof.com/neverdie/neverdie-web)
350 | - [Nexmo](https://cobalt.io/nexmo)
351 | - [Nexuzhealth](https://go.intigriti.com/nexushealth)
352 | - [Nexuzhealth Web PACS](https://go.intigriti.com/nexuzhealthwebpacs)
353 | - [Nginx](https://hackerone.com/ibb-nginx)
354 | - [Nitrous](mailto:security@nitrous.io)
355 | - [Nokia Networks](mailto:security-alert@nokia.com)
356 | - [NoPass](https://cobalt.io/nopass)
357 | - [NZRS](mailto:security@nzrs.net.nz)
358 | - [Offensive Security](mailto:security@offensive-security.com)
359 | - [ok.ru](https://hackerone.com/ok)
360 | - [OKCoin](https://cobalt.io/okcoin)
361 | - [OkCupid](https://hackerone.com/okcupid)
362 | - [Olark](mailto:security@olark.com)
363 | - [OneSpan Mobile](https://go.intigriti.com/vascomobileproducts)
364 | - [OneSpan Server Products](https://go.intigriti.com/vascoserver-sideproducts)
365 | - [Opal Cryptocurrency](https://cobalt.io/opal-cryptocurrency)
366 | - [Openfolio](https://hackerone.com/openfolio)
367 | - [OpenSSL](https://hackerone.com/ibb-openssl)
368 | - [OpenStack](https://security.openstack.org/#how-to-report-security-issues-to-openstack)
369 | - [OpenText](mailto:otst@opentext.com)
370 | - [Opera](https://bugs.opera.com/wizarddesktop)
371 | - [Optimizely](https://cobalt.io/optimizely)
372 | - [Oracle](mailto:secalert_us@oracle.com)
373 | - [ownCloud](https://hackerone.com/owncloud)
374 | - [PagerDuty](mailto:security@pagerduty.com)
375 | - [Panasonic Avionics](https://hackerone.com/panasonic-aero)
376 | - [Pantheon](https://bugcrowd.com/pantheon)
377 | - [Panzura](mailto:security@panzura.com)
378 | - [Paragon Initiative Enterprises](https://hackerone.com/paragonie)
379 | - [Paychoice](mailto:security@paychoice.com.au)
380 | - [PayMill](mailto:security@paymill.com)
381 | - [PayPal](mailto:https://www.paypal.com/bugbounty/register)
382 | - [Paytm](https://bugbounty.paytm.com)
383 | - [Perl](https://hackerone.com/ibb-perl)
384 | - [Phabricator](https://hackerone.com/phabricator)
385 | - [PHP](https://bugs.php.net/report.php)
386 | - [Pidgin](mailto:security@pidgin.im)
387 | - [PikaPay](mailto:security@pikapay.com)
388 | - [PinoyHackNews](mailto:admin@pinoyhacknews.com)
389 | - [Pinterest](https://bugcrowd.com/pinterest)
390 | - [Piwik Open Source Analytics](https://cobalt.io/piwik-open-source-analytics)
391 | - [Plone](mailto:security@plone.org)
392 | - [Pocket](mailto:security@getpocket.com)
393 | - [Poloniex](https://cobalt.io/poloniex)
394 | - [Postmark](https://wildbit.wufoo.com/forms/wildbit-security-response)
395 | - [Prezi](mailto:security-bug-bounty@prezi.com)
396 | - [Projectplace](https://hackerone.com/projectplace)
397 | - [PullReview](mailto:security@pullreview.com)
398 | - [Puppet labs](mailto:security@puppetlabs.com)
399 | - [PureVPN](https://bugcrowd.com/purevpn)
400 | - [Python](mailto:security@python.org)
401 | - [QIWI](https://hackerone.com/qiwi)
402 | - [Quadriga CX](https://cobalt.io/quadriga-cx)
403 | - [QuickBT](https://cobalt.io/quickbt)
404 | - [Quora](https://hackerone.com/quora)
405 | - [Rackspace](mailto:security@rackspace.com)
406 | - [Rdbhost_service](https://cobalt.io/rdbhost-service)
407 | - [Red Hat](mailto:site-security@redhat.com)
408 | - [Reddit](mailto:security@reddit.com)
409 | - [Relaso](mailto:security@relaso.com)
410 | - [RelateIQ](mailto:security@relateiq.com)
411 | - [Release Wire](http://www.releasewire.com/about/contact)
412 | - [Respondly](https://hackerone.com/respondly)
413 | - [Revive Adserver](https://hackerone.com/revive_adserver)
414 | - [Ribose](https://www.ribose.com/feedbacks/security)
415 | - [Ripio](https://cobalt.io/ripio)
416 | - [Ripple](mailto:bugs@ripple.com)
417 | - [Riskalyze](mailto:security@riskalyze.com)
418 | - [Romit](https://hackerone.com/romit)
419 | - [Ruby](mailto:security@ruby-lang.org)
420 | - [Ruby on Rails](https://hackerone.com/rails)
421 | - [Salesforce](mailto:security@salesforce.com)
422 | - [Samsung TV](https://samsungtvbounty.com/ReportBug.aspx)
423 | - [Sandbox Escape](https://hackerone.com/sandbox)
424 | - [SAP](mailto:secure@sap.com)
425 | - [Schuberg Philis](mailto:abuse@schubergphilis.com)
426 | - [Scorpion Software](mailto:security@scorpionsoft.com)
427 | - [Secret](https://hackerone.com/secret)
428 | - [Secure Works](mailto:security@secureworks.com)
429 | - [Sellfy](http://docs.sellfy.com/contact)
430 | - [Sentiance](https://go.intigriti.com/sentiance)
431 | - [ServiceRocket](https://bugcrowd.com/servicerocket)
432 | - [ShareLaTeX](mailto:team@sharelatex.com)
433 | - [Sherpany](https://cobalt.io/sherpany)
434 | - [Shopify](https://hackerone.com/shopify)
435 | - [Sifter](mailto:security@sifterapp.com?subject=%27Security%20Vulnerability%20Report%27)
436 | - [Silent Circle](https://bugcrowd.com/silentcircle)
437 | - [Simple](https://bugcrowd.com/simple)
438 | - [SiteGround](mailto:responsible-disclosure@siteground.com)
439 | - [Skoodat](mailto:security@skoodat.com)
440 | - [Skrill](https://cobalt.io/skrill)
441 | - [Skyscanner](https://bugcrowd.com/skyscanner)
442 | - [Slack](https://hackerone.com/slack)
443 | - [Snapchat](https://hackerone.com/snapchat)
444 | - [Snappy](mailto:security@userscape.com)
445 | - [Sonatype](mailto:security@sonatype.com)
446 | - [Sony](https://secure.sony.net/form)
447 | - [SoundCloud](https://scsecurity.freshdesk.com/support/tickets/new)
448 | - [Spaargids](https://go.intigriti.com/spaargids)
449 | - [SpectroCoin](https://cobalt.io/spectrocoin)
450 | - [Spendbitcoins](https://cobalt.io/spendbitcoins)
451 | - [SplashID](https://bugcrowd.com/splashid)
452 | - [Splitwise](mailto:security@splitwise.com)
453 | - [Spotify](mailto:security@spotify.com)
454 | - [Sprout Social](mailto:security@sproutsocial.com)
455 | - [Square](https://hackerone.com/square)
456 | - [Square Open Source](https://hackerone.com/square-open-source)
457 | - [StatusPage](https://bugcrowd.com/sunrise)
458 | - [StopTheHacker](https://hackerone.com/stopthehacker)
459 | - [Student Assessment System](https://go.intigriti.com/printscan)
460 | - [Studio 100](https://go.intigriti.com/studio100)
461 | - [Subledger](https://cobalt.io/subledger)
462 | - [Subrosa](https://cobalt.io/subrosa)
463 | - [Sucuri](https://hackerone.com/sucuri)
464 | - [Suivo](https://go.intigriti.com/suivoweb)
465 | - [Symantec](mailto:secure@symantec.com)
466 | - [Taptalk](https://hackerone.com/taptalk)
467 | - [Tarsnap](mailto:cperciva@tarsnap.com)
468 | - [TeamUnify](mailto:security@teamunify.com)
469 | - [Tele2](mailto:beveiligingsmeldpunt@tele2.com)
470 | - [Telekom](mailto:cert@telekom.de?subject=bug_bounty)
471 | - [Telenet](https://go.intigriti.com/telenet)
472 | - [Test-Aankoop](https://go.intigriti.com/testaankoop)
473 | - [The Internet](https://hackerone.com/internet)
474 | - [The Mastercoin Foundation](https://cobalt.io/the-mastercoin-foundation)
475 | - [ThisData](https://hackerone.com/thisdata)
476 | - [TimeTrex](https://cobalt.io/timetrex)
477 | - [ToyTalk](https://hackerone.com/toytalk)
478 | - [Trello](https://hackerone.com/trello)
479 | - [Tuenti](http://corporate.tuenti.com/en/contact/security)
480 | - [Tweakers](https://go.intigriti.com/tweakers)
481 | - [Twilio](https://bugcrowd.com/twilio)
482 | - [Twitch](mailto:security@twitch.tv)
483 | - [Twitter](https://hackerone.com/twitter)
484 | - [Uber](mailto:security-abuse@uber.com)
485 | - [Ubiquiti Networks](https://hackerone.com/ubnt)
486 | - [Unitag](mailto:security@unitag.io)
487 | - [Urban Dictionary](https://hackerone.com/urbandictionary)
488 | - [Uzbey](https://hackerone.com/uzbey)
489 | - [Valve Software](mailto:security@valvesoftware.com)
490 | - [VeChainThor](https://hackenproof.com/vechain/vechainthor)
491 | - [VeChainThor Wallet](https://hackenproof.com/vechain/vechainthor-wallet)
492 | - [VCE](mailto:security-alerts@vce.com)
493 | - [Venmo](mailto:security@venmo.com)
494 | - [Version Cake](https://hackerone.com/versioncake)
495 | - [Viadeo](mailto:security@viadeo.com)
496 | - [Vimeo](https://hackerone.com/vimeo)
497 | - [VK.com](https://hackerone.com/vkcom)
498 | - [Volusion](https://bugcrowd.com/volusion)
499 | - [VPNSox](https://cobalt.io/vpnsox)
500 | - [vulners.com](https://hackerone.com/vulnerscom)
501 | - [Vultr](https://www.vultr.com/bug-bounty/)
502 | - [Webconverger](mailto:security@webconverger.com)
503 | - [Websecurify](http://campaigns.websecurify.com/money-for-bugs/#contact)
504 | - [Weebly](https://cobalt.io/weebly)
505 | - [WePay](https://hackerone.com/wepay)
506 | - [Whisper](https://hackerone.com/whisper)
507 | - [WHMCS](https://bugcrowd.com/whmcs)
508 | - [Windthorst ISD](http://www.windthorstisd.net/BugReport.cfm)
509 | - [withinsecurity](https://hackerone.com/withinsecurity)
510 | - [WizeHive](mailto:security@wizehive.com)
511 | - [Woorank](https://go.intigriti.com/woorank)
512 | - [WordPoints](https://hackerone.com/wordpoints)
513 | - [Wordware](https://cobalt.io/wordware)
514 | - [WP API](https://hackerone.com/wp-api)
515 | - [Xen Project](mailto:security@xenproject.org)
516 | - [Xmarks](mailto:security@lastpass.com)
517 | - [Yahoo](https://hackerone.com/yahoo)
518 | - [Yandex](https://yandex.com/bugbounty/report)
519 | - [Yanomo](mailto:support@yanomo.com)
520 | - [Yesware](mailto:security@yesware.com)
521 | - [Zapier](mailto:security@zapier.com)
522 | - [Zaption](https://hackerone.com/zaption)
523 | - [ZenCash](mailto:security@zencash.com)
524 | - [Zendesk](https://hackerone.com/zendesk)
525 | - [Zetetic](mailto:support@zetetic.net)
526 | - [Ziggo](mailto:security@ziggo.nl)
527 | - [Zimbra](mailto:security@zimbra.com)
528 | - [Zoho](https://bugbounty.zoho.com/bb/info) 
529 | - [Zomato](https://hackerone.com/zomato)
530 | - [Zopim](https://hackerone.com/zopim)
531 | - [Zynga](mailto:whitehat@zynga.com)
532 | 
533 | ## Aggregators
534 | 
535 | - [BountyHQ](https://bountyhq.secapps.com/)
536 | 
537 | ## License
538 | 
539 | [![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)
540 | 
541 | To the extent possible under law, [Dheeraj Joshi](https://github.com/djadmin) has waived all copyright and related or neighboring rights to this work.
542 | 


--------------------------------------------------------------------------------
/code-of-conduct.md:
--------------------------------------------------------------------------------
 1 | # Contributor Code of Conduct
 2 | 
 3 | As contributors and maintainers of this project, and in the interest of
 4 | fostering an open and welcoming community, we pledge to respect all people who
 5 | contribute through reporting issues, posting feature requests, updating
 6 | documentation, submitting pull requests or patches, and other activities.
 7 | 
 8 | We are committed to making participation in this project a harassment-free
 9 | experience for everyone, regardless of level of experience, gender, gender
10 | identity and expression, sexual orientation, disability, personal appearance,
11 | body size, race, ethnicity, age, religion, or nationality.
12 | 
13 | Examples of unacceptable behavior by participants include:
14 | 
15 | * The use of sexualized language or imagery
16 | * Personal attacks
17 | * Trolling or insulting/derogatory comments
18 | * Public or private harassment
19 | * Publishing other's private information, such as physical or electronic
20 |   addresses, without explicit permission
21 | * Other unethical or unprofessional conduct
22 | 
23 | Project maintainers have the right and responsibility to remove, edit, or
24 | reject comments, commits, code, wiki edits, issues, and other contributions
25 | that are not aligned to this Code of Conduct, or to ban temporarily or
26 | permanently any contributor for other behaviors that they deem inappropriate,
27 | threatening, offensive, or harmful.
28 | 
29 | By adopting this Code of Conduct, project maintainers commit themselves to
30 | fairly and consistently applying these principles to every aspect of managing
31 | this project. Project maintainers who do not follow or enforce the Code of
32 | Conduct may be permanently removed from the project team.
33 | 
34 | This Code of Conduct applies both within project spaces and in public spaces
35 | when an individual is representing the project or its community.
36 | 
37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
38 | reported by contacting a project maintainer at dheerajjoshi1991@gmail.com. All
39 | complaints will be reviewed and investigated and will result in a response that
40 | is deemed necessary and appropriate to the circumstances. Maintainers are
41 | obligated to maintain confidentiality with regard to the reporter of an
42 | incident.
43 | 
44 | 
45 | This Code of Conduct is adapted from the [Contributor Covenant][homepage],
46 | version 1.3.0, available at
47 | [http://contributor-covenant.org/version/1/3/0/][version]
48 | 
49 | [homepage]: http://contributor-covenant.org
50 | [version]: http://contributor-covenant.org/version/1/3/0/
51 | 


--------------------------------------------------------------------------------
/contributing.md:
--------------------------------------------------------------------------------
 1 | # Contribution Guidelines
 2 | 
 3 | Please note that this project is released with a [Contributor Code of Conduct](code-of-conduct.md). By participating in this project you agree to abide by its terms.
 4 | 
 5 | -
 6 | 
 7 | Ensure your pull request adheres to the following guidelines:
 8 | 
 9 | - Search previous suggestions before making a new one, as yours may be a duplicate.
10 | - Suggested programs should be available and not outdated.
11 | - Make an individual pull request for each suggestion.
12 | - Use the following format: `[program](link) - Description.`
13 | - Additions should be added to the bottom of the relevant category.
14 | - New categories, or improvements to the existing categorization are welcome.
15 | - Link to the disclosure programs, not main website.
16 | - Keep descriptions short and simple, but descriptive.
17 | - Don't mention `hackerone/bugcrowd` in the description as it's implied.
18 | - Start the description with a capital and end with a full stop/period.
19 | - Check your spelling and grammar.
20 | - Make sure your text editor is set to remove trailing whitespace.
21 | - The pull request should have a useful title and include a link to the package and why it should be included.
22 | 
23 | Thank you for your suggestion!
24 | 
25 | ### Updating your PR
26 | 
27 | A lot of times, making a PR adhere to the standards above can be difficult. If the maintainers notice anything that we'd like changed, we'll ask you to edit your PR before we merge it. If you're not sure how to do that, [here is a guide](https://github.com/RichardLitt/knowledge/blob/master/github/amending-a-commit-guide.md) on the different ways you can update your PR so that we can merge it.
28 | 


--------------------------------------------------------------------------------