Asset inventory of over 800 public bug bounty programs.
The data we collect here includes DNS and Web Server data of public bug bounty programs.
Our aim with this project is to:
The setup consists of two workflows
This workflow streamlines the consolidation of bug bounty program data from various sources, ensuring a comprehensive and organized view. Let's break it down:
Data collection: The workflow fetches data from two important sources:
Data transformation: The collected data undergoes transformation using Python scripts. The scripts convert the data into a specific format, ensuring consistency and ease of analysis. You can find the detailed data format in the targets.json file.
Program merging: To avoid duplication, the workflow merges programs with the same URL together. This consolidation eliminates redundancies and presents a unified view of bug bounty programs.
Community program inclusion: The workflow incorporates an additional set of programs from the community.json file. These programs are merged with the existing dataset, enhancing its coverage and diversity.
Final output: The workflow generates a final consolidated JSON file, targets.json, which encompasses all the merged bug bounty program data. This file serves as a valuable resource for bug bounty researchers, providing a centralized and comprehensive view of programs.
Note: The screenshot above provides a visual representation of the workflow.
Gathering the tagets: Get the list of domains from targets.json, and extract program names.
Making workflow run in parallel: Extracted program names are connected file-splitter
node to make the whole workflow distributed per program
hostnames.txt
per programNote: As described, almost everything in this repository is generated automatically. We carefully designed the workflows (and continue to develop them) to ensure the results are as accurate as possible.
All contributions/ideas/suggestions are welcome! If you want to add/edit a target/workflow, feel free to send us a PR with new targets through community.json, tweet at us @trick3st, or join the conversation on Discord.
We believe in the value of tinkering. Sign up for a demo on trickest.com to customize this workflow to your use case, get access to many more workflows, or build your own from scratch!