The project provides a DNS dataset to assist cybersecurity professionals with efficient reconnaissance and vulnerability assessments. This project aims to be a central repository containing a list of server domains registered in bug bounty and vulnerability disclosure programs. Bug bounty programs and vulnerability disclosure programs are schemes that allow security researchers or ethical hackers to report security vulnerabilities in systems or applications owned by a company or organization. In these schemes, companies often provide rewards for researchers who find exploitable security holes.
- Centralized Resource: This project provides a centralized database that combines domains from various companies and organizations that run bug bounty or vulnerability disclosure programs. With this repository, security researchers can more easily access and understand the targets available under the scope of legal and legitimate programs.
- Increased Security Awareness: Providing this information will help organizations raise awareness about the importance of cybersecurity, as well as provide an opportunity for them to actively engage the security community to protect their systems.
- Community Collaboration: The project is open-source, which means anyone can contribute by updating the domain list or providing new insights into the various bug bounty and vulnerability disclosure programs. This way, the global security community can work together to expand the scope of the program and ensure better security.
- Curated Domain List: This repository contains a list of domains that have been verified to be under the scope of a bug bounty or vulnerability disclosure program. This information includes details about the relevant programs, including the rewards offered, the types of vulnerabilities sought, and the platforms or tools used to report those vulnerabilities (e.g., HackerOne, Bugcrowd, Synack, and other platforms).
- Categories by Industry: The domain list will be classified by industry (e.g. technology, finance, healthcare, etc.), so that researchers can more easily find targets that match their expertise or interests.
- Scope Information: Each registered domain will include details of the allowed scope, including limitations on vulnerability exploitation and areas specifically excluded from scope.
- Regular Updates: This repository will be updated regularly by the community, so that the information remains relevant and up-to-date with changes in bug bounty or disclosure programs.
- A Guide for Security Researchers: In addition to the domain list, the repository will also provide a step-by-step guide for researchers looking to get involved in bug bounty programs, from how to get started, to recommended tools, to tips and tricks for success in finding and reporting vulnerabilities.
In this increasingly complex digital era, cybersecurity has become one of the top priorities for organizations around the world. Many companies large and small are realizing that bug bounty and vulnerability disclosure programs can be an effective solution in protecting their digital assets. However, often, the lack of a centralized resource makes it difficult for security researchers to find these programs.
This project aims to bridge that gap by providing a centralized and easily accessible repository. By supporting open and transparent collaboration, the project will help create a better security ecosystem, where companies and researchers can work together to reduce security risks globally.