Bug Bounty Recon

README.

Bug Bounty Recon (bbrecon) is a Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets.

It comes with an ergonomic CLI and Python library.

FEATURES (WIP).

Programs

Public bug bounty programs indexed and searchable with filters.

Endpoints

Continuous discovery of targets in scope for all programs.

Notifications

Monitor programs and get a webhook callback as soon as a new endpoint appears.

Private Programs

Support for private programs. POST your scope, get your results and configure notifications.

Highlights

Endpoints are tagged based on interesting properties, like tech stack or directory listings.

Dumps

Time series data dumps are available for researchers with more bespoke needs.

HACKER-FRIENDLY.

$ bbrecon get programs --type web --since last-month
SLUG PLATFORM CREATED REWARDS AVG.BOUNTY TYPES cybrary bugcrowd 2020-07-22 fame $250 android,ios,web expressvpn bugcrowd 2020-07-14 cash,fame £1047 android,ios,web prestashop yeswehack 2020-07-23 cash $400 web
...

$ bbrecon get endpoints --since last-week \
                        --program uber \
                        --output json
[{
  "uri": "https://skynet-east.uber.com",
  "type": "web",
  "title": "Skynet",
  "server": "Apache/2.4.29 (Ubuntu)",
  "firstSeen": "2020-07-14T18:25:43Z",
...
}, ...]

$ bbrecon create alert --program transferwise \
--webhook https://my.slack.webhook/
Configured webhook for TransferWise: https://my.slack.webhook/
You'll receive alerts when new endpoints appear.

$ http GET \
"api.bugbountyrecon.com/v0/endpoints?program_slug=uber" \
X-API-KEY:$API_KEY | jq
[{
  "uri": "https://skynet-east.uber.com",
  "type": "web",
  "title": "Skynet",
  "server": "Apache/2.4.29 (Ubuntu)",
  "firstSeen": "2020-07-14T18:25:43Z",
...
}, ...]

$ python3

>>> from bbrecon import bbrecon

>>> bb = bbrecon("API_KEY")

>>> program = bb.program("uber")

>>> for endpoint in program.endpoints():
... print(f"{endpoint.uri} {endpoint.server}")
https://skynet-east.uber.com Apache/2.4.29 (Ubuntu)
...

IMPORTANT NOTICE.

While effort is taken to ensure the results returned by bbrecon are reliable and trustworthy, this service and its operators are in no way responsible for what you do with the data provided.

Double-check your scopes and ensure you stay within safe harbors.

STATUS.

bbrecon is in a gradual Beta release phase; major features are released every few weeks to get feedback and fix kinks. You can sign up and start using it, but be aware that breaking changes may be deployed without notice. While the service and infrastructure is designed to scale, it is not currently configured to serve a large global audience. This will change, but for now YMMV.

ROADMAP.

The programs API is live, allowing you to query an up-to-date list of public bug bounty programs and their properties.
The domains API is live, allowing you to query an up-to-date list of bug bounty domains.
Support for private programs will go live in September 2020.
The notifications API will go live in September 2020, allowing you to receive alerts whenever a program has been added or updated, or when new domains in scope appear.
The endpoints API will go live in October 2020, allowing you to query, and receive notifications for, all bug bounty endpoints.

GET STARTED.

Head over to the GitHub repo and follow the instructions to get an API key and install bbrecon.

HELP.

Please report bugs (pun intended) on the GitHub issues page.

For support or questions about service availability, please use the Gitter chat.