# Bug Bounty Finder - HackerOne + Bugcrowd + security.txt (`anshumanatrey/bug-bounty-finder`) Actor Find every public bug bounty / responsible disclosure program for a target. Aggregates HackerOne directory + Bugcrowd engagements + target /.well-known/security.txt. Daily-use lookup for bug bounty hunters โ€” know if a target has a program before hunting. - **URL**: https://apify.com/anshumanatrey/bug-bounty-finder.md - **Developed by:** [Anshuman Atrey](https://apify.com/anshumanatrey) (community) - **Categories:** Developer tools, Automation - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing $5.00 / 1,000 bounty records This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## Bug Bounty Finder ๐Ÿ“ฆ **Open source ยท MIT:** [github.com/AnshumanAtrey/bug-bounty-finder](https://github.com/AnshumanAtrey/bug-bounty-finder) Find every public bug bounty / responsible disclosure program for a company or domain. Pulls in real time from: - **HackerOne** โ€” public directory of 1000+ programs - **Bugcrowd** โ€” public engagements API - **security.txt** โ€” RFC 9116 standard at `/.well-known/security.txt` Built for bug bounty hunters, pen testers, and security researchers who need to know "does this target have a program I can report to?" โ€” fast. ### Quick start ```json { "query": "shopify" } ```` Returns 5+ records: matching HackerOne program (with min bounty + resolved-report count), Bugcrowd match if any, and the parsed `security.txt` from `shopify.com`. ### Output structure Each record has a `recordType` discriminator: | recordType | Fields | When | |---|---|---| | `program` | `platform`, `programName`, `url`, `minBounty`, `maxBounty`, `currency`, `offersBounties`, `resolvedReports`, `policySnippet`, `engagementType`, `industry` | One per matched program (HackerOne or Bugcrowd) | | `securityTxt` | `domain`, `contact`, `policy`, `encryption`, `hiring`, `acknowledgments`, `canonical`, `expires`, `raw` (first 2KB) | Per domain where security.txt was found | | `summary` | `programsFound`, `securityTxtFound`, `programsByPlatform`, `duration` | Always last record | Filter by `recordType=program` in the Apify Console table view to see only paid bounty programs. ### Example with extras ```json { "query": "github", "sources": ["hackerone", "bugcrowd", "security_txt"], "additionalDomains": ["github.com", "github.io", "githubusercontent.com"], "limit": 50 } ``` This searches HackerOne + Bugcrowd for "github" AND fetches security.txt from all three github-owned domains. ### Pricing $0.005 per record. A typical scan returns 3-10 records = $0.015-$0.050 per query. Cheaper than the gas it took to drive to HackerOne in your head. ### Use cases - **Bug bounty hunters** โ€” quickly check if a new target has a program before spending hours hunting - **Pen testers** โ€” find responsible disclosure contacts when finding accidental vulns during engagements - **Security teams** โ€” audit your own brand's program presence across platforms - **Researchers** โ€” investigate disclosure norms across industries ### Notes - HackerOne returns up to 6 results per query (their pagination limit) - Bugcrowd search is fuzzy โ€” we filter client-side to only return matches containing the query - security.txt is tried at both `/.well-known/security.txt` and `/security.txt` per RFC 9116 - No API keys required for any source ### FAQ #### Why does HackerOne return at most 6 results per query? That's HackerOne's own search pagination limit on the public directory โ€” not a limitation we add. To get more, refine your query (e.g., `shopify` vs `shop`), or split the query into multiple searches with different keywords. #### Is the `security.txt` data trustworthy? Yes โ€” it's served by the target organization itself per RFC 9116. The actor parses but does not validate the contents (e.g., we don't verify the `Contact:` email is monitored). Treat security.txt as the company's official position. #### Can I monitor a brand for new programs over time? Yes โ€” schedule this actor to run weekly via Apify Schedules, send the dataset to a webhook, and diff the records. New programs appearing means new disclosure surface. #### What about private / invite-only programs? This actor only queries public directories. Private programs (Synack, invite-only HackerOne, internal disclosure) are by definition not discoverable from outside โ€” those require an existing invitation. #### Can I filter results by bounty range? Yes โ€” once data lands in the dataset, filter by `minBounty` / `maxBounty` in the Apify Console table view, or query the dataset via the API with a filter expression. ### Pairs nicely with Bundle for full bounty-hunting recon: - **[theHarvester](https://apify.com/anshumanatrey/theharvester-osint)** โ€” Discover subdomains, then check each for bounty program coverage - **[nmap](https://apify.com/anshumanatrey/nmap-scanner)** โ€” Find open services on in-scope targets - **[NetIntel](https://apify.com/anshumanatrey/netintel)** โ€” Enrich each program's domain with WHOIS, DNS, SSL, GeoIP intel - **[Holehe Email OSINT](https://apify.com/anshumanatrey/holehe-email-osint)** โ€” Confirm the security contact email is real and check what platforms it's registered on - **[Social Analyzer](https://apify.com/anshumanatrey/social-analyzer)** โ€” Find a target company's security-team usernames across platforms - **[Zomato Restaurant Scraper](https://apify.com/anshumanatrey/zomato-restaurant-scraper)** โ€” Restaurant lead lists (separate B2B use case) ### Credits Public data from [HackerOne](https://hackerone.com), [Bugcrowd](https://bugcrowd.com), and target operators' own [security.txt](https://securitytxt.org) files. # Actor input Schema ## `query` (type: `string`): Company name or domain to search. Examples: 'shopify', 'shopify.com', 'github', 'tesla.com'. The actor searches HackerOne + Bugcrowd by the query AND fetches /.well-known/security.txt from the domain (if it looks like one). ## `sources` (type: `array`): Pick which sources to query. Default = all enabled. Each source is independent. ## `additionalDomains` (type: `array`): Extra domains to fetch security.txt from (e.g., subsidiaries, brand variants). Example: \['github.com', 'github.io', 'githubusercontent.com']. ## `limit` (type: `integer`): Cap results from HackerOne / Bugcrowd to this number (most queries return < 10). ## `timeout` (type: `integer`): HTTP timeout per source. ## Actor input object example ```json { "query": "shopify", "sources": [ "hackerone", "bugcrowd", "security_txt" ], "limit": 25, "timeout": 30 } ``` # Actor output Schema ## `programs` (type: `string`): Each record is one of: recordType=program (matched program on HackerOne/Bugcrowd with reward range, scope policy, resolved-report count), recordType=securityTxt (parsed security.txt with contact/policy/encryption URLs), or recordType=summary (final aggregate). # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "query": "shopify", "sources": [ "hackerone", "bugcrowd", "security_txt" ] }; // Run the Actor and wait for it to finish const run = await client.actor("anshumanatrey/bug-bounty-finder").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "query": "shopify", "sources": [ "hackerone", "bugcrowd", "security_txt", ], } # Run the Actor and wait for it to finish run = client.actor("anshumanatrey/bug-bounty-finder").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "query": "shopify", "sources": [ "hackerone", "bugcrowd", "security_txt" ] }' | apify call anshumanatrey/bug-bounty-finder --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=anshumanatrey/bug-bounty-finder", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "Bug Bounty Finder - HackerOne + Bugcrowd + security.txt", "description": "Find every public bug bounty / responsible disclosure program for a target. Aggregates HackerOne directory + Bugcrowd engagements + target /.well-known/security.txt. Daily-use lookup for bug bounty hunters โ€” know if a target has a program before hunting.", "version": "1.0", "x-build-id": "ro6bnh7y6k9fAs0eb" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/anshumanatrey~bug-bounty-finder/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-anshumanatrey-bug-bounty-finder", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/anshumanatrey~bug-bounty-finder/runs": { "post": { "operationId": "runs-sync-anshumanatrey-bug-bounty-finder", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/anshumanatrey~bug-bounty-finder/run-sync": { "post": { "operationId": "run-sync-anshumanatrey-bug-bounty-finder", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "query" ], "properties": { "query": { "title": "Company / Domain", "type": "string", "description": "Company name or domain to search. Examples: 'shopify', 'shopify.com', 'github', 'tesla.com'. The actor searches HackerOne + Bugcrowd by the query AND fetches /.well-known/security.txt from the domain (if it looks like one)." }, "sources": { "title": "Sources to query", "minItems": 1, "uniqueItems": true, "type": "array", "description": "Pick which sources to query. Default = all enabled. Each source is independent.", "items": { "type": "string", "enum": [ "hackerone", "bugcrowd", "security_txt" ], "enumTitles": [ "HackerOne directory", "Bugcrowd engagements", "Target /.well-known/security.txt" ] }, "default": [ "hackerone", "bugcrowd", "security_txt" ] }, "additionalDomains": { "title": "Additional domains for security.txt", "type": "array", "description": "Extra domains to fetch security.txt from (e.g., subsidiaries, brand variants). Example: ['github.com', 'github.io', 'githubusercontent.com'].", "items": { "type": "string" } }, "limit": { "title": "Max programs per source", "minimum": 1, "maximum": 100, "type": "integer", "description": "Cap results from HackerOne / Bugcrowd to this number (most queries return < 10).", "default": 25 }, "timeout": { "title": "Request timeout (seconds)", "minimum": 5, "maximum": 120, "type": "integer", "description": "HTTP timeout per source.", "default": 30 } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```