{"id":14637870,"url":"https://github.com/gerosecurity/gerobug","last_synced_at":"2026-02-05T20:14:06.415Z","repository":{"id":98465161,"uuid":"587852370","full_name":"gerosecurity/gerobug","owner":"gerosecurity","description":"The First Open Source Bug Bounty Platform","archived":false,"fork":false,"pushed_at":"2026-01-12T20:37:32.000Z","size":12088,"stargazers_count":96,"open_issues_count":0,"forks_count":20,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-13T01:28:32.649Z","etag":null,"topics":["bounty-hunting","bug-bounty","bug-bounty-platform","bugbounty","bugbounty-platform","bugbounty-tool","cybersecurity","infosec","vdp","vulnerability-disclosure"],"latest_commit_sha":null,"homepage":"https://gerobug.gerosecurity.com","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gerosecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":".github/CLA.md"}},"created_at":"2023-01-11T18:33:33.000Z","updated_at":"2026-01-12T20:37:35.000Z","dependencies_parsed_at":"2023-10-02T17:34:19.943Z","dependency_job_id":"86f32c1a-1676-4db2-91ac-607f87b4a8fe","html_url":"https://github.com/gerosecurity/gerobug","commit_stats":null,"previous_names":["gerobug/gerobug"],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/gerosecurity/gerobug","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gerosecurity%2Fgerobug","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gerosecurity%2Fgerobug/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gerosecurity%2Fgerobug/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gerosecurity%2Fgerobug/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gerosecurity","download_url":"https://codeload.github.com/gerosecurity/gerobug/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gerosecurity%2Fgerobug/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29133252,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T19:36:52.185Z","status":"ssl_error","status_checked_at":"2026-02-05T19:35:40.941Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bounty-hunting","bug-bounty","bug-bounty-platform","bugbounty","bugbounty-platform","bugbounty-tool","cybersecurity","infosec","vdp","vulnerability-disclosure"],"created_at":"2024-09-10T02:01:21.960Z","updated_at":"2026-02-05T20:14:06.389Z","avatar_url":"https://github.com/gerosecurity.png","language":"HTML","funding_links":[],"categories":["HTML"],"sub_categories":[],"readme":"# Gerobug: The First Open Source Bug Bounty Platform.\r\n\r\n![gerobugLogo](https://raw.githubusercontent.com/gerobug/gerobug-docs-images/main/logo.png)\r\n\r\n![CodeQL](https://github.com/gerobug/gerobug/actions/workflows/github-code-scanning/codeql/badge.svg)\r\n[![License](https://img.shields.io/badge/License-AGPLv3-red.svg?\u0026logo=none)](https://www.gnu.org/licenses/agpl-3.0)\r\n[![Black Hat Arsenal](https://raw.githubusercontent.com/toolswatch/badges/master/arsenal/asia/2023.svg?sanitize=true)](https://www.blackhat.com/asia-23/arsenal/schedule/index.html#gerobug-open-source-private-self-managed-bug-bounty-platform-31241)\r\n[![Black Hat Arsenal](https://raw.githubusercontent.com/toolswatch/badges/master/arsenal/asia/2024.svg?sanitize=true)](https://www.blackhat.com/asia-24/arsenal/schedule/#gerobug-the-first-open-source-bug-bounty-platform-37538)\r\n\r\n# Gerobug\r\n__The first open source self-managed bug bounty platform.__\r\n\r\nAre you a company, planning to have your own bug bounty program, with minimum budget?\u003cbr\u003e\r\n\r\n__WE GOT YOU!__\r\n\r\nWe are aware that some organizations have had difficulty establishing their own bug bounty program.\u003cbr\u003e\r\nUsing a third-party managed platform usually comes with a hefty price tag and security risks. _(If you know, you know...)_\u003cbr\u003e\r\nIn the other hand, creating your own self-managed platform will take time and effort to build and maintain it.\r\n\r\n\u003cbr\u003e\r\n\r\n## Why Gerobug?\r\n- __EASY        \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;:__ Have your bug bounty program running with just single line of command\r\n- __SECURE      \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;:__ Gerobug uses email parser and network segregation to minimize security risks.\r\n- __OPEN SOURCE \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;:__ It is FREE.\r\n\r\n\u003cbr\u003e\r\n\r\n## (Minimum) Recommended Specification\r\n* Ubuntu 24.04\r\n* vCPU 2 Core\r\n* RAM 2 GB\r\n* HDD 16 GB\r\n\r\n\u003cbr\u003e\r\n\r\n## Requirements\r\n* \u003ca href=\"https://support.google.com/accounts/answer/185833\"\u003eGmail\u003c/a\u003e or \u003ca href=\"https://support.microsoft.com/en-us/account-billing/using-app-passwords-with-apps-that-don-t-support-two-step-verification-5896ed9b-4263-e681-128a-a6f2979a7944\"\u003eOutlook\u003c/a\u003e Email with \u003cb\u003eApp password\u003c/b\u003e implemented\r\n* VPN Server (Recommended for Production Server)\r\n* Domain for HTTPS (Recommended for Production Server)\r\n* Port 80, 443, 6320\r\n* Python 3.x\r\n* Docker \r\n* Docker Compose v2\r\n\r\n__(You don't need to install anything manually, we'll do it for you!)__\r\n\r\n\u003cbr\u003e\r\n\r\n## Deployment and Usage\r\nTo deploy gerobug:\r\n1. Clone this repository\r\n```bash\r\ngit clone https://github.com/gerobug/gerobug\r\ncd gerobug\r\n```\r\n2. Run the Setup Script: \r\n```bash\r\n./gerobug.sh\r\n```\r\n3. Follow the setup instructions (Read the [documentation](https://gerobug.gitbook.io/documentation/) for details)\r\n4. By default, Gerobug Dashboard will listen at port __6320__\r\n\r\nAccess the login page at `http://[Domain/IP]:6320/login`\u003cbr\u003e\r\n\u003cbr\u003e__Credential__\u003cbr\u003e\r\nUsername\u0026nbsp;\u0026nbsp;: `geromin`\u003cbr\u003e\r\nPassword\u0026nbsp;\u0026nbsp;\u0026nbsp;: Randomly generated at `gerobug/gerobug_dashboard/secrets/gerobug_secret.env`\r\n\r\n\u003cbr\u003e\r\n\r\nYou can read the __detailed documentation [here](https://gerobug.gitbook.io/documentation/)__\r\n\r\n\u003cbr\u003e\r\n\r\n## Main Features\r\n- Network Segregation\u003cbr\u003e\r\nAll services are running on seperate containers. Public users should only able to access the static page (Rules and guidelines).\r\n\r\n- Easy and Quick Installation\u003cbr\u003e\r\nUse our run script to install Gerobug, its quick and easy!\r\n\r\n- HTTPS Implementation\u003cbr\u003e\r\nAutomated HTTPS configuration using NGINX and Let's Encrypt.\r\n\r\n- Homepage\u003cbr\u003e\r\nThis should be the only page accessible by public, which contains Rules and Guidelines for your bug bounty program.\r\n\r\n- Email Parser\u003cbr\u003e\r\nBug Hunter will submit their findings by email, which Gerobug will parse, filter, and show them on dashboard.\r\n\r\n- Auto Reply and Notification for Bug Hunters\u003cbr\u003e\r\nBug Hunter's inquiries will be automatically replied and notified if there any updates on their report.\r\n\r\n- Notification Channel\u003cbr\u003e\r\nCompany will also be notified via Slack/Telegram if there any new report.\r\n\r\n- User Management\u003cbr\u003e\r\nGerobug has a role-based user management.\r\n\r\n- Report Management\u003cbr\u003e\r\nManage reports easily using a kanban model dashboard.\r\n\r\n- Report Filtering and Flagging\u003cbr\u003e\r\nReports from Bug Hunter will be filtered and flagged if there are duplicate indication.\r\n\r\n- CVSS / OWASP Risk Calculator\u003cbr\u003e\r\nGerobug has an integrated CVSS / OWASP Risk Calculator to support the bug review process.\r\n\r\n- Email Blacklisting\u003cbr\u003e\r\nGerobug can temporarily block and release emails that conducted spam activity.\r\n\r\n- Auto Generate Certificate\u003cbr\u003e\r\nWe can generate certificate of appreciations for bug hunters so you don't have to ;)\r\n\r\n- Personalization\u003cbr\u003e\r\nYou can customize Gerobug to fit your brand colors\r\n\r\n- Logging and Log Rotation\u003cbr\u003e\r\nGerobug have internal audit log with log rotation enabled\r\n\r\n- Hall of Fame / Wall of fame / Leaderboard\u003cbr\u003e\r\nYeah we have it too\r\n\r\n\u003cbr\u003e\r\n\r\n## Authors\r\n- [@VGR6479](https://github.com/VGR6479)\r\n- [@as3ng](https://github.com/as3ng)\r\n- [@jessicaggan](https://github.com/jessicaggan)\r\n\r\n\u003cbr\u003e\r\n\r\n## Feedback\r\nIf you have any feedback, please reach out to us at __support@gerobug.com__\r\n\r\n\u003cbr\u003e\r\n\r\nCopyright (c) 2025 Gero Security\u003cbr\u003e\r\nLicensed under the GNU AGPLv3.0 License\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgerosecurity%2Fgerobug","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgerosecurity%2Fgerobug","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgerosecurity%2Fgerobug/lists"}