{"id":13843010,"url":"https://github.com/serain/bbrecon","last_synced_at":"2025-07-11T17:32:54.198Z","repository":{"id":41512958,"uuid":"282648581","full_name":"serain/bbrecon","owner":"serain","description":"Python library and CLI for the Bug Bounty Recon API","archived":true,"fork":false,"pushed_at":"2021-06-05T20:11:54.000Z","size":364,"stargazers_count":220,"open_issues_count":2,"forks_count":38,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-11-21T14:38:13.688Z","etag":null,"topics":["bug-bounty-recon","bugbounty","bugbountytips","bugcrowd","cybersecurity","federacy","hackenproof","hackerone","hacking","osint","recon","security","web-security","yeswehack"],"latest_commit_sha":null,"homepage":"https://bugbountyrecon.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/serain.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-26T12:48:05.000Z","updated_at":"2024-11-19T00:36:48.000Z","dependencies_parsed_at":"2022-09-13T02:32:13.278Z","dependency_job_id":null,"html_url":"https://github.com/serain/bbrecon","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/serain/bbrecon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serain%2Fbbrecon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serain%2Fbbrecon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serain%2Fbbrecon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serain%2Fbbrecon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/serain","download_url":"https://codeload.github.com/serain/bbrecon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serain%2Fbbrecon/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264862594,"owners_count":23675001,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty-recon","bugbounty","bugbountytips","bugcrowd","cybersecurity","federacy","hackenproof","hackerone","hacking","osint","recon","security","web-security","yeswehack"],"created_at":"2024-08-04T17:01:53.214Z","updated_at":"2025-07-11T17:32:53.919Z","avatar_url":"https://github.com/serain.png","language":"Python","readme":"\u003cdl\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cimg width=\"320px\" src=\"https://raw.githubusercontent.com/serain/bbrecon/master/docs/logo_cropped.png\"\u003e\n  \u003c/p\u003e\n  \u003cbr /\u003e\n\u003c/dl\u003e\n\n**This project is no longer maintained and I took the crawling infrastructure offline.**\n\n**The audience was not big enough to justify maintaining it.**\n\nBug Bounty Recon (`bbrecon`) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet \"safe harbor\" attack surface, excluding out-of-scope targets.\n\nIt comes with an ergonomic CLI and Python library.\n\n## Important Notice\n\nWhile effort is taken to ensure the results returned by `bbrecon` are reliable and trustworthy, this service and its operators are in no way responsible for what you do with the data provided.\n\nDouble check your scopes and ensure you stay within safe harbors.\n\n## Features\n\n- **Public Programs** - public bug bounty programs indexed and searchable with filters\n- **Domains** - domains in scope across programs\n- **Notifications** - webhook alerts when programs are created or domains discovered\n\n## Status\n\n`bbrecon` is in a gradual **Beta** release phase; major features are released every few weeks to get feedback and fix kinks. You can sign up and start using it, but be aware that **breaking changes may be deployed without notice**. While the service and infrastructure is designed to scale, it is **not currently configured to serve a large global audience**. This may change, but for now YMMV.\n\n## Help / Feature Requests\n\nPlease use bugs [GitHub issues](https://github.com/serain/bbrecon/issues).\n\n## Getting Started\n\n### API key\n\nFetch an API key from the Console: https://console.bugbountyrecon.com\n\nOnly Google SSO is supported at this time.\n\n### Installation\n\n```\n$ pip3 install bbrecon\n```\n\n\u003e `bbrecon` requires Python \u003e= 3.8 - if `pip` tells you it can't find `bbrecon` it's probably because `pip` is using another Python version. Check this with `pip3 --version`.\n\nIf you intend to use the CLI, you should permanently configure your key:\n\n```\n$ bbrecon configure key\nEnter your API key: YOUR_API_KEY\n```\n\nYou can alternatively set the `BBRECON_KEY` environment variable if you prefer.\n\n## CLI\n\nThe following will output all programs released in the last month that have \"web\" type targets (APIs/web apps):\n\n```\n$ bbrecon get programs --type web --since last-month\nSLUG         PLATFORM     CREATED     REWARDS      MIN.BOUNTY    AVG.BOUNTY    MAX.BOUNTY      SCOPES  TYPES\ncybrary      bugcrowd     2020-07-22  fame         $0            $0            $0                   6  android,ios,web\nexpressvpn   bugcrowd     2020-07-14  cash,fame    $150          $1047         $2500               17  android,ios,other,web\nprestashop   yeswehack    2020-07-23  cash         $0            $0            $1000                1  web\n...\n```\n\nTo get scopes for specific programs, use `get scopes`:\n\n```\n$ bbrecon get scopes rockset codefi-bbp\nSLUG        PLATFORM    TYPE    VALUE\nrockset     hackerone   web     console.rockset.com\nrockset     hackerone   web     docs.rockset.com\nrockset     hackerone   web     api.rs2.usw2.rockset.com\ncodefi-bbp  hackerone   web     activate.codefi.network\n```\n\nTo get domains for specific programs, use `get domains`:\n\n```\n$ bbrecon get domains dropcontact rebellion-defense\nSLUG               DOMAIN                    CREATED\ndropcontact        www.dropcontact.io        2020-08-23\nrebellion-defense  mooch.rip                 2020-08-23\nrebellion-defense  www.rebelliondefense.com  2020-08-23\nrebellion-defense  rebelliondefense.com      2020-08-23\n...\n```\n\nTo create a Slack or Discord webhook notifications use `create notifications`:\n```\nbbrecon create notifications --resources programs --program ALL --webhook https://SLACK_OR_DISCORD_WEBHOOK_URL/\n```\n\nYou can view your configured notifications with `get notifications`.\n\nMost commands can output JSON to make it easy to work with your scripts. Try `--output json`:\n\n```\n$ bbrecon get programs --output json\n[\n    {\n        \"url\": \"https://bugcrowd.com/optimizely\",\n        \"name\": \"Optimizely\",\n        \"platform\": \"bugcrowd\",\n        \"rewards\": [\n            \"cash\",\n            \"fame\"\n        ],\n...\n```\n\nYou can get information about specific programs by passing one or many slugs to the `get programs` command:\n\n```\n$ bbrecon get programs twago optimizely\nSLUG        PLATFORM    CREATED     REWARDS    MIN.BOUNTY    AVG.BOUNTY    MAX.BOUNTY      SCOPES  TYPES\ntwago       intigriti   2020-04-09             $0            $0            $0                   5  web\noptimizely  bugcrowd    2018-03-22  cash,fame  $0            $750          $5000                6  web\n```\n\nUse `--help` to get a list of filters for each command:\n\n```\n$ bbrecon get programs --help\n...\n                                  Output format.  [default: wide]\n  -n, --name TEXT                 Filter by name.\n  -t, --type TEXT                 Filter by scope type. Can be used multiple\n                                  times.\n\n  -r, --reward TEXT               Filter by reward type. Can be used multiple\n                                  times.\n\n  -p, --platform TEXT             Filter by platform. Can be used multiple\n                                  times.\n\n  --exclude-platform TEXT         Exclude specific platform. Ignored if\n                                  --platform was passed. Can be used multiple\n                                  times.\n\n  -s, --since TEXT                Filter by bounties created after a certain\n                                  date. A specific date in the format\n                                  '%Y-%m-%d' can be supplied. Alternatively,\n                                  the following keywords are supported:\n                                  'yesterday', 'last-week', 'last-month',\n                                  'last-year' as well as 'last-X-days' (where\n                                  'X' is an integer).\n...\n```\n\nNote that some filters are lists, and can be used multiple times! If you wanted to get all programs that have mobile apps in scope you could run:\n\n```\n$ bbrecon get programs --type android --type ios\nSLUG           PLATFORM     CREATED     REWARDS      MIN.BOUNTY    AVG.BOUNTY    MAX.BOUNTY  SCOPES  TYPES\nsquare         bugcrowd     2018-03-22  cash,fame    $300          $492          $5000            4  android,ios,other,web\ngojek          bugcrowd     2018-03-22  cash,fame    $200          $618          $5000            4  android,ios,web\nsmartthings    bugcrowd     2018-03-22  fame         $0            $0            $0               5  android,hardware,ios,web\n...\n```\n\n## Python\n\nYou are invited to check out this repo's codebase for more details, but to get started:\n\n```python3\nfrom bbrecon import BugBountyRecon\n\nbb = BugBountyRecon(token=\"API_KEY\")\n\nprograms = bb.programs(\n    types=[\"web\", \"ios\"],\n    platforms=[\"hackerone\"],\n    rewards=[\"cash\"],\n)\n\nfor program in programs:\n    print(f\"{program.name} rewards up to ${program.maximum_bounty}!\")\n    print(f\"More information is available at: {program.url}\")\n\n    for scope in program.in_scope:\n        if scope.type == \"desktop\":\n            print(\"Found a desktop app in scope for this program. Cool!\")\n\n    domains = list(bb.domains(programs=[program.slug]))\n    print(\"Here are some domains for this program:\")\n    for domain in domains[:3]:\n        print(domain.name)\n```\n\n## REST API\n\nYou can interact directly with the REST API if you prefer. Check out the API docs [here](https://docs.bugbountyrecon.com/index.html).\n\n## Other Clients\n\nThe following clients for the Bug Bounty Recon API are not reviewed or endorsed by myself, but you may find them interesting nonetheless. Many thanks to the contributors!\n\nIf you want to get yours listed here, just open a PR.\n\n* [bbrecon_mobile_client](https://github.com/ponnamkarthik/bbrecon_mobile_client) by [ponnamkarthik](https://github.com/ponnamkarthik)\n","funding_links":[],"categories":["Python","Python (1887)","Pentesting"],"sub_categories":["Payloads"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fserain%2Fbbrecon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fserain%2Fbbrecon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fserain%2Fbbrecon/lists"}