Bug Bounty Alerts

Posted on Sep 2, 2021

Just a quick update on a personal project.

The Problem

I enjoy pentesting and searching for web vulnerabilities, but the vast majority of the in scope assets on bug bounty programs have been thoroughly tested long ago. This means there isn’t much chance of finding anything interesting in the little time I have to test for fun.

The Solution

I wrote a Python script that scans (nearly) all HackerOne bug bounty scope pages and sends a mail alert when something changes. I automated it with cron on a VPS to run once an hour, so any time a new asset appears in scope, I will know about it pretty quickly.

The Repo

You can find the project here. Feel free to clone it, contribute to solve issues, or just message me with your name and email address if you’d like to be included in the mailout.