bug bounty hunting

SecurityTrails Blog · Last updated on Apr 12 2021 · by Esteban Borges

Using the SecurityTrails API™ for Bug Bounty Programs

Reading time: 2 minutes

Bug bounty programs are quite popular in software developer communities around the world. The way they work is fairly simple: developers find and report bugs to the company who owns and runs the software, gain recognition, and in most cases, compensation for their valuable help.

Here at SecurityTrails we have several API packages available to all who want to report their findings, using our highly intelligent platform. You can use this free platform at https://securitytrails.com to discover interesting information and apply for any popular bug bounty programs, just as @bnchandrapal did.

He used DNSTrails API + python scripting to find around 5k domains on GitHub + 1k domains hosted on GitLab pages that can be vulnerable to certain DNS attacks, then [reported][reported] this to Gitlab, and they were able to start working on a permanent fix for this bug:

Chandrapal's tweet

You can also begin automating your bug bounty hunting a bit more by using the SecurityTrails API™. For this we offer two options:

  • Free API tier: Our free API plan enables you to perform security research and bug bounty hunting, but is limited in terms of available API endpoints and results.
  • Bug Bounty Hunter’s Toolkit: This new plan launched in 2021 allows you access to the SecurityTrails API™ with 2,500 queries/month, and enables you to access data to discover associated domains, perform a full subdomain enumeration, as well as DSL v1 access (including open ports), DNS and WHOIS historical data, all for only $99/month.

SecurityTrails offers a great security platform that’s used by developers, researchers and companies all over the world to report bugs, exploits and vulnerabilities.

Start winning community recognition, plus some extra cash!

Esteban Borges Blog Author
ESTEBAN BORGES

Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.