SecurityTrails Blog · Feb 26 2018 · by Esteban Borges

Using SecurityTrails free API tier for Bug Bounty programs

Reading time: 2 minutes

Bug bounty programs are pretty popular in the software developer communities around the world. The way it works is pretty simple: developers find and report bugs to the company who owns and runs the software, and get recognition and, in most cases, a compensation for that useful help.

In our case, weeks ago we launched our own [Data Bounty Program][bounty] for all those who want to report their findings using our intelligent platform at DNSTrails and SecurityTrails. You can use our platform to find interesting things and apply for our Data Bounty Program.

But you can also take the next step and start using the free SecurityTrails API to start also digging into security holes from any company, and apply for their bounty bug programs, same as @bnchandrapal did.

He used DNSTrails API + python scripting to find around 5k domains on GitHub + 1k domains hosted on GitLab pages that can be vulnerable to certain DNS attacks, then reported this to Gitlab, and they were able to start working on a permanent fix for this bug:

Chandrapal's tweet

Same as he did, you can also start using SecurityTrails for bug bounty on different companies. Start analyzing the information gathered from our API and get useful data to help you reporting bugs to all kind of companies you are auditing.

As you see, SecurityTrails is a great security tool that is already used by many developers and companies to report bugs, exploits and vulnerabilities. Start winning community recognition, plus some extra cash, get your free API access today!


Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.