Bbrecon | Python Library And CLI For The Bug Bounty Recon API


Bug Bounty Recon ( bbrecon ) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet “safe harbor” attack surface, excluding out-of-scope targets.
It comes with an ergonomic CLI and Python library.
This repository holds the CLI and Python library. Please see the website for more details.

Important Notice
While effort is taken to ensure the results returned by bbrecon are reliable and trustworthy, this service and its operators are in no way responsible for what you do with the data provided.
Double check your scopes and ensure you stay within safe harbors.


  • Public Programs – public bug bounty programs indexed and searchable with filters (live)
  • Domains – domains in scope across programs (live)
  • Private Programs – support for private programs (September 2020)
  • Notifications – webhook alerts when programs are created, updated or domains discovered (September 2020)
  • Endpoints – all HTTP and non-HTTP endpoints in scope across all programs (October 2020)

bbrecon is in a gradual Beta release phase; major features are released every few weeks to get feedback and fix kinks. You can sign up and start using it, but be aware that breaking changes may be deployed without notice . While the service and infrastructure is designed to scale, it is not currently configured to serve a large global audience . This will change, but for now YMMV.

Please report bugs with GitHub issues.
Use the Gitter chat for support or enquiring about service availability during beta.

Getting Started

API key
Fetch an API key from the Console:
Only Google SSO is supported at this time.


$ pip3 install bbrecon

bbrecon requires Python >= 3.8 – if pip tells you it can’t find bbrecon it’s probably because pip is using another Python version. Check this with pip3 --version .

If you intend to use the CLI, you should permanently configure your key:

$ bbrecon configure keyEnter your API key: YOUR_API_KEY

You can alternatively set the BBRECON_KEY environment variable if you prefer.

The following will output all programs released in the last month that have “web” type targets (APIs/web apps):

$ bbrecon get programs --type web --since last-monthSLUG         PLATFORM     CREATED     REWARDS      MIN.BOUNTY    AVG.BOUNTY    MAX.BOUNTY      SCOPES  TYPEScybrary      bugcrowd     2020-07-22  fame         $0            $0            $0                   6  android,ios,webexpressvpn   bugcrowd     2020-07-14  cash,fame    $150          $1047         $2500               17  android,ios,other,webprestashop   yeswehack    2020-07-23  cash         $0            $0            $1000                1  web...

To get scopes for specific programs, use get scopes :

$ bbrecon get scopes rockset codefi-bbpSLUG        PLATFORM    TYPE    VALUErockset     hackerone   web     console.rockset.comrockset     hackerone   web     docs.rockset.comrockset     hackerone   web     api.rs2.usw2.rockset.comcodefi-bbp  hackerone   web

To get domains for specific programs, use get domains :

$ bbrecon get domains dropcontact rebellion-defenseSLUG               DOMAIN                    CREATEDdropcontact        2020-08-23rebellion-defense                 2020-08-23rebellion-defense  2020-08-23rebellion-defense      2020-08-23...

Most commands can output JSON to make it easy to work with your scripts. Try --output json :

$ bbrecon get programs --output json[    {        "url": "",        "name": "Optimizely",        "platform": "bugcrowd",        "rewards": [            "cash",            "fame"        ],...

You can get information about specific programs by passing one or many slugs to the get programs command:

$ bbrecon get programs twago optimizelySLUG        PLATFORM    CREATED     REWARDS    MIN.BOUNTY    AVG.BOUNTY    MAX.BOUNTY      SCOPES  TYPEStwago       intigriti   2020-04-09             $0            $0            $0                   5  weboptimizely  bugcrowd    2018-03-22  cash,fame  $0            $750          $5000                6  web

Use --help to get a list of filters for each command:

$ bbrecon get programs --help...                                  Output format.  [default: wide]  -n, --name TEXT                 Filter by name.  -t, --type TEXT                 Filter by scope type. Can be used multiple                                  times.  -r, --reward TEXT               Filter by reward type. Can be used multiple                                  times.  -p, --platform TEXT             Filter by platform. Can be used multiple                                  times.  --exclude-platform TEXT         Exclude specific platform. Ignored if                                  --platform was passed. Can be used multiple                                  times.  -s, --since TEXT                Filter by bounties created after a certain                                  date. A specific date in the format                                  '%Y-%m-%d' can be supplied. Alte   rnatively,                                  the following keywords are supported:                                  'yesterday', 'last-week', 'last-month',                                  'last-year' as well as 'last-X-days' (where                                  'X' is an integer)....

Note that some filters are lists, and can be used multiple times! If you wanted to get all programs that have mobile apps in scope you could run:

$ bbrecon get programs --type android --type iosSLUG           PLATFORM     CREATED     REWARDS      MIN.BOUNTY    AVG.BOUNTY    MAX.BOUNTY  SCOPES  TYPESsquare         bugcrowd     2018-03-22  cash,fame    $300          $492          $5000            4  android,ios,other,webgojek          bugcrowd     2018-03-22  cash,fame    $200          $618          $5000            4  android,ios,websmartthings    bugcrowd     2018-03-22  fame         $0            $0            $0               5  android,hardware,ios,web...

You are invited to check out this repo’s codebase for more details, but to get started:

from bbrecon import BugBountyReconbb = BugBountyRecon(token=API_TOKEN)programs = bb.programs(    types=["web", "ios"],    platforms=["hackerone"],    rewards=["cash"],)for program in programs:    print(f"{} rewards up to ${program.maximum_bounty}!")    print(f"More information is available at: {program.url}")    for scope in program.in_scope:        if scope.type == "desktop":            print("Found a desktop app in scope for this program. Cool!")

You can interact directly with the REST API if you prefer. Check out the API docs here.