BugBounty Companion

Up your game by being more efficient than others! πŸ€“

A BugBounty companion script for Immunefi πŸ™Œ Checkout high-reward yielding bug bounty projects and scale your bug bounty hunting.

TLDR; clones Immunefi Repositories filtered by the highest rewards.

⚠️ HACKY SCRIPT! – shell-executes stuff without checking! USE AT OWN RISK πŸ˜€


$ bugbounty.py [sync|unique|clone|no-dryrun]

default output folder is $(pwd)/bugbounty_repos/<project>


  • sync with immunefi website and dump results to json file
$ bugbounty.py sync [unique]
  • show unique repos in cache
$ bugbounty.py unique
  • (dry-run) clone all unique repos
$ bugbounty.py unique clone 
  • (actually) clone all unique repos
$ bugbounty.py unique clone no-dryrun

I don’t know what to do?!

⚠️ PSA: Reminder, this script is an ugly hack but it works πŸ˜€ USE AT OWN RISK.

$ bugbounty.py sync unique      # 1) download bounty info and cache it; filter unique repos
$ bugbounty.py unique clone     # 2) dry-run clone - dblcheck if this is what you do
$ bugbounty.py unique clone no-dryrun    # 3) actually checkout all the repos to $(pwd)/bugbounty_repos/<project>

Cool, but when Lambo 🏎️?

  • Check for similar issues in all code-bases
  • Run your tools, code-smell detectors
    • e.g. semgrep – semgrep now supports solidity! write patterns, find bugs, at scale
  • Submit Bugs for Bounties
  • πŸ‘‰ Lambo 🏎️ $$ πŸ₯³πŸ₯³


Got rich? Consider giving back by supporting the eth security community and my projects ❀️ πŸ™

Be a Hero, tip a 🍺 πŸ™‚ ⟢ Ιƒ: 1AZMeGVfCBbYwVYyG9s79pJDyocTZgiApa | Ξth: 0x438B38E30eF117C15fBfF833f9C2c70182925815


View Github