VbD

API Documentation

API Documentation

Complete reference for the Vulnerable by Design BountyPy API

Introduction

The BountyPy API provides a powerful interface for security researchers and bug bounty hunters to interact with HackerOne's platform programmatically. This library helps you manage your bug bounty workflow, analyze your performance, and stay on top of new programs and opportunities.

Quick Start

Install the BountyPy library using pip:

shell
$ pip install bountpy

Core API

Initialization

To start using BountyPy, you need to initialize it with your HackerOne API credentials.

python
300">"text-blue-400">import bountpy
# Initialize with your HackerOne API key
bounty = bountpy.300">"text-blue-400">in200">it({
    300">'key': 300">'YOUR_HACKERONE_API_KEY',
    300">'username': 300">'YOUR_HACKERONE_USERNAME'
})

Parameters

key
Your HackerOne API key (required)
username
Your HackerOne username (required)
timeout
Request timeout in seconds (optional, default: 30)

Configuration

You can configure BountyPy's behavior after initialization.

python
# Configure rate limit handling
bounty.200">configure({
    300">'max_retries': 5,
    300">'retry_delay': 1000,  # milliseconds
    300">'exponential_backoff': 300">"text-blue-400">True,
    300">'cache_ttl': 300  # seconds
})

Programs API

Get Programs

Retrieve bug bounty programs from HackerOne.

python
# Get all public programs
programs = bounty.200">programs().200">get()
# Get a specific program by handle
github_program = bounty.200">program(300">'github').200">get()

Reports API

Your Reports

Access and analyze your submitted bug reports.

python
# Get all your submitted reports
my_rep300">"text-blue-400">orts = bounty.rep300">"text-blue-400">or200">ts().200">submitted().200">get()
# Get monthly statistics
monthly_stats = bounty.rep300">"text-blue-400">or200">ts().200">submitted().200">monthly_stats()
# Get your report acceptance rate
acceptance_rate = bounty.rep300">"text-blue-400">or200">ts().200">submitted().200">acceptance_rate()

Visualize Your Data

BountyPy makes it easy to visualize your bug bounty performance with built-in plotting functions.

python
300">"text-blue-400">import matplotlib.pyplot as plt
# Plot your earnings over time
monthly_stats = bounty.rep300">"text-blue-400">or200">ts().200">submitted().200">monthly_stats()
plt.200">figure(figsize=(12, 6))
plt.200">plot(monthly_stats[300">'month'], monthly_stats[300">'earn400300">">ings'])
plt.200">title(300">'Monthly Earn400300">">ings')
plt.200">xlabel(300">'Month')
plt.200">ylabel(300">'Earn400300">">ings ($)')
plt.200">grid(300">"text-blue-400">True)
plt.200">show()
# Plot your report acceptance rate
acceptance_rate = bounty.rep300">"text-blue-400">or200">ts().200">submitted().200">acceptance_rate()
labels = [300">'Accepted', 300">'Rejected', 300">'Duplicate', 300">'Pend400300">">ing']
sizes = [
    acceptance_rate[300">'accepted'], 
    acceptance_rate[300">'rejected'],
    acceptance_rate[300">'duplicate'],
    acceptance_rate[300">'pend400300">">ing']
]
plt.200">figure(figsize=(8, 8))
plt.200">pie(sizes, labels=labels, autopct=300">'%1.1f%%')
plt.200">title(300">'Rep400300">">ort Acceptance Rate')
plt.200">show()

Vulnerability Reports API

Submit Vulnerability Report

Submit and manage vulnerability reports for bug bounty programs.

python
# Submit a new vulnerability report
rep300">"text-blue-400">ort = bounty.rep300">"text-blue-400">ort.200">create({
    300">'program_id': 123,
    300">'title': 300">'XSS 400300">">in Search Function',
    300">'description': 300">'I found a cross-site script400300">">ing vulnerability 400300">">in the search function',
    300">'severity': 300">'high',
    300">'proof_of_concept': 300">'Steps to reproduce: 1. Go to search page 2. Enter \"\300">"'
})
# Get all your submitted reports
my_rep300">"text-blue-400">orts = bounty.rep300">"text-blue-400">orts.my_rep300">"text-blue-400">or200">ts().200">get()
# Get a specific report by ID
rep300">"text-blue-400">ort = bounty.rep300">"text-blue-400">or200">t(456).200">get()

Parameters

program_id
ID of the bug bounty program (required)
title
Title of the vulnerability (required)
description
Detailed description of the vulnerability (required)
severity
Severity level: critical, high, medium, low, or info (required)
proof_of_concept
Steps to reproduce the vulnerability (required)

Report Statistics

Get statistics on your submitted vulnerability reports.

python
# Get report statistics
stats = bounty.rep300">"text-blue-400">orts.200">stats()
pr300">"text-blue-400">in200">t(f300">"Total rep400300">">orts: {stats['total300">']}")
pr300">"text-blue-400">in200">t(f300">"Accepted rep400300">">orts: {stats['by_status300">']['accepted300">']}")
pr300">"text-blue-400">in200">t(f300">"Rep400300">">orts by severity: {stats['by_severity300">']}")

Filtering and Searching Reports

Filter and search your vulnerability reports to find specific information.

python
# Get reports with specific status
accepted_rep300">"text-blue-400">orts = bounty.rep300">"text-blue-400">orts.my_rep300">"text-blue-400">or200">ts().200">filter(status=300">'accepted').200">get()
# Get reports for a specific program
github_rep300">"text-blue-400">orts = bounty.rep300">"text-blue-400">orts.my_rep300">"text-blue-400">or200">ts().200">filter(program_id=123).200">get()
# Get high severity reports
high_severity = bounty.rep300">"text-blue-400">orts.my_rep300">"text-blue-400">or200">ts().200">filter(severity=300">'high').200">get()
# Search reports by keyword
search_results = bounty.rep300">"text-blue-400">orts.my_rep300">"text-blue-400">or200">ts().200">search(300">'authentication bypass').200">get()

Ready to supercharge your bug bounty workflow?

Get started with BountyPy today to track your bug bounty performance, discover new programs, and automate your workflow.

Get Started