API
Access bug bounty scope data programmatically. All endpoints are public and require no authentication.
Try It
Build a request, preview the results, or download them as a file.
/api/v1/targets/wildcards
Usage Examples
# Get all in-scope wildcard domains
curl -s https://bbscope.com/api/v1/targets/wildcards
# Pipe directly into your tools
curl -s https://bbscope.com/api/v1/targets/wildcards | subfinder -silent
# Filter by platform and get JSON
curl -s "https://bbscope.com/api/v1/targets/domains?platform=h1&format=json"
# Raw data without AI enhancements
curl -s "https://bbscope.com/api/v1/targets/wildcards?raw=true"
curl -s https://bbscope.com/api/v1/targets/wildcards
# Pipe directly into your tools
curl -s https://bbscope.com/api/v1/targets/wildcards | subfinder -silent
# Filter by platform and get JSON
curl -s "https://bbscope.com/api/v1/targets/domains?platform=h1&format=json"
# Raw data without AI enhancements
curl -s "https://bbscope.com/api/v1/targets/wildcards?raw=true"
Endpoint Reference
Targets
Returns newline-delimited text by default. Add ?format=json for a JSON array.
GET
/api/v1/targets/wildcardsWildcard root domains, useful for subdomain enumeration.
GET
/api/v1/targets/domainsDomains (non-URL, non-wildcard targets).
GET
/api/v1/targets/urlsURL targets (http:// or https://).
GET
/api/v1/targets/ipsIP addresses (extracted from IPs and URLs).
GET
/api/v1/targets/cidrsCIDR ranges and IP ranges.
Query Parameters
scopestring— in (default), out, or allplatformstring— h1, bc, it, or ywhtypestring— bbp or vdprawboolean— true to skip AI enhancements and use raw platform dataformatstring— json for JSON array outputPrograms
GET
/api/v1/programsReturns the full list of bug bounty programs with scope data as JSON.
rawboolean— Set to true for raw target data without AI enhancementsGET
/api/v1/programs/{platform}/{handle}Returns details for a single program including in-scope and out-of-scope targets.
rawboolean— Set to true for raw target data without AI enhancements