API

Access bug bounty scope data programmatically. All endpoints are public and require no authentication.

Try It

Build a request, preview the results, or download them as a file.

Endpoint

Scope

Platform

Program Type

Data Source

/api/v1/targets/wildcards

Usage Examples

# Get all in-scope wildcard domains
curl -s https://bbscope.com/api/v1/targets/wildcards

# Pipe directly into your tools
curl -s https://bbscope.com/api/v1/targets/wildcards | subfinder -silent

# Filter by platform and get JSON
curl -s "https://bbscope.com/api/v1/targets/domains?platform=h1&format=json"

# Raw data without AI enhancements
curl -s "https://bbscope.com/api/v1/targets/wildcards?raw=true"

# Get scope updates (since: today, yesterday, 7d, 30d, 90d, 1y, or YYYY-MM-DD)
curl -s "https://bbscope.com/api/v1/updates?since=7d"

# Filter updates by platform and date range
curl -s "https://bbscope.com/api/v1/updates?since=2025-01-01&until=2025-01-31&platform=h1"

# Search updates and paginate
curl -s "https://bbscope.com/api/v1/updates?search=example.com&per_page=50&page=2"

# Find programs that have example.com in scope
curl -s "https://bbscope.com/api/v1/find?q=example.com"

# Find programs via root domain (matches *.example.com scopes)
curl -s "https://bbscope.com/api/v1/find?q=sub.example.com"

Endpoint Reference

Targets

Returns newline-delimited text by default. Add ?format=json for a JSON array.

GET/api/v1/targets/wildcards

Wildcard root domains, useful for subdomain enumeration.

GET/api/v1/targets/domains

Domains (non-URL, non-wildcard targets).

GET/api/v1/targets/urls

URL targets (http:// or https://).

GET/api/v1/targets/ips

IP addresses (extracted from IPs and URLs).

GET/api/v1/targets/cidrs

CIDR ranges and IP ranges.

Query Parameters

scopestring— in (default), out, or all

platformstring— h1, bc, it, or ywh

typestring— bbp or vdp

rawboolean— true to skip AI enhancements and use raw platform data

formatstring— json for JSON array output

Programs

GET/api/v1/programs

Returns the full list of bug bounty programs with scope data as JSON.

rawboolean— Set to true for raw target data without AI enhancements

GET/api/v1/programs/{platform}/{handle}

Returns details for a single program including in-scope and out-of-scope targets.

rawboolean— Set to true for raw target data without AI enhancements

Find

GET/api/v1/find

Find programs whose scope matches a given hostname or domain. Automatically expands to root domain matching (e.g. aaa.example.com matches programs scoping bbb.example.com). Cloud provider domains are excluded from expansion to avoid false positives.

qstring— Search query (hostname, domain, etc.) — required

Updates

GET/api/v1/updates

Returns paginated scope changes (assets and programs added/removed) with time range filtering.

pageinteger— Page number (default: 1)

per_pageinteger— Results per page, max 250 (default: 25)

platformstring— h1, bc, it, or ywh

searchstring— Search in targets, handles, categories

sincestring— Start of time range: today, yesterday, 7d, 30d, 90d, 1y, or YYYY-MM-DD

untilstring— End of time range: YYYY-MM-DD