bbrecon (Bug Bounty Recon) - Python library and CLI for the Bug Bounty Recon API

September 9, 2020

Bug Bounty Recon (bbrecon) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets.

It comes with an ergonomic CLI and Python library.

Important Notice

While effort is taken to ensure the results returned by bbrecon are reliable and trustworthy, this service and its operators are in no way responsible for what you do with the data provided.

Double-check your scopes and ensure you stay within safe harbors.


  • Public Programs - public bug bounty programs indexed and searchable with filters (live)
  • Domains - domains in scope across programs (live)
  • Private Programs - support for private programs (September 2020)
  • Notifications - webhook alerts when programs are created, updated or domains discovered (September 2020)
  • Endpoints - all HTTP and non-HTTP endpoints in scope across all programs (October 2020)


bbrecon is in a gradual Beta release phase; major features are released every few weeks to get feedback and fix kinks. You can sign up and start using it, but be aware that breaking changes may be deployed without notice. While the service and infrastructure are designed to scale, it is not currently configured....

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.