Sponsored by


This is a directory of ethical hacking writeups including bug bounty, responsible disclosure and pentest writeups.
My goal is to help you improve your hacking skills by making it easy to learn about thousands of vulnerabilities that hackers found on different targets.

No, not all programs included here have an ongoing bug bounty program or a responsible disclosure program. So this page is NOT an invitation to hack on any program mentioned.
Please make sure you are explicitly allowed to hack on a target before starting!

  • Title - Title and link of the writeup (may include one or multiple links).
  • Tags - Vulnerabilities and topics mentioned.
  • Program - The vulnerable organization, bug bounty program or app. Remember, not all programs have a bug bounty program or responsible disclosure policy.
  • Author (Twitter handle) - The author(s) of the writeup and their Twitter handle.
  • Bounty
    • Amount of the monetary reward if there was one.
    • - means no bounty was mentioned or it was a pentest or responsible disclosure finding.
    • Note that bounties paid in other currencies are converted to $ for the sake of simplicity.
  • Publication date - The date on which the writeup was published.
  • Added date - The date on which the writeup was added to this directory.

Here are some features to help you quickly navigate the table:
  • Search bar (at top right of the table)
    • To search the whole table, all columns included.
    • This doesn't include the contents of writeups, only information that appears on this table.
    • E.g. searches: '2020', 'RCE', 'Google' or 'albinowax'
  • Small arrow icon (right to each column's name)
    Use it to sort the table by any column you want. By default, writeups are sorted by Added date.
  • "Show ... entries" (at the top left of the table)
    • Use this to specify the number of writeups you want to see: 10, 25, 50 (default), 100 or All of them without pagination.
    • Avoid using "All" if you are on a mobile device, as it can make the page really slow (on mobile).
    • The settings you choose are saved in your browser (using localStorage). So when you close and revisit the site, you will find yourself on the last page you were reading before closing the browser or window.
    • If you find this behavior annoying and would prefer pagination settings to be forgotten every time you close the site, please let me know.
  • Download as JSON file
    Use this link to download the JSON file that was used to generate the table.

You can submit your writeups by filling out this contact form (select "Submit a writeup" as the subject).

Sponsored by