Tops of HackerOne reports. All reports’ raw info stored in data.csv
. Scripts to update data.csv
are written in Python 3 and require selenium
. Every script contains some info about how it works. The run order of scripts:
fetcher.py
filler.py
rater.py
Tops 100.
Tops by bug type.
- Top XSS reports 8
- Top XXE reports 1
- Top CSRF reports 3
- Top IDOR reports
- Top RCE reports
- Top SQLi reports 1
- Top SSRF reports
- Top Race Condition reports 1
- Top Subdomain Takeover reports
- Top Open Redirect reports
- Top Clickjacking reports
- Top DoS reports 1
- Top OAuth reports 1
Tops by program.
- Top Mail.ru reports 11
- Top HackerOne reports 6
- Top Shopify reports 7
- Top Nextcloud reports
- Top Twitter reports 2
- Top Uber reports 2
- Top Node.js reports
- Top shopify-scripts reports 1
- Top Legal Robot reports 1
- Top U.S. Dept of Defense reports 1
- Top Gratipay reports
- Top Weblate reports
- Top VK.com reports
- Top New Relic reports
- Top LocalTapiola reports
- Top Zomato reports 2
- Top Slack reports
- Top ownCloud reports
- Top GitLab reports
- Top Ubiquiti Inc. reports
- Top Automattic reports
- Top Coinbase reports 2
- Top Verizon Media reports
- Top Starbucks reports 1
- Top Paragon Initiative Enterprises reports
- Top PHP (IBB) reports
- Top Brave Software reports
- Top Vimeo reports
- Top OLX reports
- Top concrete5 reports
- Top Phabricator reports
- Top Pornhub reports 5
- Top Localize reports
- Top Qiwi reports 3
- Top WordPress reports 3
- Top The Internet reports
- Top Open-Xchange reports
- Top Razer reports 1
- Top Rockstar Games reports 3
- Top GitHub Security Lab 2
- Top h1-ctf 3
Source: GitHub