Cybersecurity-Projects/PROJECTS/advanced/bug-bounty-platform/README.md

3.9 KiB

██████╗ ██╗   ██╗ ██████╗     ██████╗  ██████╗ ██╗   ██╗███╗   ██╗████████╗██╗   ██╗
██╔══██╗██║   ██║██╔════╝     ██╔══██╗██╔═══██╗██║   ██║████╗  ██║╚══██╔══╝╚██╗ ██╔╝
██████╔╝██║   ██║██║  ███╗    ██████╔╝██║   ██║██║   ██║██╔██╗ ██║   ██║    ╚████╔╝
██╔══██╗██║   ██║██║   ██║    ██╔══██╗██║   ██║██║   ██║██║╚██╗██║   ██║     ╚██╔╝
██████╔╝╚██████╔╝╚██████╔╝    ██████╔╝╚██████╔╝╚██████╔╝██║ ╚████║   ██║      ██║
╚═════╝  ╚═════╝  ╚═════╝     ╚═════╝  ╚═════╝  ╚═════╝ ╚═╝  ╚═══╝   ╚═╝      ╚═╝

Cybersecurity Projects Python React License: AGPLv3 Live Demo Docker

Production-ready enterprise bug bounty platform with role-based access, CVSS scoring, and full report triage workflows.

This is a quick overview — security theory, architecture, and full walkthroughs are in the learn modules.

What It Does

  • Role-based access control for Researchers, Companies, and Admins with JWT refresh token rotation
  • CVSS vulnerability scoring with full report triage and bounty award workflows
  • Program management with configurable scope, reward tiers, and SLA tracking
  • Multi-device session management with token versioning for instant invalidation
  • Rate limiting, audit logging, and input validation across all endpoints
  • Repository pattern with strict type safety across ~7,000 lines of backend code

Quick Start

docker compose up -d

Visit http://localhost:8420 or the live demo at bugbounty.carterperez-dev.com

[!TIP] This project uses just as a command runner. Type just to see all available commands.

Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin

Stack

Backend: FastAPI, SQLAlchemy 2.0+, PostgreSQL 18, Redis 7, Alembic, Argon2id, JWT

Frontend: React 19, TypeScript 5.9, Vite 7, React Router 7.1, TanStack Query v5, Zustand

Learn

This project includes step-by-step learning materials covering security theory, architecture, and implementation.

Module Topic
00 - Overview Prerequisites and quick start
01 - Concepts Security theory and real-world breaches
02 - Architecture System design and data flow
03 - Implementation Code walkthrough
04 - Challenges Extension ideas and exercises

License

AGPL 3.0