Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
bbscope.com is a bug bounty scope aggregation site that collects public program scopes from HackerOne, Bugcrowd, Intigriti, and YesWeHack. The page states that it tracks 1,088 programs, 53,896 assets, and 4 platforms, with data automatically collected by the bbscope CLI. It is better understood as an asset intelligence and reconnaissance aid rather than a firewall, WAF, EDR, or vulnerability scanner.
In terms of security use cases, bbscope mainly supports early-stage bug bounty reconnaissance: browsing in-scope and out-of-scope assets, filtering by platform, program, and target type, with support for wildcards, domains, URLs, IPs, and CIDRs. For management and change tracking, it provides an Updates page and a /api/v1/updates endpoint to view newly added or removed programs and assets. Parameters such as since, until, platform, search, and pagination are supported, but the page does not mention email, Webhook, or real-time alerts.
Deployment is primarily through the online website and public API, with all API endpoints publicly available and requiring no authentication. Its integration options are practical: responses are returned as newline-delimited text by default, with JSON also available. The examples show direct curl usage piped into subfinder, and the site also provides quick links to crt.sh, Shodan, SecurityTrails, and VirusTotal. In terms of pricing, no paid plans are mentioned on the page, so it can currently be considered free for public access, but there is no information about an enterprise edition, SLA, or commercial support.
Its strengths are that it aggregates public scopes across multiple platforms, reducing the cost of manual lookups; supports change tracking, which helps researchers find fresh targets; and offers a simple API suitable for automated reconnaissance. The limitations are also clear: it does not provide active scanning, protection, remediation workflows, or access control; its data depends on public platforms, so accuracy and timeliness need to be verified independently; and information on compliance certifications, data security commitments, and service support is missing.
bbscope is suitable for bug bounty hunters, security researchers, and teams that need to collect public bounty assets in bulk. It is not suitable as a standalone enterprise security protection or vulnerability management platform. Access from China is not described on the page and is therefore assessed as unknown; payment information is also not disclosed. Alternatives include using official platforms such as HackerOne and Bugcrowd directly, or building an in-house workflow based on the bbscope CLI and the ProjectDiscovery toolchain.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on bbscope.com official site.
bbscope.com is an Unknown pentest provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach bbscope.com directly.