• Hive Five
  • Posts
  • Every Public Bug Bounty Program At Your Fingertips

Every Public Bug Bounty Program At Your Fingertips

A Raycast extension to improve bug bounty efficiency

After being inspired, I decided to dust of the coding cobwebs, and build a simple and quick way to access public bug bounty and vulnerability disclosure programs.

Want to try it out? Visit the Raycast store and install my Public Bug Bounty and Vulnerability Disclosure Programs extension. Let me know what you think!

Table of Contents


What inspired me to create a Raycast extension was the following tweet by the TailwindCSS team. One of their devs created a quick way for them to check output while troubleshooting.

Although I've been using Raycast for a couple of years now, it never occurred to me to write an extension for it. Until now that is.


While thinking of ideas on what to make I thought it would be cool to be able to quickly find public bug bounty and VDP programs using Raycast. Awesome! Now what?

Data source

Next up, I had to find a data source. I was looking for either a public API or a JSON file, and I landed on the Chaos project by Project Discovery. It's a community curated list of programs that is updated frequently.

The list consists of a JSON array in the following format:

   "bounty": true,
   "swag": true,

Now that we know what we're working with, we can start creating our extension.


When starting of a dev project, I always make sure to find the official documentation. Not only will this help you when you get stuck, it'll also provide a roadmap and best-practices.

I started out with following the Create Your First Extension topic in their documentation, but it seemed quite limited. I wish it would take you on the entire journey from creation to publishing.

After playing around with the docs some more, I found everything you need to create and publish an extension: the examples, best practices, API references, and Utilities.

Real-life examples

Theory is nice and all, but we want real-life examples. So, I went to check GitHub for the actual code of extensions people use. It turns out that Raycast manages all of the extensions in their own repo.

When consulting GitHub, I don't typically browse aimlessly, instead, I search for specific terms or code that I'm currently working on or am curious about. In this case we can use the following search query repo:raycast/extensions <your search term>.


Still can't figure things out? Or, just want to hang out? Check to see if the project has a place where the community gathers, such as a forum, discord, or Slack.

You can find the Raycast community on Slack. It's active and helpful, with various rooms and employees to cover them. I wouldn't be surprised if they had an internal SLO and assigned channel coverage.

My question was answered in a matter of hours by a member. In typical fashion, I should've known the answer, but you don't know what you don't know (or forgot). In addition to having my question answered, I received encouragement and useful feedback by employees.

AI Augmentation

As always, don't forget to augment yourself using AI. Ideal for when you're not familiar with a language, need a second set of eyes, a rubber duck, or just some templating. My current AI of choice is Anthropic’s Claude.

Publish process

Although not mentioned in the publish docs, use the Raycast CLI linter to ensure the extension will pass the automated CI/CD process when submitting a PR. npx ray lint runs ESLint for all files in the src directory.

In my case, it took just shy of two weeks to get my PR merged. Also, I received some credit that I'll be able to exchange for swag in the near future!


I thoroughly enjoyed the entire process, from the idea until seeing it live in the Raycast store. I would encourage everyone to create tools and functionality that augments their digital interactions.

Just because the current user experience is bad or suboptimal, doesn't means you have to use it. Hack a life you love!