Recent Bounty Rewards for Exposed Tokens

Discover Hidden Secrets Worth Thousands

Our advanced scanning tool empowers bug bounty hunters to find exposed secrets across a wide range of platforms and repositories. Turn leaked credentials into significant rewards, no matter where they're hidden.

$31,337

Highest Reward

99.9%

Accuracy Rate

Start Scanning Now View Success Stories

Top Bounties

Total Rewards

$79,162

High

Bounty Awarded

$14,000

BrowserStack credentials exposed in npm package

High

Bounty Awarded

$1,925

Expose Employee GitHub SSH Key in Public Docker Hub Layer

High

Bounty Awarded

$1,000

AzureOpenAI api key exposed publicly in GitHub repository

Low

Bounty Awarded

$250

Hugging Face API Key exposed publicly in GitHub repository

High

Bounty Awarded

$750

GitHub Token in Organization Repository

Critical

Bounty Awarded

$3,000

Docker Hub Layer Exposing GitHub Credentials

High

Bounty Awarded

$650

OpsGenie Access Token Exposure

Critical

Bounty Awarded

$31,337

Critical Exposure: Employee GitHub Token in Docker Hub

Critical

Bounty Awarded

$1,250

API token exposed in github repository which exposed PII

Medium

Bounty Awarded

$500

GCP Credentials json exposed publicly in public GitHub repository

Critical

Bounty Awarded

$5,000

Employee GitHub Token Found in Public Repository

Critical

Bounty Awarded

$2,000

GitHub Token in Public Docker Image

Medium

Bounty Awarded

$3,500

Larksuite Admin access key

Critical

Bounty Awarded

$3,000

Employee Github ssh keys publicly disclosed in Docker hub registry

Critical

Bounty Awarded

$3,000

Information Disclosure on hub.docker.com via public docker image leads to private github repositories access

High

Bounty Awarded

$1,250

GCP Service Account Key Leak

High

Bounty Awarded

$1,000

Azure OpenAPI Key Exposure

Medium

Bounty Awarded

$2,500

Hugging Face API Key exposure

Critical

Bounty Awarded

$2,000

Organization Docker Image Leaking Credentials

Advanced Scanning Technology

Powerful Features for Bug Hunters

Our advanced scanning engine helps you find valuable secrets that others miss.

High-Value Target Scanning

Hunt for $5,000+ bounty-worthy secrets across GitHub, GitLab, NPM, Docker, and Huggingface repositories.

One-click organization scanning
Multi-platform coverage

Critical Token Detection

Find and verify 300+ types of high-reward tokens including AWS, Google Cloud, and payment system credentials.

Active token verification
Zero false positives

Instant Bounty Alerts

Be first to claim bounties with instant notifications for newly discovered high-value secrets.

Telegram notifications
Discord webhook integration

Choose Your Plan

Powerful Tools for Serious Hunters

Start finding valuable secrets with our flexible pricing plans designed for both beginners and professionals

Hacker Plan

$89 /month

For serious bug bounty hunters

Unlimited Scans
Secrets Verification
Regular Updates
Priority Support

Pay with

Stripe Pay with

LemonSqueezy

This plan renews automatically every month. You can cancel anytime.

Best Value

Lifetime Access

$299 One-time payment

Self-hosted scanning for pro hunters

Private Repository Access
Access to Private Discord Community
Detailed Setup Instructions
Lifetime Updates

Pay with

Stripe Pay with

LemonSqueezy

Got Questions?

Frequently Asked Questions

Everything you need to know about iScan.today and how it can help you find valuable secrets

How does iScan.today detect exposed secrets?

Is using iScan.today for bug bounty hunting legal?

What makes iScan.today different from other secret scanning tools?

How does iScan.today verify detected secrets?

Real Success Stories

High-Value Discoveries by Our Users

Real bug bounty rewards earned using iScan's advanced scanning capabilities

Medium

Bounty Awarded

$3,500

Larksuite Admin access key

Found exposed Larksuite Admin access key in an employee's public GitHub repository

Reported: March 21, 2025

Rewarded: March 28, 2025

Larksuite Admin Key Exposure

Admin key exposed in employee repository

sicksec

Bug Hunter Since 2019

Medium

Bounty Awarded

$2,500

Hugging Face API Key exposure

Found exposed Hugging Face API key in an employee's public github repository

Reported: March 18, 2025

Rewarded: March 27, 2025

Hugging Face API Key Exposure

API key exposed in employee repository

sicksec

Bug Hunter Since 2019

High

Bounty Awarded

$14,000

BrowserStack credentials exposed in npm package

Found exposed BrowserStack credentials in a public npm package, posing a significant security risk

Reported: February 13, 2025

Rewarded: March 15, 2025

BrowserStack Credentials

Credentials exposed in npm package

0xspade

Bug Hunter Since 2017

High

Bounty Awarded

$1,925

Expose Employee GitHub SSH Key in Public Docker Hub Layer

Found exposed Employee GitHub SSH key in a public Docker Hub layer, posing a significant security risk

Reported: March 07, 2025

Rewarded: March 08, 2025

Private SSH Key

Github SSH Key exposed in docker hub

dmxjon

Bug Hunter Since 2018

High

Bounty Awarded

$1,000

AzureOpenAI api key exposed publicly in GitHub repository

Found exposed AzureOpenAI credentials in employee's public GitHub repository

Reported: January 23, 2025

Rewarded: February 05, 2025

Azure OpenAI Credentials

API keys and URLs exposed

Codermak

Bug Hunter Since 2020

High

Bounty Awarded

$1,250

GCP Service Account Key Leak

Identified exposed GCP credentials in public repository

Reported: December 24, 2024

Rewarded: January 03, 2025

GCP Credentials

Service account exposed

Codermak

Bug Hunter Since 2020

High

Bounty Awarded

$750

GitHub Token in Organization Repository

Found GitHub token exposed in organization's public repository

Reported: December 19, 2024

Rewarded: December 30, 2024

Organization Repo

Token in public code

Codermak

Bug Hunter Since 2020

Medium

Bounty Awarded

$500

GCP Credentials json exposed publicly in public GitHub repository

Found exposed GCP credentials JSON file in public GitHub repository, which poses a security risk

Reported: December 19, 2024

Rewarded: December 23, 2024

GCP Credentials JSON

Credentials exposed in public repository

Codermak

Bug Hunter Since 2020

High

Bounty Awarded

$650

OpsGenie Access Token Exposure

Discovered OpsGenie token in public GitHub repository

Reported: August 17, 2024

Rewarded: August 29, 2024

OpsGenie Token

Access token exposed

Codermak

Bug Hunter Since 2020

Critical

Bounty Awarded

$1,250

API token exposed in github repository which exposed PII

Found exposed API token in public GitHub repository, which exposes PII of employee

Reported: August 07, 2024

Rewarded: August 23, 2024

API Token

API token exposed, PII at risk

Codermak

Bug Hunter Since 2020

Low

Bounty Awarded

$250

Hugging Face API Key exposed publicly in GitHub repository

Found exposed Hugging Face API key in public GitHub repository, which exposes PII of employee

Reported: March 28, 2024

Rewarded: August 07, 2024

Hugging Face API Key

API key exposed, PII at risk

Codermak

Bug Hunter Since 2020

Critical

Bounty Awarded

$5,000

Employee GitHub Token Found in Public Repository

Located an active GitHub token with elevated permissions in employee's public repository

Reported: June 16, 2024

Rewarded: July 24, 2024

Token in Public Repo

Exposed in repository code

Codermak

Bug Hunter Since 2020

High

Bounty Awarded

$1,000

Azure OpenAPI Key Exposure

Located Azure OpenAPI key in public GitHub repository

Reported: March 10, 2024

Rewarded: February 10, 2024

Azure API Key

Key in repository

Codermak

Bug Hunter Since 2020

Critical

Bounty Awarded

$3,000

Docker Hub Layer Exposing GitHub Credentials

Identified GitHub token with organization-wide access in Docker image layer

Reported: January 27, 2024

Rewarded: February 02, 2024

Docker Layer Analysis

Token found in image history

Codermak

Bug Hunter Since 2020

Critical

Bounty Awarded

$2,000

GitHub Token in Public Docker Image

Found active GitHub token exposed in public Docker image layer

Reported: September 18, 2023

Rewarded: September 20, 2023

Public Docker Image

Exposed credentials in layer

Codermak

Bug Hunter Since 2020

Critical

Bounty Awarded

$2,000

Organization Docker Image Leaking Credentials

Discovered GitHub token in organization's public Docker image

Reported: July 20, 2023

Rewarded: August 03, 2023

Organization Image

Token in public image

Codermak

Bug Hunter Since 2020

Critical

Bounty Awarded

$3,000

Information Disclosure on hub.docker.com via public docker image leads to private github repositories access

Found exposed information on hub.docker.com via a public docker image that leads to access to private GitHub repositories

Reported: July 04, 2023

Rewarded: July 07, 2023

Docker Image Information Disclosure

Access to private GitHub repositories

Codermak

Bug Hunter Since 2020

Critical

Bounty Awarded

$3,000

Employee Github ssh keys publicly disclosed in Docker hub registry

Found exposed Employee Github SSH keys in public Docker Hub registry

Reported: September 01, 2022

Rewarded: September 08, 2022

Github SSH Keys

SSH keys exposed in Docker Hub

Codermak

Bug Hunter Since 2020

Critical

Bounty Awarded

$31,337

Critical Exposure: Employee GitHub Token in Docker Hub

Discovered a high-privilege GitHub token exposed in a Docker Hub layer, enabling potential access to internal systems

Reported: January 03, 2022

Rewarded: September 06, 2022

GitHub Token in Docker Layer

Token exposed in image metadata

Codermak

Bug Hunter Since 2020