Prices

Our platform works with the world's top security researchers
and compensate them well for their diligent work and findings.

Only qualitative and dependable exploits that work on the most recent iterations of vulnerable software fall within our scope of accepted entries.

We are only taking unique exploits for undiscovered vulnerabilities that have never been documented previously, and handled by one person only. We do not allow or accept the sale of non-exclusive exploits.

We also accept security mitigation bypasses and exploit chains (DEP, ASLR, PAC, CFG, CET, etc.). The following listed prices are subject to change. An exploit's eventual cost may differ according on its execution duration, version leverage, and other factors.

> Price by category
OS
  • Microsoft Windows Zero Click (RCE + LPE) $ 2,000,000
  • MMicrosoft Windows (LPE/SBX) $ 150,000
  • Linux (LPE) $ 100,000
  • Apple Mac OS (LPE) $ 150,000
Browsers
  • Chrome Zero Click Full Chain (RCE + SBX + LPE) $ 1,500,000
  • Safari Zero Click Full Chain $ 500,000
  • Edge Zero Click Full Chain (RCE + SBX + LPE) $ 400,000
  • Firefox Zero Click Full Chain (RCE + SBX + LPE) $ 350,000
  • Tor $ 500,000
Clients / Office / Files / Archives
  • Microsoft Outlook (RCE) $ 250,000
  • Mozilla Thunderbird (RCE) $ 200,000
  • Microsoft Word/Excel (RCE) $ 400,000
  • Adobe Acrobat Reader (RCE + SBX) $ 200,000
  • WinRAR (RCE) $ 100,000
  • 7-zip (RCE) $ 80,000
  • WinZip (RCE) $ 50,000
  • tar (RCE) $ 50,000
Other
  • Antivirus (RCE) $ 50,000
  • Antivirus (LPE) $ 10,000
  • SMS/MMS Full Chain Zero Click from $ 7,000,000 to $ 9,000,000
  • Android Zero Click Full Chain $ 5,000,000
  • iOS Zero Click Full Chain from $ 5,000,000 to $ 7,000,000
  • iOS (RCE + SBX) $ 3,500,000
  • Chrome (RCE + LPE) from $ 2,000,000 to $ 3,000,000
  • Chrome (SBX) $ 500,000
  • Chrome (RCE w/o SBX) $ 500,000
  • Safari (RCE + LPE) from $ 2,500,000 to $ 3,500,000
  • Safari (SBX) from $ 300,000 to $ 400,000
  • Safari (RCE w/o SBX) $ 200,000
Other
  • LPE to Kernel/Root $ 800,000
  • Persistence $ 500,000
  • Media File (RCE + LPE) $ 200,000
  • Documents (RCE + LPE) $ 200,000
  • WhatsApp Zero Click (RCE + LPE) from $ 3,000,000 to $ 5,000,000
  • WhatsApp (RCE + LPE) $ 1,500,000
  • iMessage Zero Click (RCE + LPE) from $ 3,000,000 to $ 5,000,000
  • iMessage (RCE + LPE) $ 1,500,000
  • Other apps (RCE + LPE): email, Signal, FaceTime, Instagram, Telegram, Facebook, Facebook Messenger, Session, Threema, Wire, WeChat Varies
  • Cisco (RCE) $ 100,000
  • Mikrotik (RCE) $ 100,000
  • D-Link (RCE) $ 50,000
  • TP-Link (RCE) $ 50,000
  • Netgear (RCE) $ 50,000
  • Ubiquiti (RCE) $ 50,000
  • FortiNet (RCE) $ 100,000
  • Citrix (RCE) $ 100,000
  • Sonicwall (RCE) $ 100,000
  • Huawei (RCE) $ 100,000
  • Sophos (RCE) $ 100,000
  • Juniper (RCE) $ 75,000
  • HP (RCE) $ 50,000
Other
  • CCTV (RCE) $ 30,000
  • Hikvision DVR (RCE) $ 50,000
  • Printers (RCE) $ 25,000
  • NAS (Synology, QNAP) (RCE) $ 60,000
  • Microsoft Hyper-V (VME) $ 1,000,000
  • VMware ESXi (RCE) $ 1,000,000
  • VMware Workstation (VME) $ 300,000
  • Parallels Desktop (VME) $ 300,000
Web Apps / Web Hosting Control Panels
  • cPanel / WHM (RCE) $ 100,000
  • Plesk (RCE) $ 100,000
  • Webmin (RCE) $ 100,000
  • Roundcube (RCE) $ 50,000
  • Horde (RCE) $ 50,000
  • CentOS Web Panel (RCE) $ 100,000
  • Ajenti (RCE) $ 50,000
  • ISPConfig (RCE) $ 50,000
  • WHMCS (RCE) $ 50,000
  • Vesta CP (RCE) $ 50,000
  • DirectAdmin (RCE) $ 50,000
  • Confluence (RCE) $ 50,000
  • Squirrelmail (RCE) $ 50,000
  • Other mail servers (RCE) $ 25,000
CMS
  • WordPress (RCE) $ 500,000
  • phpBB (RCE) $ 50,000
  • vBulletin (RCE) $ 75,000
  • MyBB (RCE) $ 50,000
  • Joomla (RCE) $ 40,000
  • Drupal (RCE) $ 25,000
  • Invision Power Board (RCE) $ 75,000
Web Servers
  • Apache HTTP Server (RCE) $ 500,000
  • Microsoft IIS (RCE) $ 500,000
  • Nginx (RCE) $ 300,000
  • Red Hat JBoss (RCE) $ 50,000
  • Apache Tomcat (RCE) $ 50,000
Email Servers
  • Microsoft Exchange (RCE) $ 250,000
  • Sendmail (RCE) $ 200,000
  • Postfix (RCE) $ 200,000
  • Exim (RCE) $ 200,000
  • Dovecot (RCE) $ 200,000
IPMI
  • Sun SSP (RCE) $ 100,000
  • Dell DRAC (RCE) $ 100,000
  • HP iLO (RCE) $ 100,000
  • Supermicro IPMI (RCE) $ 100,000
  • Cisco CIMC (RCE) $ 100,000
  • VNC, TeamViewer, Radmin (RCE) $ 100,000
  • Other products (RCE) $ 50,000
EMS
  • Microsoft SharePoint (RCE) $ 250,000
  • IBM FileNet (RCE) $ 100,000
  • Oracle WebCenter (RCE) $ 100,000
  • IBM Lotus Domino (RCE) $ 50,000
PLM and EPR
  • SAP (RCE) $ 250,000
  • Siemens Teamcenter (RCE) $ 250,000
  • Oracle ERP (RCE) $ 200,000
  • Oracle Agile PML (RCE) $ 200,000
  • SPTC Windchill PLM (RCE) $ 200,000
  • MentorGraphics HyperLynx SI PLM (RCE) $ 100,000
  • Enovia PLM (RCE) $ 50,000
Databases
  • MS SQL Server (RCE) $ 150,000
  • Oracle Database (RCE) $ 150,000
  • MangoDB (RCE) $ 30,000
  • MySQL (RCE) $ 30,000
FTP
  • Filezilla (RCE) $ 50,000
  • Titan (RCE) $ 30,000
  • Serv-U (RCE) $ 20,000
  • net2ftp (RCE) $ 10,000
  • ProFTPD (RCE) $ 20,000
  • vsFTPD (RCE) $ 20,000
Other Products
  • OpenSSL (RCE) $ 250,000
  • PHP (RCE) $ 250,000
  • Qualcomm RCE $ 500,000
  • MediaTek RCE $ 500,000
  • Samsung LSI RCE $ 500,000
  • Intel RCE $ 500,000
  • Unisoc RCE $ 500,000
  • WiFi (RCE) $ 500,000
  • Code Signing Bypass $ 100,000
  • RCE via MitM $ 100,000
  • Information Disclosure/Leak $ 100,000
  • (k)ASLR Bypass $ 100,000
  • PIN/Passcode/Touch ID Bypass $ 100,000
  • USB (LPE) $ 50,000
  • Electric Vehicle Charging Stations Discussed individually