HackerOne

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.vpn.hackerone.net URL high high high critical
The HackerOne hacker VPN is used by hackers and HackerOne personnel. We'd be most interested in vulnerabilities that allow you to route traffic to other clients (lack of client isolation), routing traffic to internal HackerOne / Amazon networks, and bypassing [sslsplit](https://github.com/droe/sslsplit). Traffic routed through the VPN will originate from `66.232.20.0/23` (a HackerOne net block). The VPN is based on OpenVPN.
66.232.20.0/23 CIDR high high high critical
This net block is the origin of all traffic routed through the HackerOne hacker VPN. See the description for *.vpn.hackerone.net for the stack and vulnerabilities we're interested in.
https://*.hackerone-ext-content.com URL low none low medium
This domain is used to serve static marketing assets. No confidential information is stored on these systems. However, it is important to us that these assets cannot be updated by an unauthorized third-party.
https://*.hackerone-user-content.com/ URL none none low low
This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
https://api.hackerone.com URL high high high critical
This is our public API that customers use to read and interact with reports. To look for vulnerabilities in this asset, create a sandboxed program, select HackerOne Professional or HackerOne Enterprise in the Product Edition settings page, and create an API token. This system’s backend is written in Ruby, converts the request to a GraphQL query, and serializes the GraphQL result to JSON.
https://ctf.hacker101.com URL none low none low
The Hacker101 CTF domain, ctf.hacker101.com, is not connected to HackerOne's production environment. It is hosted on Google Compute Cloud. It stores emails, usernames, and passwords (using `bcrypt`). The maximum bounty for any vulnerability on this asset is $500 right now. We will pay an additional $1,000 for anyone that finds a way to abuse any of the CTF servers to mine crypto currency or do any kind of spamming. All outbound connections on the CTF servers **should** be blocked. If you find a way around this, we'd love to hear about it.
https://errors.hackerone.net URL low medium low high
A separate domain that we use to capture information of client and server side exceptions.
https://hackerone-us-west-2-production-attachments.s3-us-west-2.amazonaws.com/ URL low high high critical
This is an Amazon S3 bucket that contains attachments of reports and activities. These attachments may contain confidential information. A signed request is required to download an object.
https://hackerone.com URL high high high critical
This is our main application that hackers and customers use to interact with each other. It connects with a database that contains information about vulnerability reports, users, and programs. This system’s backend is written in Ruby and exposes data to the client through GraphQL, rendered pages, and JSON endpoints.
https://www.hackerone.com URL low medium low high
This is our marketing website. It does not contain any report, hacker, or customer information. Gaining access to this system does not give you access to any highly confidential information. The website runs Drupal with a few customizations.
206.166.248.0/23 CIDR high high high critical
This net block is the origin of all traffic routed through the HackerOne hacker VPN. See the description for *.vpn.hackerone.net for the stack and vulnerabilities we're interested in.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
https://go.hacker.one URL low none low medium
This asset is hosted by Marketo, and as such these reports should be submitted to their program instead via @marketo.
https://info.hacker.one/ URL none
This asset is hosted by Unbounce, and as such these reports should be submitted to them via https://unbounce.com/security/.
https://support.hackerone.com URL none medium medium critical
This asset is hosted by Zendesk, and as such these reports should be submitted to their program instead via @zendesk.
https://www.hackeronestatus.com/ URL none
This asset is hosted by Atlassian, and as such these reports should be submitted to their program instead via https://bugcrowd.com/statuspage.
https://ma.hacker.one URL none
This asset is hosted by Marketo, and as such these reports should be submitted to their program instead via @marketo.