Instruction: The HackerOne hacker VPN is used by hackers and HackerOne personnel. We'd be most interested in vulnerabilities that allow you to route traffic to other clients (lack of client isolation), routing traffic to internal HackerOne / Amazon networks, and bypassing [sslsplit](https://github.com/droe/sslsplit). Traffic routed through the VPN will originate from `66.232.20.0/23` or `206.166.248.0/23` (HackerOne netblocks). The VPN is based on OpenVPN.
Integrity requirements: high
Max severity: critical
Asset identifier: 206.166.248.0/23
Asset type: CIDR
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This net block is the origin of all traffic routed through the HackerOne hacker VPN. See the description for *.vpn.hackerone.net for the stack and vulnerabilities we're interested in.
Integrity requirements: high
Max severity: critical
Asset identifier: 66.232.20.0/23
Asset type: CIDR
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This net block is the origin of all traffic routed through the HackerOne hacker VPN. See the description for *.vpn.hackerone.net for the stack and vulnerabilities we're interested in.
Integrity requirements: high
Max severity: critical
Asset identifier: a5s.hackerone-ext-content.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: none
Eligible for bounty: true
Eligible for submissions: true
Instruction: This domain is used to serve static marketing assets. No confidential information is stored on these systems. However, it is important to us that these assets cannot be updated by an unauthorized third-party.
Integrity requirements: low
Max severity: medium
Asset identifier: api.hackerone.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is our public API that customers use to read and interact with reports. To look for vulnerabilities in this asset, create a sandboxed program, select HackerOne Professional or HackerOne Enterprise in the Product Edition settings page, and create an API token. This system’s backend is written in Ruby, converts the request to a GraphQL query, and serializes the GraphQL result to JSON.
Integrity requirements: high
Max severity: critical
Asset identifier: app.pullrequest.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Please use your `@wearehackerone.com` email address when signing up.
Integrity requirements: high
Max severity: critical
Asset identifier: b5s.hackerone-ext-content.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: none
Eligible for bounty: true
Eligible for submissions: true
Instruction: This domain is used to serve static marketing assets. No confidential information is stored on these systems. However, it is important to us that these assets cannot be updated by an unauthorized third-party.
Instruction: This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
Instruction: This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
Integrity requirements: low
Max severity: low
Asset identifier: ctf.hacker101.com
Asset type: URL
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: The Hacker101 CTF domain, ctf.hacker101.com, is not connected to HackerOne's production environment. It is hosted on Amazon AWS. Users authenticate through HackerOne.com (OAuth). The maximum bounty for any vulnerability on this asset is $500 right now. The CTF challenges itself are not in scope for our bug bounty program.
Integrity requirements: none
Max severity: low
Asset identifier: errors.hackerone.net
Asset type: URL
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: A separate domain that we use to capture information of client and server side exceptions.
Instruction: This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
Instruction: This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
Integrity requirements: low
Max severity: low
Asset identifier: hackerone-ext-content.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: none
Eligible for bounty: true
Eligible for submissions: true
Instruction: This domain is used to serve static marketing assets. No confidential information is stored on these systems. However, it is important to us that these assets cannot be updated by an unauthorized third-party.
Instruction: This is an Amazon S3 bucket that contains attachments of reports and activities. These attachments may contain confidential information. A signed request is required to download an object.
Integrity requirements: high
Max severity: critical
Asset identifier: hackerone-user-content.com
Asset type: URL
Availability requirement: none
Confidentiality requirement: none
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
Integrity requirements: low
Max severity: low
Asset identifier: hackerone.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is our main application that hackers and customers use to interact with each other. It connects with a database that contains information about vulnerability reports, users, and programs. This system’s backend is written in Ruby and exposes data to the client through GraphQL, rendered pages, and JSON endpoints.
Instruction: This domain is used to serve static marketing assets. No confidential information is stored on these systems. However, it is important to us that these assets cannot be updated by an unauthorized third-party.
Instruction: This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
Instruction: This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
Instruction: This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
Integrity requirements: low
Max severity: low
Asset identifier: reviewer.pullrequest.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Please use your `@wearehackerone.com` email address when signing up.
Integrity requirements: high
Max severity: critical
Asset identifier: www.hackerone.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is our marketing website. It does not contain any report or customer information. It may store information about hackers, such as information collected through the [penetration tester sign up form](https://www.hackerone.com/hackers/pentest-community-application). The website runs Drupal with a few customizations.
