You are hacking on: Snapchat

Powered by:

Allows bounty splitting:

Average time to first program response: 15

Average time to bounty awarded null: 204

Average time to report resolved: 2810

Handle snapchat

Managed program: false

Name: Snapchat

Offers bounties: true

Offers swag: false

Response efficiency percentage: 99

Submission state: open

Url: https://hackerone.com/snapchat

Website: https://www.snapchat.com/

In scope:

Asset identifier: *.sc-core.net

Asset type: URL

Availability requirement: high

Confidentiality requirement: high

Eligible for bounty: true

Eligible for submissions: true

Instruction: Snapchat's internal services

Integrity requirements: high

Max severity: critical

Asset identifier: Lens Studio

Asset type: DOWNLOADABLE_EXECUTABLES

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: Downloadable at https://lensstudio.snapchat.com/download/

Integrity requirements: low

Max severity: medium

Asset identifier: Spectacles

Asset type: HARDWARE

Availability requirement: low

Confidentiality requirement: medium

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core hardware] Specifically interested in Remote Code Execution on Spectacles (over the air).

Integrity requirements: low

Max severity: high

Asset identifier: accounts.snapchat.com

Asset type: URL

Availability requirement: high

Confidentiality requirement: high

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] Snapchat's account management website.

Integrity requirements: high

Max severity: critical

Asset identifier: ads.snapchat.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements: medium

Max severity: high

Asset identifier: app.snapchat.com

Asset type: URL

Availability requirement: high

Confidentiality requirement: high

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] Main server-side application hosted on Google App Engine under the hostname feelinsonice-hrd.appspot.com and app.snapchat.com.

Integrity requirements: high

Max severity: critical

Asset identifier: business.snapchat.com

Asset type: URL

Availability requirement: high

Confidentiality requirement: high

Eligible for bounty: true

Eligible for submissions: true

Instruction: Snapchat's Business Manager.

Integrity requirements: high

Max severity: critical

Asset identifier: businesshelp.snapchat.com

Asset type: URL

Availability requirement: medium

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: Snapchat's Salesforce instance

Integrity requirements: low

Max severity: high

Asset identifier: com.bitstrips.imoji

Asset type: APPLE_STORE_APP_ID

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Non-core asset] [iOS App Store](https://itunes.apple.com/us/app/bitmoji-keyboard-your-avatar/id868077558)

Integrity requirements: low

Max severity: medium

Asset identifier: com.bitstrips.imoji

Asset type: GOOGLE_PLAY_APP_ID

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Non-core asset] [Google Play Store](https://play.google.com/store/apps/details?id=com.bitstrips.imoji)

Integrity requirements: low

Max severity: medium

Asset identifier: com.snapchat.android

Asset type: GOOGLE_PLAY_APP_ID

Availability requirement: low

Confidentiality requirement: medium

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] [Google Play Store](https://play.google.com/store/apps/details?id=com.snapchat.android)

Integrity requirements: low

Max severity: high

Asset identifier: com.toyopagroup.picaboo

Asset type: APPLE_STORE_APP_ID

Availability requirement: low

Confidentiality requirement: medium

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] [iOS App Store](https://itunes.apple.com/us/app/snapchat/id447188370?mt=8)

Integrity requirements: low

Max severity: high

Asset identifier: create.snapchat.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: medium

Eligible for bounty: true

Eligible for submissions: true

Instruction: Snapchat's Geofilter creation tool.

Integrity requirements: low

Max severity: high

Asset identifier: geofilters.snapchat.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: medium

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] Snapchat's on-demand Geofilters purchase website.

Integrity requirements: low

Max severity: high

Asset identifier: https://lensstudio.snapchat.com/api/

Asset type: SOURCE_CODE

Availability requirement: high

Confidentiality requirement: high

Eligible for bounty: true

Eligible for submissions: true

Instruction: Snapchat's Javascript Lenses API

Integrity requirements: high

Max severity: critical

Asset identifier: kit.snapchat.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: medium

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] SNAPKIT web application and SDKs

Integrity requirements: low

Max severity: high

Asset identifier: map.snapchat.com

Asset type: URL

Availability requirement: none

Confidentiality requirement: none

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements: low

Max severity: low

Asset identifier: my.snapchat.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: medium

Eligible for bounty: true

Eligible for submissions: true

Instruction: Snapchat's Spotlight on the web.

Integrity requirements: low

Max severity: high

Asset identifier: scan.snapchat.com

Asset type: URL

Availability requirement: none

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] Snapcode creation website

Integrity requirements: none

Max severity: low

Asset identifier: snappublisher.snapchat.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: medium

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] Snapchat's publisher tool.

Integrity requirements: low

Max severity: high

Asset identifier: spectacles.com

Asset type: URL

Availability requirement: none

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Core asset] Snapchat's spectacles purchase website.

Integrity requirements: none

Max severity: low

Asset identifier: store.snapchat.com

Asset type: URL

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction: Snapchat's Bitmoji Merch Store

Integrity requirements:

Max severity: critical

Asset identifier: story.snapchat.com

Asset type: URL

Availability requirement: none

Confidentiality requirement: none

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements: low

Max severity: low

Asset identifier: web.snapchat.com

Asset type: URL

Availability requirement: high

Confidentiality requirement: high

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements: high

Max severity: critical

Asset identifier: www.bitmoji.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Non-core asset]

Integrity requirements: low

Max severity: medium

Asset identifier: www.bitstrips.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: [Non-core asset]

Integrity requirements: low

Max severity: medium