Help Center

What asset types are supported in my program's scope?

HackerOne provides functionality to allow you to define your program's scope by listing assets that are considered in or out of scope for your program.

HackerOne supports the following types of scope:

CIDRAny valid IPv4 or IPv6 CIDR range

  • 172.200.0.0/16
  • 2001:db8::/48
  • fe80:0000:0000:0000:0204:61ff:fe9d:f156/3

URL A valid URI, per our uri_validator.rb (which mostly relies on the standard ruby libary “uri” and matches the official URI RFC spec)

  • *.hackerone.com
  • https://maps.google.com
  • mywebsite.com/cool

Apple Store App IDStandard apple identifier (https://developer.apple.com/library/content/documentation/General/Conceptual/DevPedia-CocoaCore/AppID.html)

  • com.domainname.appname

Testflight - Standard apple identifier 

(https://developer.apple.com/library/content/documentation/General/Conceptual/DevPedia-CocoaCore/AppID.html)

  • com.domainname.appname

Other .ipa - Standard apple identifier 

(https://developer.apple.com/library/content/documentation/General/Conceptual/DevPedia-CocoaCore/AppID.html)

  • com.domainname.appname

Google Play - Standard APK identifier

(https://developer.android.com/studio/build/application-id.html)

  • com.domainname.appname

Other .apk - Standard APK identifier

(https://developer.android.com/studio/build/application-id.html)

  • com.domainname.appname

Windows Store App - Either a store ID like '9WZDNCRFHVJL' or an Identifier Name like 'Microsoft.SDKSamples.ApplicationDataSample'

  • 9WZDNCRFHVJL
  • Microsoft.SDKSamples.ApplicationDataSample

Source Code, Downloadable Executables and Hardware identifiers are not validated. You are free to use this in whatever suits your naming conventions. 

You can edit your scopes in your settings under Program -> Policy & Scope. For more information on how to edit your scopes, as well as best practices for defining your scopes, please see the "How do I define the Scope for my program?" article.

If you have an asset that does not fit in any of the above types, please contact support@hackerone.com. 

Have more questions? Submit a request
Powered by Zendesk