Asset Types

HackerOne provides functionality to allow you to define your program's scope by listing assets that are considered in or out of scope for your program.

HackerOne supports the following types of assets:

Type Details
CIDR Any valid IPv4 or IPv6 CIDR range.
Examples:
  • 172.200.0.0/16
  • 2001:db8::/48
  • fe80:0000:0000:0000:0204:61ff:fe9d:f156/3
URL A valid URI, per our uri_validator.rb (which mostly relies on the standard ruby library “uri” and matches the official URI RFC spec)
Examples:
Apple Store App ID A standard apple identifier.
Example:
  • com.domainname.appname
Testflight A standard apple identifier.
( https://developer.apple.com/testflight/ )
Example:
  • com.domainname.appme
Other .ipa A standard apple identifier.
Example:
  • com.domainname.appme
Google Play A standard APK identifier.
( https://developer.android.com/studio/build/application-id.html )
Example:
  • com.domainname.appme
Windows Store App Either a store ID like '9WZDNCRFHVJL' or an identifier name like 'Microsoft.SDKSamples.ApplicationDataSample'
Examples:
  • 9WZDNCRFHVJL
  • Microsoft.SDKSamples.ApplicationDataSample

Source Code, Downloadable Executables and Hardware identifiers are not validated. You are free to use this in whatever suits your naming conventions.

You can edit your scopes in your settings under program's Settings > Program > Scope.