Asset Types

HackerOne provides functionality to allow you to define your program's scope by listing assets that are considered in or out of scope for your program.

HackerOne supports the following types of assets:

Type Details
CIDR Any valid IPv4 or IPv6 CIDR range.

Examples:
    172.200.0.0/16
    2001:db8::/48
    fe80:0000:0000:0000:0204:61ff:fe9d:f156/3
Domain Domain of the asset. Wild card (*) may be used.

Example:
iOS: App Store The identifier in the Apple Store to locate your App.

Example:
    com.domainname.appname
    com.example.myapp
iOS: Testflight A standard apple identifier (https://developer.apple.com/testflight/).

Note: If you'll be providing a different version than the one available in the App Store, please detail the invitation process in the instructions.

Example:
    com.domainname.myapp
iOS: .ipa A standard apple identifier.

Note: If you'll be providing a different version than the one available in the App Store or Testflight, please detail where they can be located.

Example:
    com.domainname.myapp
Android Play Store The id in Play Store used to locate your application (https://developer.android.com/studio/build/application-id.html).

Example:
    com.example.myapp
Android: .apk A standard APK identifier.

Note: If you'll be providing a different version than the one available in the Play Store, please detail where they can be located.

Example:
    com.domainname.myapp
Windows: Microsoft Store The identifier in the Microsoft Store used to locate your app. It can be either a store ID like '9WZDNCRFHVJL' or an identifier name like 'Microsoft.SDKSamples.ApplicationDataSample'.

Examples:
    9WZDNCRFHVJL
    Microsoft.SDKSamples.ApplicationDataSample
Source code Link to the repository of an open source project.
Executable Packaged executable on Linux, Windows, or Mac. Open source projects with releases can and should link as a Downloadable executable too.
Hardware/IoT Identifiable model number and make. Be sure to explain in the instructions how to locate the model details and what they may look like.

Example:
    100-440-0.750-3434-A
Other Any other type of asset that is not contained within the existing taxonomy.

Source Code, Downloadable Executables, and Hardware Identifiers aren't validated. You're free to use this in whatever suits your naming conventions.

You can edit your scopes in your settings under Program Settings > Program > Scope.