Welcome to Bastet Targets Observatory

Welcome to the Bastet Targets wiki - your comprehensive resource for documenting and analyzing observations from HackerOne's public, paid bounty programs.

🎯 What is Bastet Targets?

Bastet Targets is a systematic approach to security research documentation, providing:

• Intelligence Gathering: Centralized repository for target reconnaissance and analysis
• Program Tracking: Monitoring scope changes, reward updates, and program evolution
• Knowledge Sharing: Collaborative documentation of techniques, tools, and methodologies
• Historical Records: Timeline-based tracking of security research activities

🎯 High-Priority Targets

• High-Value Programs

  ---

  Top 10 HackerOne programs by 6-month payout volume plus strategic additions.

  View Priority List

• Attack Surface Analysis

  ---

  Comprehensive reconnaissance findings across 1,005+ subdomains and 490+ services.

  View Analysis

• Cryptocurrency Exchanges

  ---

  Coinbase: 519 subdomains | OKX: 337 subdomains | Enhanced intelligence profiles

  Coinbase • OKX

• Top Payout Leaders

  ---

  Uber: $20,340 (Rank #1) | Eternal: $9,300 | TikTok: $6,000

  Uber • View All

🚀 Navigation

• All Programs

  ---

  Complete directory of documented HackerOne bounty programs and intelligence.

  Browse All Programs

• Techniques

  ---

  Security testing methodologies and attack vectors for bug bounty research.

  Browse Techniques

📊 Current Status

Repository Statistics

• Active Programs: 12 high-value targets documented
• Total Subdomains Discovered: 1,005+ across all targets
• Live Web Services: 490+ active endpoints mapped
• Attack Surface Analysis: Complete for major cryptocurrency exchanges

🎓 Getting Started

For New Contributors

1. Read the Legal Framework (Coming Soon) - Understand the ethical and legal guidelines
2. Review HackerOne Guidelines (Coming Soon) - Learn platform-specific rules
3. Use Program Templates - Standardize your documentation
4. Follow Disclosure Practices (Coming Soon) - Ensure responsible disclosure

For Experienced Researchers

• Browse High-Value Targets for priority programs
• Review Attack Surface Analysis for comprehensive findings
• Explore individual program intelligence via Program Details
• Check reconnaissance findings and technical research priorities

🔥 Recently Updated Programs

• Coinbase Global Inc.

  ---

  Updated: September 1, 2025
  Status: 🚨 NEW TARGET - Strategic addition
  Intelligence: 519 subdomains, 222 services, $2.9B Deribit acquisition

  View Analysis

• Uber Technologies Inc.

  ---

  Updated: September 1, 2025
  Status: 🔥 HIGH PRIORITY - #1 Payout Leader
  Intelligence: $20,340 total payouts, global mobility platform

  View Analysis

• OKX (formerly OKEx)

  ---

  Updated: September 1, 2025
  Status: 🔥 HIGH PRIORITY - #2 Global Exchange
  Intelligence: 337 subdomains, Web3/DeFi integration, MiFID II license

  View Analysis

• TikTok (ByteDance)

  ---

  Updated: September 1, 2025
  Status: 🔥 MEDIUM-HIGH - 1B+ Users
  Intelligence: Regulatory challenges, Project Texas, algorithm security

  View Analysis

• GitLab Inc.

  ---

  Updated: September 1, 2025
  Status: 🟡 MEDIUM - DevOps Platform
  Intelligence: CI/CD security, enterprise self-hosted, GitHub competitor

  View Analysis

• PayPal Holdings Inc.

  ---

  Updated: September 1, 2025
  Status: 🟡 MEDIUM - FinTech Leader
  Intelligence: $1.53T payment volume, Venmo integration, crypto services

  View Analysis

📈 Intelligence Summary

Comprehensive Corporate Intelligence Added

✅ Company Profiles: Detailed corporate backgrounds for all major targets
✅ Financial Intelligence: Market cap, revenue, employee counts for threat modeling
✅ Acquisition History: Integration attack surfaces and legacy system identification
✅ Attack Surface Mapping: 1,005+ subdomains discovered across 12 high-value programs

⚖️ Ethical Guidelines

Important Reminder

This wiki is intended for authorized security research only. All content must comply with:

• HackerOne's terms of service and disclosure guidelines
• Applicable laws and regulations
• Program-specific scope and rules
• Responsible disclosure principles

🤝 Contributing

We encourage contributions from the security community! Here's how you can help:

• Document New Programs: Add findings from authorized bounty programs
• Share Techniques: Contribute new methodologies and attack vectors
• Improve Tools: Enhance automation scripts and configurations
• Update Resources: Keep guidelines and references current

See our contribution guidelines (Coming Soon) for detailed instructions.

---

• Security First

  ---

  All documentation follows responsible disclosure practices and ethical guidelines.

• Community Driven

  ---

  Built by the security community, for the security community.

• Always Current

  ---

  Regular updates ensure information remains accurate and relevant.

📞 Support & Contact

• Issues: Report bugs or request features via GitHub issues
• Questions: Join our community discussions
• Security: Report security issues through responsible disclosure

---

Happy hunting, and remember: with great power comes great responsibility. 🕷️

---

Last Updated: September 1, 2025 | Build: latest