Skip to content

Programs Overview

This section contains detailed documentation for individual HackerOne bounty programs, including reconnaissance findings, vulnerability assessments, and program evolution tracking.

📋 Program Categories

Active Programs

Currently running bounty programs with ongoing research activities.

Archived Programs

Completed or discontinued programs with historical documentation.

Program Templates

Standardized documentation templates for consistent program documentation.

Program Quality Signals

Heuristics for identifying high-value programs (triage speed, payout consistency, duplicate pressure, etc.).

🎯 Program Documentation Structure

Each program follows a standardized structure:

program-name/
├── README.md              # Program overview and quick reference
├── scope.md              # Detailed scope analysis
├── reconnaissance/       # Target enumeration and discovery
├── vulnerabilities/      # Identified security issues
├── timeline.md          # Chronological updates and changes
└── assets/              # Screenshots, diagrams, and evidence

📊 Quick Stats

Program Statistics

  • Total Programs Documented: 0
  • Active Research: 0 programs
  • Archived Research: 0 programs
  • Average Program Duration: N/A

🚀 Getting Started

Adding a New Program

  1. Create a new directory under programs/ with the program name
  2. Use the program template for initial documentation
  3. Follow the standardized structure for consistency
  4. Update navigation in mkdocs.yml if needed

Documentation Best Practices

  • Consistent Naming: Use lowercase with hyphens (e.g., example-corp)
  • Date Stamps: Include dates for all observations and updates
  • Evidence: Store screenshots and files in the assets/ subdirectory
  • Links: Cross-reference related programs and techniques
  • Legal Compliance: Ensure all documentation follows responsible disclosure

🔍 Search and Navigation

Use the search functionality to quickly find: - Specific programs by name or company - Vulnerability types across programs - Techniques used in different contexts - Timeline entries for specific dates

Important Guidelines

  • Only document authorized bounty programs
  • Follow each program's specific terms and conditions
  • Respect scope limitations and exclusions
  • Practice responsible disclosure for all findings
  • Never include live credentials or sensitive data

Ready to start documenting? Check out our templates to get started!