a group shot of hackers from a previous hacking event
Hack for Good

Where hackers learn and earn

  • Build your skills with educational materials for all levels
  • Put your skills to work with hundreds of bug bounty programs and hacking engagements
monetization_on
150M+

Rewarded to hackers

policy
1K+

Active bug bounty programs

flag
25+

CTF levels to sharpen your skills

Opportunities to hack

monetization_on
Earn cash hacking on bug bounty programs

Love the hunt, want to get well-rewarded? Hackers have earned over $150 million through the HackerOne platform.

star_border
Join the best of the best in the HackerOne Clear community

Exclusive perks and hacking engagements for proven, skilled hackers. Your in-demand skills will earn top dollar.

group
Pentest interesting scopes with a team of hackers

Earn up to a $5K stipend per pentest engagement. Collaborate with other pentest professionals through this team driven pentest methodology.

travel_explore
Easily submit vulnerabilities to organizations through Vulnerability Disclosure Programs

Find organizations that welcome you to submit security vulnerabilities and commit to safe harbor.

Community partners

Exclusive discounts and opportunities for HackerOne hackers through our amazing partner network

an image of a woman working on a laptop

Hacker101

Learn how to hack with free video lessons, guides, CTF labs, and more

  • Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.  
  • Capture the Flag (CTF) levels inspired by real-world vulnerabilities
  • Join the Hacker101 Discord community and chat with thousands of other learners

Further your career, earn cash, meet friends

1

Hacktivity:

View real-time results and learn from thousands of disclosed reports from the hacker community

an image of a man overlooking a bridge in London England

Connect with other hackers via regional Hacking Chapters around the world

The HackerOne Brand Ambassadors are leaders in their communities, running HackerOne Chapters with hackers learning and earning together.

  • Communicate in your native language
  • Hack alongside other hackers, collaborate and make new friends
  • Compete in CTFs, hack on targets as a group
Event listings and recaps
August 3rd, 2021

H@cktivityCon

h@cktivitycon is a HackerOne hosted hacker conference built by the community for the community. For the first time ever, we will be bringing our speakers together in-person in Las Vegas to stream amazing content to the world!
Recap of h@cktivitycon 2020
Ethical Hacker,
Events,
Hacker Resources,
Hacker 101,
HackerOne Community Blog

Recap of h@cktivitycon 2020

HackerOne’s first-ever hacker conference, h@cktivitycon streamed from Twitch on Friday, July 31st - August 1st...

an image of our hackers working at their desks

Hack for good, hack for all

Support charity and easily donate a percentage of your bounty to a charitable cause

  • Join the community and donate to the selected charitable cause 
  • Work with our team determine which charity you’d like to donate your bounty to

FAQ for hackers

How do I get started?

Sign-up for an account. You will need a name, username, and a valid email address. You can remain anonymous with a pseudonym, but if you are awarded a bounty you will need to provide your identity to HackerOne. Be sure to take a look at our Disclosure Guidelines which outline the basic expectations that both security teams and hackers agree to when joining HackerOne.

Find a participating program. Read the Security Page closely, which will give you the information you need to participate in the program, including the scope of the program and reward expectations. Programs can offer thanks, swag, and/or bounties for valid reports; every program is different and it’s at the discretion of the program what sort of reward they offer, so be sure to check that out before you submit a report. Start hacking and submitting reports. Your reports should include a detailed description of your discovery with clear, concise reproducible steps or a working proof-of-concept (POC). If you don't explain the vulnerability in detail, there may be significant delays in the disclosure process, which is undesirable for everyone. If you’re not sure what a good report looks like, here are some tips.

I have found a vulnerability, now what?

Congrats on finding a security vulnerability, that’s exciting! You can use the HackerOne Directory to find the appropriate method to contact the organization. Some companies prefer you reach out to them through HackerOne, some through email. All the information is on their profile. Just search for their company name and their preferred method will come up.

Here’s an example of a company who handles reports on HackerOne: https://hackerone.com/twitter

Here’s an example of an organization that prefers email: https://hackerone.com/ncsc

How do I choose a program?

Picking a program to hack on is easy! Go to the HackerOne programs overview and pick an exciting-looking program. The overview will list all the public HackerOne programs and the ones you’re invited to. Then read the program policy and scope to make sure you don’t hack anything you’re not supposed to

 

When do I submit a security vulnerability?

Before you submit a security vulnerability, make sure to read through the program’s scope. The scope determines whether or not a company is interested in a particular vulnerability. Once you have confirmed the program will accept the vulnerability, be sure to submit the issue to the program.

How do I write a good report?

A good report is made up of a few things — a descriptive title, a thorough explanation and proof of concept, and metadata. @nahamsec wrote a great guide on how to write a good report. You can read it here: https://docs.hackerone.com/programs/quality-reports.html.

What tools can I use?

As we recently surpassed $100 million dollars in bounties, we want to continue the celebration with this list of 100 tools and resources for hackers! These range from beginner to expert. Most are free but some cost money. Read all about them here.

What happens when I submit a report?

A company will review the contents and triage the vulnerability. You can review the Response Efficiency metrics on a company’s policy page. This will help you determine how quickly a company responds, bounties and resolves the bug.

How do I share back with the community?

The hacker community is a group of tens of thousands of people that make the internet safer for everyone. A lot of us are learning new things every day. In order for us to excel and discover new techniques and entire vulnerability classes, we try to share as much information as possible. This is often done through blog posts, how tos, CTF challenges, public disclosure, or a simple tweet. This is one of the things that makes this such an amazing community!

What is Hacktivity?

Hacktivity is the front page of our community showcasing select activity regarding vulnerabilities (once disclosed), hackers, programs, and bounty awards. In this article, we'll answer the most frequently asked questions regarding Hacktivity.

View our policies here.

Resources for professional and aspiring hackers
100 hacking tools and resources