List all HackerOne programs your account can access.

The full list is large; pass compact=true to get just handle/name/offers_bounties/submission_state/state per program, which stays well under the response size limit. For just totals, use count_programs instead.

Count programs without listing them: total, bounty programs, VDPs (offers_bounties=false), and a breakdown by submission_state. One cheap API call, tiny response — use this for 'how many ...' questions.

Get full policy/details for a program by its handle.

Get structured scopes for a program, summarized in/out of scope.

List the weaknesses (CWE types) a program tracks: name, external_id (e.g. CWE-79), and description.

List programs matching filters, compactly. Examples: all VDPs (offers_bounties=false), all bounty programs (offers_bounties=true), only open programs (submission_state="open"), your bookmarked programs (bookmarked=true). Omitted filters are not applied.

List your own submitted reports (compact: id, title, state, dates). Use get_report(id) for the full detail of one report.

Search HackerOne's PUBLIC disclosed reports (hacktivity). Filters: free-text query; severity (critical/high/medium/low); cwe (vuln-class name, e.g. "Cross-site Scripting (XSS)"); cve (e.g. CVE-2024-1234); program (a team handle, e.g. "curl"). sort is "relevance" or "recent" (default: relevance when a free-text query is given, else recent). since/until bound results by disclosable-activity date as YYYY-MM-DD. Use size/from_ to page. Returns {total_count, results[...]}.

List valid CWE/weakness names usable as the cwe filter in search_disclosed_reports.

Search HackerOne's public program directory by name/handle term. Returns up to 10 matches (name, handle).

Search assets across your programs by keyword and optional asset_type.

Scans every program you can access, which on a cold cache means one API call per program and can be slow/rate-limited. Pass limit (e.g. 50) to scan only the first N programs for a quick result.

Rank your programs by attractiveness (bounties, scope breadth, severity).

Scans every program you can access, which on a cold cache means one API call per program and can be slow/rate-limited. Pass limit (e.g. 50) to rank only the first N programs for a quick result.

Read your current HackerOne balance.

List your HackerOne earnings.

Read a specific report by its id.

Format a HackerOne-style report in markdown for you to submit yourself.

Authenticated read-only GET against any HackerOne v1 path, for reads not covered by a dedicated tool. Pass a RELATIVE path (no host).

Known read endpoints: hackers/programs hackers/programs/{handle} hackers/programs/{handle}/structured_scopes hackers/programs/{handle}/weaknesses hackers/me/reports hackers/reports/{id} hackers/payments/balance hackers/payments/earnings