Skip to main content
HackerOne

Overview

The HackerOne integration pulls vulnerability reports from your bug bounty or VDP program into Pwnbook. Review, triage, and track reports without switching between platforms.

Prerequisites

  • A HackerOne account with access to a program
  • A HackerOne API token (program-scoped)
  • Admin or Owner access in Pwnbook

Setup

1

Generate a HackerOne API token

  1. Log in to HackerOne and go to Settings → API Token.
  2. Create a new token scoped to your program.
  3. Copy the Identifier and Token values.
2

Configure in Pwnbook

  1. Go to Organization Settings → Marketplace → HackerOne.
  2. Enter your API Identifier, API Token, and Program handle (the subdomain of your HackerOne program URL).
  3. Click Save & Test.

What’s available

ViewDescription
ReportsAll reports with severity, state (new, triaged, resolved), and bounty status
Triage queueReports awaiting triage, sorted by severity
Report detailFull report content, timeline, and attachments

Workbench card

The HackerOne workbench card shows open report counts by severity and the depth of the current triage queue.