Use this link to visit the project page and get the app:
Open sourceCodeProgramsH1 on GitHub
sourceCodeProgramsH1 helps you find HackerOne bug bounty programs that allow source code repositories in scope. It pulls together programs that list GitHub, GitLab, or Bitbucket in their scope, so you can spot code-level attack surfaces faster.
You can use it to:
- Check which programs include source repositories
- Filter results by source control platform
- Review programs in one place
- Save time when you research targets
- Focus on programs that may expose code paths, configs, or secrets
Before you run it on Windows, make sure you have:
- Windows 10 or Windows 11
- A web browser such as Chrome, Edge, or Firefox
- A stable internet connection
- Git installed, if you want to use the project files locally
- Node.js, if you plan to run the web app on your own machine
If you only want to view the project page, you only need a browser.
Follow these steps on Windows:
- Open the GitHub link above.
- Look through the repository page for the latest files and setup details.
- Download the project files if you want to run it locally.
- Save the files to a folder you can find again, such as Downloads or Desktop.
- If the project includes a packaged app or release file, download that file.
- If the project is source code only, use the setup steps below.
If you want to run the app from source code:
- Install Node.js from the official Node.js website.
- Install Git from the official Git website.
- Open the folder where you saved the project.
- Right-click inside the folder and open PowerShell or Command Prompt.
- Run the install command shown in the project files, such as npm install.
- Run the start command shown in the project files, such as npm run dev or npm start.
- Wait for the app to finish loading in your browser.
- Keep the window open while you use the app.
If the project includes a desktop build or release archive, unzip it first, then open the main app file.
After the app opens:
- Browse the list of HackerOne programs.
- Look for entries that mention GitHub, GitLab, or Bitbucket.
- Open a program entry to review the scope details.
- Check the source code repository notes for signs of code access.
- Use the filters to narrow the list if the app includes them.
- Copy useful program names into your own notes.
You will likely see these parts in the app:
- Program list: shows the HackerOne programs found in scope
- Source repository markers: shows GitHub, GitLab, or Bitbucket references
- Search bar: helps you find a specific program
- Filter panel: helps you sort by platform or scope type
- Details view: shows extra information about each program
People use this app to:
- Find programs with public code repositories
- Save time during target research
- Compare programs with source code in scope
- Build a short list of promising targets
- Review scope before deeper testing
The repository may include these common files:
- package.json
- README.md
- src folder
- public folder
- .env example file
- build or dist folder
- configuration files for the web app
If you see a package.json file, the app is usually a Node.js project.
If the app does not open, try these steps:
- Make sure Node.js is installed.
- Make sure you are in the correct folder.
- Check that all project files finished downloading.
- Run the install command again.
- Run the start command again.
- Refresh the browser page if one opens but stays blank.
Use this app only for programs where you have permission to test. Review each program’s rules before you take any action.
Visit the project page here:
Open the repository and download or run the files from the main page: