Freshworks icon Freshworks HackerOne

Target Policy
https://hackerone.com/freshworks?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • yourdomain.freshrelease.com

    Freshrelease is an agile project management tool bundled with the ITSM solution, Freshservice. It is hosted at yourdomain.freshrelease.com and integrated into Freshservice via an iframe, accessible under yourdomain.freshservice.com → Projects

    URL
    critical
  • Freshservice-iOS-App

    Freshservice iOS app can be downloaded from https://apps.apple.com/us/app/freshservice/id891265220

    APPLE_STORE_APP_ID
    critical
  • yourdomain.freshdesk.com

    Please sign up to create your account and start testing. Read the "In scope" items mentioned in the description. Reports received from accounts/domains that you don't own will not be considered eligible for bounty.

    URL
    critical
  • yourdomain.freshservice.com

    Please sign up to create your account and start testing. Read the "In scope" items mentioned in the description. Reports received from accounts/domains that you don't own will not be considered eligible for bounty.

    URL
    critical
  • Freshservice Discovery Agent and Probe

    The Freshservice Discovery Agent is a lightweight application that helps IT teams track and manage their assets by automatically collecting and updating hardware and software information from Windows, Mac, and Linux machines

    OTHER
    critical
  • com.freshdesk.freshsales.mobile

    Freshsales Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshdesk.helpdesk

    GOOGLE_PLAY_APP_ID
    none
  • com.freshdesk.helpdesk

    Freshdesk Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshdesk.helpdesk

    GOOGLE_PLAY_APP_ID
    critical
  • yourdomain.myfreshworks.com

    We encourage you to create an account and commence testing. We kindly request that you review the "In scope" items detailed in the program description. Due to a product revamp, we have decided to remove Freshsales and Freshmarketer product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team.

    Out of scope:
    Freshsales - https://yourdomain.myfreshworks.com/crm/sales/*
    Freshmarketer - https://yourdomain.myfreshworks.com/crm/crm/marketer/*

    URL
    critical
  • yourdomain.freshcaller.com

    Please sign up to create your account and start testing. Read the "In scope" items mentioned in the description. Reports received from accounts/domains that you don't own will not be considered eligible for bounty.

    URL
    critical
  • com.freshchat.agent.android

    Freshchat Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshchat.agent.android

    GOOGLE_PLAY_APP_ID
    critical
  • yourdomain.myfreshworks.com/crm

    Please signup to create your own account and start testing. Please read the "In scope" items mentioned in the description. Any services operated by a third party without a proof of concept demonstrating the impact on CRM users will likely be ineligible for a bounty.

    Also, reports received from accounts/domains that you don't own will not be considered eligible.

    URL
    critical
  • Freshserive-Intune-iOS-App

    Freshservice Intune iOS app can be downloaded from https://apps.apple.com/us/app/freshservice-for-intune/id6475669802

    APPLE_STORE_APP_ID
    critical
  • Freshchat-iOS-App

    Freshchat iOS app can be downloaded from
    https://apps.apple.com/us/app/freshchat/id1273666080

    APPLE_STORE_APP_ID
    critical
  • Freshcaller-iOS-App

    Freshcaller iOS app can be downloaded from https://apps.apple.com/us/app/freshcaller/id1424866045

    APPLE_STORE_APP_ID
    critical
  • yourdomain.freshchat.com

    Please sign up to create your account and start testing. Read the "In scope" items mentioned in the description. Reports received from accounts/domains that you don't own will not be considered eligible for bounty.

    URL
    critical
  • Freshsales-iOS-App

    Freshsales iOS app can be downloaded from https://apps.apple.com/us/app/freshsales/id1073125057

    APPLE_STORE_APP_ID
    none
  • http://yourdomain.myfreshworks.com/crm

    Please signup to create your own account and start testing. Please read the "In scope" items mentioned in the description. Any services operated by a third party without a proof of concept demonstrating the impact on CRM users will likely be ineligible for a bounty.

    Also, reports received from accounts/domains that you don't own will not be considered eligible.

    URL
    critical
  • Freshservice-Intune-iOS-App

    Freshservice Intune iOS app can be downloaded from https://apps.apple.com/us/app/freshservice-for-intune/id6475669802

    APPLE_STORE_APP_ID
    critical
  • com.freshservice.helpdesk

    Freshservice Android App can be downloaded from https://play.google.com/store/apps/details?id=com.freshservice.helpdesk

    GOOGLE_PLAY_APP_ID
    critical
  • com.freshworks.freshcaller

    Freshcaller Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshworks.freshcaller

    GOOGLE_PLAY_APP_ID
    critical
  • com.freshservice.helpdesk.intune

    Freshservice Intune Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshservice.helpdesk.intune

    GOOGLE_PLAY_APP_ID
    critical
  • Freshdesk-iOS-App

    Freshdesk iOS app can be downloaded from https://apps.apple.com/us/app/freshdesk/id849713306

    APPLE_STORE_APP_ID
    critical
Target Scope Domains
  • yourdomain.freshcaller.com
  • yourdomain.freshchat.com
  • yourdomain.freshdesk.com
  • yourdomain.freshrelease.com
  • yourdomain.freshservice.com
  • yourdomain.myfreshworks.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-dnsenum-threaded
allsubs
6 hours ago
Finished
auto-dnsenum-threaded
  • Fleet: allsubs
  • Duration: 56 Seconds
  • Finished: 6 hours ago