Grammarly icon Grammarly HackerOne

Target Policy
https://hackerone.com/grammarly?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • http://*.grammarlyaws.com
    WILDCARD
    critical
  • http://*.grammarly.com
    WILDCARD
    critical
  • http://*.grammarly.io
    WILDCARD
    critical
  • Grammarly for Developers Text Editor SDK

    [Text editor SDK](https://developer.grammarly.com/) allows application developers to enhance their apps with writing assistant from Grammarly.

    - [Developer Documentation](https://developer.grammarly.com/docs/)
    - [Getting Started](https://developer.grammarly.com/docs/quick-start)
    - [Developer Console](https://developer.grammarly.com/apps)

    [NPM packages](https://developer.grammarly.com/docs/api/):
    - [@grammarly/editor-sdk](https://developer.grammarly.com/docs/api/editor-sdk/)
    - [@grammarly/editor-sdk-react](https://developer.grammarly.com/docs/api/editor-sdk-react/)
    - [@grammarly/editor-sdk-vue](https://developer.grammarly.com/docs/api/editor-sdk-vue/)

    Notable features:
    - **[Connected Accounts](https://developer.grammarly.com/docs/connected-accounts)**
    - **[Trusted Authentication](https://developer.grammarly.com/docs/trusted-authentication)**

    Grammarly for Developers and the Text Editor SDK were discontinued on January 10, 2024. The SDK will no longer work in applications.

    SOURCE_CODE
    none
  • Grammarly Business Features

    ### Security features
    - Account roles and permissions
    - SAML single sign-on
    - Managed mode
    - Invite and domain capture

    ### Team features
    - Style guide
    - Brand tones
    - Knowledge Share
    - Snippets
    - Analytics dashboard

    ## Supporting Resources
    - [Overview of Business features](https://www.grammarly.com/business)
    - [Feature comparison](https://www.grammarly.com/plans)
    - [Snippets Introduction](https://www.grammarly.com/business/snippets)
    - [Brand tones introduction](https://www.grammarly.com/business/brand-tones)
    - [Analytics introduction](https://www.grammarly.com/business/analytics)
    - [Style Guide introduction](https://www.grammarly.com/business/styleguide)
    - [Knowledge Share introduction](https://support.grammarly.com/hc/en-us/articles/16664924710797-Introducing-Knowledge-Share)
    - [Managed Mode](https://support.grammarly.com/hc/en-us/articles/8341171286541-Managed-Mode)
    - [Invite](https://support.grammarly.com/hc/en-us/articles/115000931852-Invite-team-members)
    - [Domain Capture](https://support.grammarly.com/hc/en-us/articles/19489029001869-How-to-automatically-join-or-request-to-join-a-Grammarly-Business-subscription)
    - [Roles and permissions](https://support.grammarly.com/hc/en-us/articles/19026306820109-Group-manager-permissions-for-team-members)
    - [How to use style guides](https://support.grammarly.com/hc/en-us/articles/360043832652-Create-style-rules)
    - [How to use analytics dashboard](https://support.grammarly.com/hc/en-us/articles/360061408151-Analyze-my-team-s-writing-performance)
    - [How to use Brand tones](https://support.grammarly.com/hc/en-us/articles/4403544890253-Set-brand-tones)
    - [How to use snippets](https://support.grammarly.com/hc/en-us/articles/4403077145485-Create-snippets)
    - [Articles to setup SSO](https://support.grammarly.com/hc/en-us/sections/360010341231-SAML-Single-Sign-On)

    OTHER
    critical
  • *.grammarlyaws.com
    WILDCARD
    critical
  • Grammarly Assistant

    Grammarly's AI writing assistant is a powerful tool that leverages generative AI to assist users in composing, rewriting, ideating, and replying to texts. It's contextually aware and offers personalized suggestions that respect user authenticity. The assistant is integrated into Grammarly's existing product offerings and can be used across many popular desktop applications and websites. It provides on-demand assistance, allowing users to generate high-quality, task-appropriate writing and revisions. The assistant is also capable of incorporating organizational context for Grammarly Business customers, providing text that's tailored to the business.

    More information about Grammarly Assistant:
    https://www.grammarly.com/ai

    Ariticle to get you started:
    https://support.grammarly.com/hc/en-us/articles/14528857014285-Introducing-generative-AI-assistance

    OTHER
    critical
  • auth.grammarly.com

    Grammarly's Auth Server

    URL
    critical
  • goldengate.grammarly.com

    Golden Gate: An API gateway service designed to unify and streamline access to multiple services.

    URL
    critical
  • grammarly.ai

    This service doesn't handle, store or transfer any internal data or data of our users. Additionally, it is located in a separate VPC and isn't part of our infrastructure.
    We accept only **critical submissions**(SSRF, XXE, SQLi, RCE) with a clearly reproducible **proof of concept code**.

    _Reports that don't match these criteria will be closed as "N/A"._

    URL
    low
  • *.grammarly.com
    WILDCARD
    critical
  • MS Office Add-In

    Grammarly add-on (works with MS Word and Outlook for Windows), where authorized users can check their Word documents or emails. Auto-update functionality can be tested on an [older version](https://download-office.grammarly.com/installer/GrammarlyAddInSetup6.6.110.exe).
    Download URL: https://download-office.grammarly.com/latest/GrammarlyAddInSetup.exe .
    Prerequisites: MS Word/Outlook, .NET Framework 4.5.

    Vulnerabilities are eligible for submission if they’re reproducible on **any version of** Word/Outlook on Windows 10 with **all latest security patches applied**. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word/Outlook license if the report appears being valid.

    OTHER
    critical
  • AppActions

    With app actions, you can connect Grammarly to apps you use every day and perform common tasks directly from Grammarly. This saves time by avoiding context-switching and helps you stay in the flow of writing.

    URL's in scope:
    - 3p-access.grammarly.com/*
    - goldengate.grammarly.com/skills-proxy/*
    - goldengate.grammarly.com/skills/*

    You can read more about "App Actions" here - https://support.grammarly.com/hc/en-us/articles/21227721882253-Introducing-App-Actions.

    OTHER
    critical
  • Capture the Flag

    The first hacker who reports the `$FLAG` saved in the document (`document_id: 1198436185`) of the user `h1_ctf@grammarly.com` (`user_id: 1411519194`) will be awarded a **$100K bounty**.

    OTHER
    critical
  • *.grammarly.io
    WILDCARD
    critical
  • Grammarly Desktop for Windows

    https://download-windows.grammarly.com/GrammarlyInstaller.exe

    DOWNLOADABLE_EXECUTABLES
    critical
  • com.grammarly.keyboard
    APPLE_STORE_APP_ID
    critical
  • app.grammarly.com

    app.grammarly.com is Grammarly’s web application, enabling users to create, edit, and manage documents while accessing the full suite of Grammarly features through the online editor.

    URL
    critical
  • com.grammarly.android.keyboard

    Vulnerabilities in Grammarly Mobile Keyboard for Android with a working proof of concept may qualify for an additional bounty through the [Google Play Security Rewards Program](https://hackerone.com/googleplay). To see which vulnerabilities may qualify for a bounty, please refer to the Google Play Security Rewards Program’s [Vulnerability Criteria](https://hackerone.com/googleplay).

    GOOGLE_PLAY_APP_ID
    critical
  • Grammarly Desktop for macOS

    https://download-mac.grammarly.com/Grammarly.dmg

    DOWNLOADABLE_EXECUTABLES
    critical
  • Grammarly for Microsoft Word

    Vulnerabilities are eligible for submission if they’re reproducible on any version of Word on OS with all latest security patches applied. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word license if the report appears to be valid.

    You can install **Grammarly for Microsoft Word** at https://appsource.microsoft.com/en-us/product/office/WA200001011

    DOWNLOADABLE_EXECUTABLES
    critical
  • Grammarly Editor for MacOS

    [Download link](https://download-editor.grammarly.com/osx/Grammarly.dmg):

    Only **remotely exploitable** issues in Grammarly Editor are eligible for reporting.

    DOWNLOADABLE_EXECUTABLES
    none
  • Grammarly Auth Services

    Multiple services that are used for authentication and authorization.
    `auth.grammarly.com`
    `tokens.grammarly.com`
    `sso.grammarly.com`

    OTHER
    critical
  • Browser Extensions

    The extension is available in the extension/add-on store of the respective browser:
    * [Chrome](https://chrome.google.com/webstore/detail/grammarly-for-chrome/kbfnbcaeplbcioakkpcpgfkobkghlhen?hl=en)
    * [Firefox](https://addons.mozilla.org/en-US/firefox/addon/grammarly-1/)
    * [Edge](https://microsoftedge.microsoft.com/addons/detail/grammarly-ai-writing-and/cnlefmmeadmemmdciolhbnfeacpdfbkd)
    * [Safari](https://apps.apple.com/us/app/grammarly-for-safari/id1462114288)

    **Browser Extension vulnerabilities will not be distinguished. For example, if a vulnerability exists in the Chrome and Safari extensions, we will consider it the same vulnerability and will only award one bounty.**

    OTHER
    critical
  • Grammarly Editor for Windows

    [Download link](https://download-editor.grammarly.com/windows/GrammarlySetup.exe)

    Only **remotely exploitable** issues in Grammarly Editor are eligible for reporting.

    DOWNLOADABLE_EXECUTABLES
    none
  • capi.grammarly.com

    CAPI: A service dedicated to text analysis, primarily utilizing WebSocket communication with a few HTTP endpoints.

    URL
    critical
  • Third party external services

    - `send.grammarly.com`
    - `calendar.grammarly.com`
    - `support.grammarly.com`
    - `status.grammarly.com`
    - `brand.grammarly.com`
    - `partners.grammarly.com`
    - `events.grammarly.com`
    - `go.grammarly.com`
    - `coda.grammarly.com` - Eligible as part of Coda_BBP

    Any submissions on these domains and their subdomains are out of scope for bounty.

    OTHER
    none
  • Grammarly AI Assistant

    Grammarly's AI writing assistant is a powerful tool that leverages generative AI to assist users in composing, rewriting, ideating, and replying to texts. It's contextually aware and offers personalized suggestions that respect user authenticity. The assistant is integrated into Grammarly's existing product offerings and can be used across many popular desktop applications and websites. It provides on-demand assistance, allowing users to generate high-quality, task-appropriate writing and revisions. The assistant is also capable of incorporating organizational context for Grammarly Business customers, providing text that's tailored to the business.

    - Read more about Writing Assistant: https://www.grammarly.com/ai
    - Article to help you get started with Grammarly Assistant
    https://support.grammarly.com/hc/en-us/articles/14528857014285-Introducing-generative-AI-assistance

    AI_MODEL
    critical
Target Scope Domains
  • app.grammarly.com
  • auth.grammarly.com
  • capi.grammarly.com
  • goldengate.grammarly.com
  • grammarly.ai
  • grammarly.com
  • grammarly.io
  • grammarlyaws.com
Domain Scope
  • grammarly.io
  • grammarly.com
  • grammarlyaws.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kor
allkxss
1 month, 1 week ago
Finished
auto-gausubs-2-kor
  • Fleet: allkxss
  • Duration: 28 Seconds
  • Finished: 1 month, 1 week ago