HackenProof Docs
  • Welcome
    • HackenProof
      • Services we provide
      • Our resources
    • Integrations
      • Slack
      • Discord
      • Telegram
      • Zapier (Webhook)
        • Zapier -> Lark
        • Zapier -> Linear
        • Zapier -> Jira Service Management
        • Zapier -> PagerDuty
        • Zapier -> Google Chat
        • Zapier -> ClickUp
      • Jira Software
      • GitHub Issue
      • GitLab Issue
      • VDP iFrame
    • FAQ
      • Audit & Bug Bounty (BB)
      • Crowdsourced Audit & BB
      • Penetration testing & BB
    • Emergency
      • Reset 2FA
    • Code of Conduct
    • Referral Program
  • Bug Bounty
    • Bug Bounty process
    • How to start Bug Bounty
    • How to create a VDP
    • Vulnerability classification
      • Web & Mobile
        • Out-of-Scope Bugs
      • Smart contracts
      • Blockchain protocols
    • Reports Basics
      • Points Guide
      • Crafting a well-readable report
  • Dashboard
    • Company dashboard
      • Manage programs
      • Manage reports
      • Share report
      • Labels
      • E2E report encryption
      • Reports decrypting with Mailvelope
      • Users and roles
      • Program/Report Assignee
      • Replenish your balance
      • Integrations
    • Hacker dashboard
      • 👉How to start
      • Submit a report
      • Reports Basics
      • Vulnerability classification
      • 👮‍♂️KYC
      • Сreate a crypto wallet
      • 💸Withdraw bounty
      • Hacker Leaderboard
      • Reset 2FA
      • 🍕HackenProof community
      • Report ID
      • Private Program
      • Contact support
    • Company-Auditor dashboard
      • How to start
      • Add members
      • Submit report
      • Contact support
  • Crowdsourced audit
    • Audit process
    • How to start Audit
    • Supported tech
    • Vulnerability classification
    • Reports Basics
    • Qualified Auditors
    • Judging / Triaging
      • Targets
      • Team
    • [CA] Bounty Distribution Rules
    • Fee & Payments
  • DualDefense Audit
    • What is DualDefence Audit
    • General Guidelines
    • How DualDefence Audit goes
    • Contest Phases
    • Vulnerability classification
      • [DD] Smart Contracts
    • [DD] Bounty Distribution Rules
  • good to know
    • Changelog
    • Branding
    • Vulnerability Disclosure
  • Education
    • Courses
    • Tools
    • Useful sources
Powered by GitBook
On this page
  1. Bug Bounty
  2. Reports Basics

Crafting a well-readable report

This page offers a comprehensive guide to enhancing the quality of vulnerability reports.

PreviousPoints GuideNextCompany dashboard

Last updated 1 month ago

Overall, we have seven input placeholders, all of which are necessary and will be helpful in the investigation of your findings. Let's go through each one step by step:

  1. General info – Vulnerability Title: Provide a short description of the vulnerability and the affected asset. Use the specified names or CVE/CWE IDs if available, but keep it concise and on-topic.

  2. Target – Specify the vulnerability target: Carefully select from the list and double-check before submitting, as a misclick can cause unnecessary delays in our research.

  3. Target – Vulnerability category: This is similar to "Vulnerability Title," but more general. Fill it out informatively to help us categorize and triage reports more efficiently.

  4. Target – Serenity level: Choose one of the preset levels (none, low, medium, high, and critical) or use the CVSS calculator for complex issues. The CVSS calculator is recommended for accuracy.

  1. Vulnerability details: Describe your finding, including all issue-related themes and relevant external information (links/screenshots). Make it useful for understanding the problem's origin and possible mitigation/fixes. If referencing an article, provide a brief summary and share the link.

  2. Validation steps: Explain how you achieved the exploitation of your finding. Mention the exact URL/IP/Port where the vulnerability appears and provide clear, step-by-step instructions for validation.

  3. Note on file upload: To have proof of your finding, always include screenshots or screen capture videos. Ensure that your file is fully uploaded before proceeding with the next one.

Lastly, some recommendations for text styles:

  • Use bold, italic, and headers to create logical paragraphs, but don't overdo it. Use these styles to highlight important points.

  • Organize information with quotes and numbered/not-numbered lists for clarity.

  • Shorten long links using the "link" button, placing the short name in square brackets and the link in rounded brackets.

  • Insert code snippets between "```" to allow immediate use.

  • Utilize the toggle preview tool to review your text block's appearance on the triage side.

  • You can always view the markdown guide by clicking the far-right button.

  • To insert an image, copy it (cmd/ctrl+v) from your file manager and paste it into your report body (use the toggle preview tool if necessary).

  • Remember to click on the checkbox and publish your finding. Well-written reports are more likely to be quickly validated and awarded a higher bounty.

File upload
Text style presets