Skip to main content

Credentials for grey-box programs

Retrieve your credentials to test specific grey-box scopes

Updated over a week ago

Test Account Access

Some scopes require authentication and are only accessible to authorized users. In these cases, organisations provide hunters with test accounts.

You can request and retrieve these credentials directly through the YesWeHack platform, which includes dedicated features to manage and distribute test accounts securely.

ℹ️ You will be able to “Ask for credentials” only if the program managers choose to add them in their program(s).

Asking for credentials

  • Go to the “Credentials” section at the very bottom of the program’s page, or click “Credentials” in the right‑side menu

You are now able to access the different credentials pools that are available for this program.

  • Click on “Ask for credentials”

  • Your request will first be marked “Pending”, then updated to “Assigned”

Retrieving credentials

There are 3 possibilities when asking for credentials:

  1. At least one set of credentials is available: it will be automatically assigned to you. You will retrieve your login/password a few seconds later in the “Credentials” menu.

  2. All credentials are already assigned: program managers will be notified of your pending request. Your credentials will be automatically available as soon as program managers add them to the pool.

  3. Credentials require your email address to be set up on request. As in the screenshot below:

You can either generate new YesWeHack email aliases (see our Alias Article) or use existing email addresses (e.g., personal email address). Note that previously created aliases are considered existing email addresses.

⚠️ Ensure that email aliases are not required for the program, to have proper access to the scope.

The program manager will be notified and will be able to set-up credentials.

Note: If your credentials have been revoked, you can request new ones, provided some are available.

There will be then 2 possibilities:

  • you will retrieve your password in the “Credentials” menu

OR

  • you will receive an email from the app with a link to activate your account and create your own password

ℹ️ No matter the type of credentials, or workflow, you will be notified as soon as your accesses are granted.

Related Articles
Email Aliases
Credentials pool
How to create a Bug Bounty program in Grey-box
Bug Bounty program creation
YesWeHack VPN & User-agent
Did this answer your question?