/engagements/asana

BugcrowdView on Bugcrowd

RawAI Enhanced

10

In Scope

6

Out of Scope

In-Scope Assets (10)

Asset	Category	Bounty	Quick Links
*.app.asana.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
Subdomain takeover at *asana.biz	OTHER	Yes	-
https://*.asana.biz	OTHER	Yes	-
https://app.asana.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://apps.apple.com/us/app/asana-mobile/id489969512	IOS	Yes	-
https://asana.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://asana.com/apps?category=made-by-asana	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://asana.com/download	OTHER	Yes	-
https://form.asana.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://play.google.com/store/apps/details?id=com.asana.app&hl=en	ANDROID	Yes	Play Store APKPure APKMirror

Out-of-Scope Assets (6)

Asset	Category	Bounty
Forms that you do not own	OTHER	Yes
Other subdomains of asana.com	URL	Yes
Social engineering against Asana Support or Asana Employees	OTHER	Yes
asana.okta.com	URL	Yes
assets.asana.biz	URL	Yes
jira*.integrations.asana.plus	URL	Yes