iV7.caringservice · point · marketing
featureshow it worksapitrust
open source · MIT · 100% authorized work only

Earn in dollars.
Report in yen.
Submit from anywhere.

iV7.caring is an open-source earnings ledger and REST gateway for bug-bounty hunters and authorized penetration testers. Log engagements against their scope reference, convert payouts to JPY at live rates, and submit programmatically from any script or AI agent through a key-protected API — board-ready reports included.

no signup · single-user · runs in your browser
¥160.23USD → JPY live
3demo entries
¥1,646,417demo total tracked
open.er-api.comfx source
/ what you get

Built for one job. Done in one screen.

Scope-first ledger

Every entry requires a Scope Reference — the program policy URL or signed SoW. Your ledger is your paper trail.

Multi-currency → JPY

Log payouts in USD, EUR, GBP, anything. We convert to yen at live ECB / public rates, cached hourly, with a static fallback.

Report-ready exports

CSV export and a printable report page. Take it to your accountant, your tax filing, or your performance review.

Single-user, no fluff

No marketing tracking, no third-party analytics in the app, no PoCs in your notes. Just numbers and scopes.

Open REST gateway

Submit payouts programmatically from any script or AI agent. Reads are public; writes are protected by your X-API-Key. MIT licensed.

/ open gateway

One key. Submit from anywhere.

Every write endpoint accepts an X-API-Key header, so bots, cron jobs, and AI agents can log earnings without touching the UI. Reading totals and FX stays open. Generate your key on the server, paste it once into the in-app API Access page, and you're live.

curl -X POST "<your-domain>/api/engagements" \
  -H "X-API-Key: $IV7_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"platform":"HackerOne","program":"Acme",
       "title":"IDOR","severity":"high",
       "status":"paid","amount":1500,"currency":"USD"}'

Open source under the MIT license. Self-host it, fork it, audit it.

/ how it works

Three steps. Then back to hunting.

  1. 01

    Log the engagement

    Platform, program, title, severity, status, amount + currency, and the link to the program policy or SoW.

  2. 02

    We convert to JPY

    Live rate is fetched from public providers, cached for an hour, applied on save. Re-run anytime to true-up.

  3. 03

    Export the report

    One click for CSV. One click for a printable PDF. Totals roll up by platform, severity, and month.

/ the line we won't cross

Authorized work only. That's the whole product.

iV7.caring exists to make legitimate security earnings easier to track, convert, and report. It does not store exploit code, secrets, or proof-of-concepts. It does not route funds. It does not integrate with anonymity networks. Every entry should carry a scope reference because every entry should be something you could defend in front of a client, a program, or an auditor.

Owner of record · Shayan Aboutalebi · Authorized Researcher.

Ready to log your next payout in yen?

The tracker is one click away. Demo data is already loaded.