sw33tlie / bbscope Goto Github PK
View Code? Open in Web Editor NEWScope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
License: Apache License 2.0
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
License: Apache License 2.0
The tool is pulling suspended programs on Intigriti.
Intigriti API has a field status > value
which equals to Suspended
if the program is suspended. This can be used to remove suspended programs from the output.
{
"id": "",
"handle": "",
"name": "",
"minBounty": {
"value": 25,
"currency": "EUR"
},
"maxBounty": {
"value": 2500,
"currency": "EUR"
},
"confidentialityLevel": {
"id": 3,
"value": "Registered"
},
"status": {
"id": 4,
"value": "Suspended"
},
"type": {
"id": 1,
"value": "Bug Bounty"
}
}
```
Hi,
Using the default hard coded intigriti URL endpoint, I can get nothing from intigriti.
After checking the http request traffic, I found that the Intigriti URL endpoint has changed to:
INTIGRITI_PROGRAMS_ENDPOINT = "https://api.intigriti.com/core/researcher/programs"
INTIGRITI_PROGRAM_BASE_ENDPOINT = "https://api.intigriti.com/core/researcher/programs"
I have tested on my side, manually update the source code "github.com/bbscope/pkg/platforms/intigriti/intigriti.go", will fix this issue.
It would be nice to know what the config file should look like. I can't seem to get it working
Hi, h1 failed.
╰─ bbscope h1 -t xx -u xx -b -o td ─╯
2022/08/30 19:55:05 HTTP request failed: Get "https://api.hackerone.com/v1/hackers/programs/coursera": unexpected EOF
╭─ ~ ✔ 1m 30s ─╮
╰─ bbscope h1 -t xx -u xx -b -o td ─╯
2022/08/30 19:59:01 HTTP request failed: Get "https://api.hackerone.com/v1/hackers/programs/arkadiyt-projects": unexpected EOF
thanks for this project bro. In the program we can see all public and private programs. We can also see private programs, but we cannot see only public programs. That is, I only want to see the data of public programs and I do not want the data of private programs to be mixed in between them. The reason for this is that I want to quickly find the subdomains of public programs on a different server, but I want to find the subdomain addresses of private programs carefully.
not fetching intigriti calls nowadays please check
Hey @sw33tLie
Hope you're doing well !!
I've encountered an issue with Hackerone bbp only -b
function. when using the -b
flag for h1
which is intended to limit the scope targets to BBPs only, but it seems to also fetch entries from some 15+ VDPs including publitas, khan academy, expression engine, etc...
Run bbscope for Hackerone with bbp only
flag
bbscope h1 -t <h1apikey> -u <h1username> -a -b -o tu | tee h1.txt
and you will find 15+ VDPs included on output along with targets as NO_IN_SCOPE_TABLE
search
NO_IN_SCOPE_TABLE
on output
Thanks & Regards,
@zy9ard3
Some programs do have a second or even third scope table but the tool fetches only the first one. For example: https://bugcrowd.com/ibotta has two scope tables and while the tool perfectly fetches the first table (In Scope Targets : Mobile and API) It fails to find the second table (In Scope Targets: Web Target).
Command I've used:
bbscope bc -t U..2 -o tu
Output (only the first table is present):
Chrome Extension https://bugcrowd.com/ibotta
http://market.android.com/details?id=com.ibotta.android https://bugcrowd.com/ibotta
http://itunes.apple.com/us/app/ibotta/id559887125 https://bugcrowd.com/ibotta
https://content-server.ibotta.com/graphql https://bugcrowd.com/ibotta
https://api.ibotta.com https://bugcrowd.com/ibotta
https://api.ibops.net https://bugcrowd.com/ibotta
https://api.int.ibops.net https://bugcrowd.com/ibotta
https://api.int.ibops.net/customer-loyalty-service https://bugcrowd.com/ibotta
https://api.ibops.net/ad-management https://bugcrowd.com/ibotta
Ibotta App Data & Memory https://bugcrowd.com/ibotta
can you add a feature to also fetch out of scope domains if we want?
Print all in-scope targets from all your private Bugcrowd programs that offer rewards
bbscope bc -t <YOUR_TOKEN> -b
bbscope immunefi -c web -b
2023/03/10 11:52:11 HTTP request failed: Get "https://immunefi.com/bounty/zksync/": unexpected EOF
Hey @sw33tLie
Hope you're doing well !!
Bugcrowd has restructed and launched new program page and some of the programs have been opted for this and migrated to this page
Unfortunately, these pages are currently being missed by bbscope
Run bbscope and you may notice that the following programs are not being fetched
Thanks & Regards,
@zy9ard3
The command "bbscope immunefi" does not work (it does not return anything).
It would be great to have a fix for this :)
Hi @sw33tLie Please help me resolve the below issue.
2022/10/21 17:48:03 Invalid print flag
Hey,
while running it with these options for bugcrowd -b -p -o t, NO_IN_SCOPE_TABLE is being displayed for all the results.
regards
ipk
use YAML files, parsing and making YAML is probs the easiest thing in the world and way easier than using flags to set API keys and API tokens
something as simple as this would work
api_key_SHODAN:
Key: "YOUR API KEY HERE"
api_key_knoxss:
Key: "YOUR API KEY HERE"
then just simply parse it and return the data in go, really is not that hard and would be better for user end experience
bbscope bc -t $sessionToken -b -o tu
Running bbscope with -b
option as above, the tool is supposed to pull programs offering monetary rewards only but the result contains VDPs as well.
Hey @sw33tLie - Thanks for making this available. It's really useful.
I was wondering how much work is involved to create a json
output option and make it mirror the format of the bounty-targets-data project like this for H1: https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/master/data/hackerone_data.json so that we can easily merge the 2 files (For the merge, I expect it's best to happen outside of the tool).
Whilst my golang experience is lacking, I'd be happy to help if I can. I'd love to hear your thoughts one way or another.
bro add immunefi steps too in description
Hi @sw33tLie
Hope All are Going Well !!
I came through an issue, while fetching assets from Hackerone I noticed some of the assets got missed out and digging further found out the reason as Hackerone has introduced new asset type label : Wildcard
and most of the programs moved their wildcard assets ( i.e : *.target.com
) to that label and those assets are getting missed while fetching
Thanks & Regards,
@zy9ard3
hi,
I am not a GO expert but played around with your code i noticed that by replacing "react-component-researcher-target-groups" to ".cc-rewards-link-table__endpoint" in bugcrowd.go yields more results, kindly have look.
thanks
H1 added rate limit of 10 req/s which bbscope don't handle
{
"errors": [
{
"status": "429",
"title": "Rate limited",
"detail": "You have been rate limited, please do not exceed 10 req/s: https://api.hackerone.com/getting-started/#rate-limits ."
}
]
}
Hi, pls add inspectiv.com
I think that's a not a good idea to use data as it is because some assets can be strictly out of scope.
The fix to get URL from anchor tag of Bugcrowd scope is not working. It seems like something from Bugcrowd's end changed.
This should have pulled the link https://central.sophos.com/
instead of text Sophos Central
Hello I received the error
bbscope h1 -u username -t api_token -b -o tu -c url
FATA[0083] Could not retrieve data for id fiserv with status 400
Could you check please
I notice there's a todo beside it after trying to figure out why it wasn't printing the categories so I made this issue.
bbscope/pkg/hackerone/hackerone.go
Line 58 in 05a283b
The H1 API has a built-in rate limit (currently set at 600 requests per minute). If you have a large number of programs, you will hit this rate limit and it will cause some portion of your programs gathered by bbscope
to falsely report NO_IN_SCOPE_TABLE
when in fact what has happened is the API returned a 429
response due to rate limiting.
Please see PR #13 for a proposed fix for this issue.
hello, please add an option to get all program scope (inscope + OOS) for hackerone, i need that for analysis, thanks!
I've run the last version of the tool and checked a few programs, and it seems like the tool no longer correctly prints private bugcrowd programs.
I noticed that some of the programs that I picked up with bbscope are VDPs even though I specified the -b
flag.
Reproduction:
bbscope bc -b -l -u -t TOKEN
Observe that VDP programs are included in the list such as "https://bugcrowd.com/netgearkudos".
Hi,
I just noticed that I receive an error with 429 for public programs on HackerOne.
I use the following command:
h1 -t -u -a
FATA[0095] Could not retrieve data for id superbet with status 429
Some ideas?
Thanks in advance.
Best regards,
Se1wan
Hi, First of all, thank you for such a tool.
I tried to fetch the public scope for h1 using the following command - bbscope h1 -b --noToken -c url
Fetched the result but somehow it is missing the details for Mailru program (https://hackerone.com/mailru). Is it because of the different formatting of the scope?
Thank you.
--public-only -b (public bbp only) -> this shows public vdp as well ?
for hackerone
I am aware that the login workflow with bugcrowd doesn't work right now.
This is due to recent platform changes that moved the authentication to identity.bugcrowd.com.
Please use the _bugcrowd_session token as of now and pass it to the -t flag in bbscope bc.
Thanks
Hello,
I have tested bbscope with latest version and it seems it does not work anymore with YWH:
❯ ./bbscope ywh -t eyJ[REDACTED]
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/sw33tLie/bbscope/pkg/platforms/yeswehack.GetProgramScope({0x7ffcda25aaf7, 0x383}, {0xc0000fa582?, 0x0?}, {0x8aa175, 0x3})
/home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/pkg/platforms/yeswehack/yeswehack.go:69 +0x7a5
github.com/sw33tLie/bbscope/pkg/platforms/yeswehack.GetAllProgramsScope({0x7ffcda25aaf7, 0x383}, 0x0, 0x0, {0x8aa175, 0x3})
/home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/pkg/platforms/yeswehack/yeswehack.go:107 +0x84f
github.com/sw33tLie/bbscope/pkg/platforms/yeswehack.PrintAllScope({0x7ffcda25aaf7?, 0xc000187d70?}, 0x10?, 0x7d?, {0x8aa175?, 0xc0001b2460?}, {0x95f258, 0x1}, {0x960b70, 0x1})
/home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/pkg/platforms/yeswehack/yeswehack.go:121 +0x4b
github.com/sw33tLie/bbscope/cmd.glob..func5(0xbffc00?, {0x8aa743?, 0x2?, 0x2?})
/home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/cmd/ywh.go:38 +0x2f0
github.com/spf13/cobra.(*Command).execute(0xbffc00, {0xc000134480, 0x2, 0x2})
/home/seb/go/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x663
github.com/spf13/cobra.(*Command).ExecuteC(0xbfef80)
/home/seb/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
/home/seb/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
github.com/sw33tLie/bbscope/cmd.Execute()
/home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/cmd/root.go:28 +0x25
main.main()
/home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/main.go:6 +0x17
hello... thanks for this project. When I want to pull private programs in the bugcrowd program, missing results and more than one same subdomain belonging to a program appear. When I look at the bbscope results, I see 3 *.blabla.com results. I guess it adds the same subdomain addresses to more than one output. Also, I can't see all the programs belonging to my private programs in the output.
my command:
bbscope bc -t bugcrowd-cookie -b -p -o tu
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.