sw33tlie / bbscope Goto Github PK

--public-only -b (public bbp only) -> this shows public vdp as well ?
for hackerone

I've run the last version of the tool and checked a few programs, and it seems like the tool no longer correctly prints private bugcrowd programs.

It would be nice to know what the config file should look like. I can't seem to get it working

H1 added rate limit of 10 req/s which bbscope don't handle

{
  "errors": [
    {
      "status": "429",
      "title":  "Rate limited",
      "detail": "You have been rate limited, please do not exceed 10 req/s: https://api.hackerone.com/getting-started/#rate-limits ."
    }
  ]
}

The fix to get URL from anchor tag of Bugcrowd scope is not working. It seems like something from Bugcrowd's end changed.

99fef9f

This should have pulled the link https://central.sophos.com/ instead of text Sophos Central

Hi @sw33tLie

Hope All are Going Well !!

I came through an issue, while fetching assets from Hackerone I noticed some of the assets got missed out and digging further found out the reason as Hackerone has introduced new asset type label : Wildcard and most of the programs moved their wildcard assets ( i.e : *.target.com ) to that label and those assets are getting missed while fetching

Thanks & Regards,
@zy9ard3

Some programs do have a second or even third scope table but the tool fetches only the first one. For example: https://bugcrowd.com/ibotta has two scope tables and while the tool perfectly fetches the first table (In Scope Targets : Mobile and API) It fails to find the second table (In Scope Targets: Web Target).

Command I've used:

bbscope bc -t U..2 -o tu

Output (only the first table is present):

Chrome Extension https://bugcrowd.com/ibotta
http://market.android.com/details?id=com.ibotta.android https://bugcrowd.com/ibotta
http://itunes.apple.com/us/app/ibotta/id559887125 https://bugcrowd.com/ibotta
https://content-server.ibotta.com/graphql https://bugcrowd.com/ibotta
https://api.ibotta.com https://bugcrowd.com/ibotta
https://api.ibops.net https://bugcrowd.com/ibotta
https://api.int.ibops.net https://bugcrowd.com/ibotta
https://api.int.ibops.net/customer-loyalty-service https://bugcrowd.com/ibotta
 https://api.ibops.net/ad-management https://bugcrowd.com/ibotta
Ibotta App Data & Memory https://bugcrowd.com/ibotta

Hey @sw33tLie

bbscope is not fetching Intigriti program scopes labeled with the Wildcard tag

Run bbscope for intigriti and you may notice that all the wildcard domains are being missed out

Thanks & Regards,
@zy9ard3

Print all in-scope targets from all your private Bugcrowd programs that offer rewards

bbscope bc -t <YOUR_TOKEN> -b

Hey @sw33tLie

Hope you're doing well !!

Bugcrowd has restructed and launched new program page and some of the programs have been opted for this and migrated to this page

Unfortunately, these pages are currently being missed by bbscope

Run bbscope and you may notice that the following programs are not being fetched

• https://bugcrowd.com/engagements/caffeine
• https://bugcrowd.com/engagements/immutable
• https://bugcrowd.com/engagements/planethosterinc
• https://bugcrowd.com/engagements/tyler-tech-data-insights

Thanks & Regards,
@zy9ard3

I notice there's a todo beside it after trying to figure out why it wasn't printing the categories so I made this issue.

Hello I received the error
bbscope h1 -u username -t api_token -b -o tu -c url
FATA[0083] Could not retrieve data for id fiserv with status 400
Could you check please

I noticed that some of the programs that I picked up with bbscope are VDPs even though I specified the -b flag.

Reproduction:

bbscope bc -b -l -u -t TOKEN

Observe that VDP programs are included in the list such as "https://bugcrowd.com/netgearkudos".

bbscope is not fetching bugcrowd's private programs even if we use the -p flag it only returns the public programs

Command used:

bbscope bc -t "token" -b -o tdu -d ', ' -p

I am aware that the login workflow with bugcrowd doesn't work right now.
This is due to recent platform changes that moved the authentication to identity.bugcrowd.com.

Please use the _bugcrowd_session token as of now and pass it to the -t flag in bbscope bc.

Thanks

thanks for this project bro. In the program we can see all public and private programs. We can also see private programs, but we cannot see only public programs. That is, I only want to see the data of public programs and I do not want the data of private programs to be mixed in between them. The reason for this is that I want to quickly find the subdomains of public programs on a different server, but I want to find the subdomain addresses of private programs carefully.

bro add immunefi steps too in description

user@marz:~/h1# bbscope bc -t _crowdcontrol_session=session -b -c url --proxy http://127.0.0.1:8080
user@marz:~/h1#

i tried to use the proxy displayed in burp, and the tool runs, but returns no results. what's wrong here?

Hi, First of all, thank you for such a tool.

I tried to fetch the public scope for h1 using the following command - bbscope h1 -b --noToken -c url

Fetched the result but somehow it is missing the details for Mailru program (https://hackerone.com/mailru). Is it because of the different formatting of the scope?

Thank you.

I think that's a not a good idea to use data as it is because some assets can be strictly out of scope.

Hi,

I just noticed that I receive an error with 429 for public programs on HackerOne.
I use the following command:
h1 -t -u -a

Response

FATA[0095] Could not retrieve data for id superbet with status 429

Some ideas?
Thanks in advance.

Best regards,

Se1wan

bbscope immunefi -c web -b
2023/03/10 11:52:11 HTTP request failed: Get "https://immunefi.com/bounty/zksync/": unexpected EOF

Why is there no feedback after I run according to the document
Here is a screenshot of my operation
thanks

The H1 API has a built-in rate limit (currently set at 600 requests per minute). If you have a large number of programs, you will hit this rate limit and it will cause some portion of your programs gathered by bbscope to falsely report NO_IN_SCOPE_TABLE when in fact what has happened is the API returned a 429 response due to rate limiting.

Please see PR #13 for a proposed fix for this issue.

hi,
I am not a GO expert but played around with your code i noticed that by replacing "react-component-researcher-target-groups" to ".cc-rewards-link-table__endpoint" in bugcrowd.go yields more results, kindly have look.

thanks

The tool is pulling suspended programs on Intigriti.

Intigriti API has a field status > value which equals to Suspended if the program is suspended. This can be used to remove suspended programs from the output.

    {
      "id": "",
      "handle": "",
      "name": "",
      "minBounty": {
        "value": 25,
        "currency": "EUR"
      },
      "maxBounty": {
        "value": 2500,
        "currency": "EUR"
      },
      "confidentialityLevel": {
        "id": 3,
        "value": "Registered"
      },
      "status": {
        "id": 4,
        "value": "Suspended"
      },
      "type": {
        "id": 1,
        "value": "Bug Bounty"
      }
    }
    ```

can you add a feature to also fetch out of scope domains if we want?

Hello,

I have tested bbscope with latest version and it seems it does not work anymore with YWH:

❯ ./bbscope ywh -t eyJ[REDACTED]
panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
github.com/sw33tLie/bbscope/pkg/platforms/yeswehack.GetProgramScope({0x7ffcda25aaf7, 0x383}, {0xc0000fa582?, 0x0?}, {0x8aa175, 0x3})
        /home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/pkg/platforms/yeswehack/yeswehack.go:69 +0x7a5
github.com/sw33tLie/bbscope/pkg/platforms/yeswehack.GetAllProgramsScope({0x7ffcda25aaf7, 0x383}, 0x0, 0x0, {0x8aa175, 0x3})
        /home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/pkg/platforms/yeswehack/yeswehack.go:107 +0x84f
github.com/sw33tLie/bbscope/pkg/platforms/yeswehack.PrintAllScope({0x7ffcda25aaf7?, 0xc000187d70?}, 0x10?, 0x7d?, {0x8aa175?, 0xc0001b2460?}, {0x95f258, 0x1}, {0x960b70, 0x1})
        /home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/pkg/platforms/yeswehack/yeswehack.go:121 +0x4b
github.com/sw33tLie/bbscope/cmd.glob..func5(0xbffc00?, {0x8aa743?, 0x2?, 0x2?})
        /home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/cmd/ywh.go:38 +0x2f0
github.com/spf13/cobra.(*Command).execute(0xbffc00, {0xc000134480, 0x2, 0x2})
        /home/seb/go/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x663
github.com/spf13/cobra.(*Command).ExecuteC(0xbfef80)
        /home/seb/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
        /home/seb/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
github.com/sw33tLie/bbscope/cmd.Execute()
        /home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/cmd/root.go:28 +0x25
main.main()
        /home/seb/go/pkg/mod/github.com/sw33t!lie/[email protected]/main.go:6 +0x17

hello, please add an option to get all program scope (inscope + OOS) for hackerone, i need that for analysis, thanks!

Hi, h1 failed.

╰─ bbscope h1 -t xx -u xx -b -o td                   ─╯
2022/08/30 19:55:05 HTTP request failed: Get "https://api.hackerone.com/v1/hackers/programs/coursera": unexpected EOF
╭─    ~                                                                                                          ✔  1m 30s  ─╮
╰─ bbscope h1 -t xx -u xx -b -o td                                                 ─╯
2022/08/30 19:59:01 HTTP request failed: Get "https://api.hackerone.com/v1/hackers/programs/arkadiyt-projects": unexpected EOF

In Bugcrowd, some of the scope is use the a tag to show. And the real site is in the href attribute value. Some like this:

https://bugcrowd.com/lime

So, cloud bbsscope add the a tag href value in the result? Thanks!

hello. thanks for this project.. i did create api token on hackerone..

this is my bbscope command:

bbscope h1 -t "token-here" -b -o t

but after doing this i get "invalid username or token" error.

Hey @sw33tLie

Hope you're doing well !!

I've encountered an issue with Hackerone bbp only -b function. when using the -b flag for h1 which is intended to limit the scope targets to BBPs only, but it seems to also fetch entries from some 15+ VDPs including publitas, khan academy, expression engine, etc...

Run bbscope for Hackerone with bbp only flag

bbscope h1 -t <h1apikey> -u <h1username> -a -b -o tu | tee h1.txt

and you will find 15+ VDPs included on output along with targets as NO_IN_SCOPE_TABLE

search NO_IN_SCOPE_TABLE on output

Thanks & Regards,
@zy9ard3

Hey @sw33tLie - Thanks for making this available. It's really useful.

I was wondering how much work is involved to create a json output option and make it mirror the format of the bounty-targets-data project like this for H1: https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/master/data/hackerone_data.json so that we can easily merge the 2 files (For the merge, I expect it's best to happen outside of the tool).

Whilst my golang experience is lacking, I'd be happy to help if I can. I'd love to hear your thoughts one way or another.

Hi @sw33tLie Please help me resolve the below issue.

Hi, pls add inspectiv.com

bbscope bc -t $sessionToken -b -o tu

Running bbscope with -b option as above, the tool is supposed to pull programs offering monetary rewards only but the result contains VDPs as well.

Hi,
Using the default hard coded intigriti URL endpoint, I can get nothing from intigriti.

After checking the http request traffic, I found that the Intigriti URL endpoint has changed to:
INTIGRITI_PROGRAMS_ENDPOINT = "https://api.intigriti.com/core/researcher/programs"
INTIGRITI_PROGRAM_BASE_ENDPOINT = "https://api.intigriti.com/core/researcher/programs"

I have tested on my side, manually update the source code "github.com/bbscope/pkg/platforms/intigriti/intigriti.go", will fix this issue.

2022/10/21 17:48:03 Invalid print flag

Hey,

while running it with these options for bugcrowd -b -p -o t, NO_IN_SCOPE_TABLE is being displayed for all the results.

regards
ipk

use YAML files, parsing and making YAML is probs the easiest thing in the world and way easier than using flags to set API keys and API tokens

something as simple as this would work

api_key_SHODAN:
    Key: "YOUR API KEY HERE"

api_key_knoxss:
    Key: "YOUR API KEY HERE"

then just simply parse it and return the data in go, really is not that hard and would be better for user end experience

not fetching intigriti calls nowadays please check

hello... thanks for this project. When I want to pull private programs in the bugcrowd program, missing results and more than one same subdomain belonging to a program appear. When I look at the bbscope results, I see 3 *.blabla.com results. I guess it adds the same subdomain addresses to more than one output. Also, I can't see all the programs belonging to my private programs in the output.

my command:

bbscope bc -t bugcrowd-cookie -b -p -o tu