Last active
April 23, 2023 09:34
-
-
Save manoelt/2f05b991e08d9bcec4dcba9ae298b329 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from bbrf import BBRFClient as bbrf | |
| API_USER = '' | |
| API_KEY = '' | |
| API_URL = 'https://api.hackerone.com/v1/hackers' | |
| def get_programs(_next=None): | |
| endpoint = '/programs?page[size]=100' | |
| if _next is None: | |
| url = API_URL + endpoint | |
| else: | |
| url = _next | |
| r = requests.get(url, auth=(API_USER, API_KEY)) | |
| return r.json() | |
| def get_scope(p_handle): | |
| endpoint = '/programs/' + p_handle | |
| r = requests.get(API_URL + endpoint, auth=(API_USER, API_KEY)) | |
| return r.json() | |
| def clean_scope(url): | |
| if url[-1] == '/': | |
| url = url[:-1] | |
| return url.replace('https://', '').replace('http://', '').replace('/*', '') | |
| if __name__ == '__main__': | |
| next_page = None | |
| while next_page != 0: | |
| programs = get_programs(next_page) | |
| next_page = programs['links'].get('next', 0) | |
| for program in programs['data']: | |
| program_name = program['attributes']['handle'] | |
| program_id = program['id'] | |
| if program['attributes']['state'] is None: # Not a BBP | |
| continue | |
| if program['attributes']['currency'] is None: # Not a BBP | |
| continue | |
| if program['attributes']['submission_state'] == 'disabled': # Not accepting submission | |
| continue | |
| print(f"[*] Program name: {program_name}") | |
| try: | |
| program_name.index('-h1p') | |
| print(f'[*] This is a pentest program - {program_name} - bypassing') | |
| continue | |
| except: | |
| pass | |
| # Try to update a program to set h1id | |
| try: | |
| program = bbrf(f'program update {program_name} -t h1id:{program_id} -t platform:hackerone').run() | |
| except: | |
| pass | |
| try: | |
| program = bbrf(f'new {program_name} -t platform:hackerone -t h1id:{program_id}').run() | |
| print(f'[*] Program {program_name} added!') | |
| except: | |
| pass | |
| #try: | |
| # program = bbrf(f'use {program_name}').run() | |
| # print(f'[*] Program {program_name} selected!') | |
| #except: | |
| # continue | |
| scope = get_scope(program_name) | |
| print('Scope: ') | |
| for item in scope['relationships']['structured_scopes']['data']: | |
| if item['attributes']['asset_type'] == 'URL' \ | |
| and item['attributes']['eligible_for_submission'] is True \ | |
| and item['attributes']['eligible_for_bounty'] is True\ | |
| and item['attributes'].get('archived_at', None) is None: | |
| inscope = clean_scope(item['attributes']['asset_identifier']) | |
| print(f'In Scope: {inscope}') | |
| try: | |
| bbrf(f'inscope add {inscope} -p {program_name}').run() | |
| except: | |
| print(f'[X] Error trying to add {inscope} to {program_name}') | |
| pass | |
| elif item['attributes']['asset_type'] == 'URL'\ | |
| and item['attributes']['eligible_for_submission'] is False\ | |
| and item['attributes'].get('archived_at', None) is None: | |
| outscope = clean_scope(item['attributes']['asset_identifier']) | |
| print(f'Out Scope: {outscope}') | |
| try: | |
| bbrf(f'outscope add {outscope} -p {program_name}').run() | |
| except: | |
| print(f'[X] Error trying to add {outscope} to {program_name}') | |
| pass | |
| print('[][][][][][][][][][][]') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment