|
| 1 | +#!/usr/bin/python3 |
| 2 | +# |
| 3 | +# Python script to get the scope of Hackerone Private AND Public bug bounty programs |
| 4 | +# Get your API token from: https://hackerone.com/settings/api_token/edit |
| 5 | +# the program ID e.g Yahoo (https://hackerone.com/yahoo) is "yahoo" :D |
| 6 | +# |
| 7 | +# This script exclude IOS and Android assets. |
| 8 | +# |
| 9 | + |
| 10 | +import json,requests,argparse |
| 11 | + |
| 12 | +class scope(): |
| 13 | + def __init__(self, program, username, apikey): |
| 14 | + headers = {"Accept": "application/json"} |
| 15 | + url = 'https://api.hackerone.com/v1/hackers/programs/' + str(program) |
| 16 | + data = requests.get(url, headers=headers, auth=(username, apikey)) |
| 17 | + |
| 18 | + p = json.loads(data.text) |
| 19 | + |
| 20 | + try: |
| 21 | + self.result = p['relationships']['structured_scopes']['data'] |
| 22 | + except Exception: |
| 23 | + print("[!] Check Program ID, Your Username or Your Token and Try Again!") |
| 24 | + exit(1) |
| 25 | + |
| 26 | + self.count = len(self.result) |
| 27 | + |
| 28 | + |
| 29 | + def InScope(self): |
| 30 | + for i in range(self.count): |
| 31 | + if self.result[i]['attributes']['eligible_for_submission'] == False or str(self.result[i]['attributes']['asset_type']) == 'GOOGLE_PLAY_APP_ID' or str(self.result[i]['attributes']['asset_type']) == 'APPLE_STORE_APP_ID': |
| 32 | + continue |
| 33 | + else: |
| 34 | + print(self.result[i]['attributes']['asset_identifier']) |
| 35 | + |
| 36 | + |
| 37 | + def OutOfScope(self): |
| 38 | + for i in range(self.count): |
| 39 | + if self.result[i]['attributes']['eligible_for_submission'] == False: |
| 40 | + print(self.result[i]['attributes']['asset_identifier']) |
| 41 | + |
| 42 | + |
| 43 | + |
| 44 | +def main(): |
| 45 | + ################ This is optional so you don't have to use -t AND -u Arguments. |
| 46 | + APIKEY = "" |
| 47 | + USERNAME = "" |
| 48 | + ################ |
| 49 | + |
| 50 | + parser = argparse.ArgumentParser() |
| 51 | + parser.add_argument("-t", dest="token", type=str, help="Hackerone API Token.") |
| 52 | + parser.add_argument("-u", dest="username", type=str, help="Your Hackerone Username.") |
| 53 | + parser.add_argument("-p", dest="program", type=str, help="Hackerone Program ID.", required=True) |
| 54 | + parser.add_argument("-e", dest="exclude", help="Prints only out of scope assets", action='store_true') |
| 55 | + args = parser.parse_args() |
| 56 | + |
| 57 | + if APIKEY == "": |
| 58 | + apikey = str(args.token) |
| 59 | + else: |
| 60 | + apikey = APIKEY |
| 61 | + |
| 62 | + if USERNAME == "": |
| 63 | + username = str(args.username) |
| 64 | + else: |
| 65 | + username = USERNAME |
| 66 | + |
| 67 | + program = str(args.program) |
| 68 | + result = scope(program, username, apikey) |
| 69 | + |
| 70 | + if not args.exclude: |
| 71 | + result.InScope() |
| 72 | + else: |
| 73 | + result.OutOfScope() |
| 74 | + |
| 75 | +if __name__ == '__main__': |
| 76 | + main() |
0 commit comments