From 8be07becf1c663cecc25f6b1780f167f772b84e6 Mon Sep 17 00:00:00 2001 From: Arman <65326024+tess-ss@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:20:57 -0500 Subject: [PATCH] Update README.md --- README.md | 154 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 96 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index 781c8f6..b85b5fc 100755 --- a/README.md +++ b/README.md @@ -1,104 +1,142 @@ -# bbscope -The ultimate scope gathering tool for [HackerOne](https://hackerone.com/), [Bugcrowd](https://bugcrowd.com/), [Intigriti](https://intigriti.com), [Immunefi](https://immunefi.com/) and [YesWeHack](https://yeswehack.com/) by sw33tLie. +# 🌐 **bbscope** +### The ultimate tool to gather scope details from: +- [HackerOne](https://hackerone.com/) πŸ•΅οΈβ€β™‚οΈ +- [Bugcrowd](https://bugcrowd.com/) πŸ›‘οΈ +- [Intigriti](https://intigriti.com) πŸ” +- [Immunefi](https://immunefi.com/) πŸ› +- [YesWeHack](https://yeswehack.com/) πŸ’‘ -Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job. -What about getting a list of android apps that you are allowed to test? We've got you covered as well. +Developed by **sw33tLie** to simplify your bug bounty workflows. 🎯 -Reverse engineering god? No worries, you can get a list of binaries to analyze too :) +--- -## Installation -Make sure you've a recent version of the Go compiler installed on your system. -Then just run: -``` +## πŸš€ **Overview** +Are you tired of manually gathering scope information from bug bounty platforms? +Look no further! **bbscope** is designed to help you: + +- πŸ“œ **List domains** in scope for your programs. +- πŸ“± **Find Android APKs** you’re allowed to test. +- πŸ› οΈ **Grab binaries** for reverse engineering. + +No matter what your focus is, **bbscope** has you covered. + +--- + +## βš™οΈ **Installation** +To get started, ensure you have a recent version of the Go compiler installed. +Then, run the following command to install **bbscope**: + +```bash GO111MODULE=on go install github.com/sw33tLie/bbscope@latest ``` -## Usage -``` +--- + +## 🧰 **Usage** +The basic syntax for using **bbscope** is: + +```bash bbscope (h1|bc|it|ywh|immunefi) -t ``` -How to get the session token: -- HackerOne: login, then grab your API token [here](https://hackerone.com/settings/api_token/edit) -- Bugcrowd: login, then grab the `_bugcrowd_session` cookie. NOTE: This has changed, it's not the `_crowdcontrol_session` cookie anymore. -- Intigriti: Get your researcher API token [here](https://app.intigriti.com/researcher/personal-access-tokens) -- YesWeHack: login, then intercept a request to api.yeswehack.com and look for the `Authorization: Bearer XXX` header. XXX is your token -- Immunefi: no token required -When using bbscope for HackerOne, the username flag (`-u`) is mandatory. +### πŸ”‘ **How to Get Your Session Token** +Here’s how to retrieve your session token for each platform: +- **HackerOne**: + Log in and grab your API token from your [API settings page](https://hackerone.com/settings/api_token/edit). + *(Required: `-u` flag for your username)* -Remember that you can use the --help flag to get a description for all flags. +- **Bugcrowd**: + Log in and fetch the `_bugcrowd_session` cookie. + *(Note: This has replaced `_crowdcontrol_session`.)* -## Examples -Below you'll find some example commands. -Keep in mind that all of them work with Bugcrowd, Intigriti and YesWeHack subcommands (`bc`, `it` and `ywh`) as well, not just with `h1`. +- **Intigriti**: + Get your researcher API token from the [Personal Access Tokens page](https://app.intigriti.com/researcher/personal-access-tokens). -### Print all in-scope targets from all your HackerOne programs that offer rewards -``` +- **YesWeHack**: + Intercept a request to `api.yeswehack.com` and find the `Authorization: Bearer XXX` header. `XXX` is your token. + +- **Immunefi**: + No token is required for this platform! + +> πŸ“ **Tip:** Use the `--help` flag to view all available options and flags. + +--- + +## πŸ’‘ **Examples** + +Here are some common use cases for **bbscope**: + +### 1️⃣ **Print all in-scope targets from HackerOne programs offering rewards** +```bash bbscope h1 -t -u -b -o t ``` -The output will look like this: -``` +Output: +```plaintext app.example.com *.user.example.com *.demo.com www.something.com ``` -### Print all in-scope targets from all your private Bugcrowd programs that offer rewards -``` +### 2️⃣ **List in-scope targets from private Bugcrowd programs with rewards** +```bash bbscope bc -t -b -p -o t ``` -### Print all in-scope targets+program page URL from all Intigriti programs, including OOS elements -``` +### 3️⃣ **Show in-scope targets + program URLs from Intigriti** +```bash bbscope it -t -o tu --oos ``` -### Print all in-scope Android APKs from all your HackerOne programs -``` +### 4️⃣ **Print all Android APKs in scope from HackerOne** +```bash bbscope h1 -t -u -o t -c android ``` -### Print all in-scope targets from all your HackerOne programs with extra data - -``` +### 5️⃣ **Get detailed in-scope targets with descriptions and program URLs (HackerOne)** +```bash bbscope h1 -t -u -o tdu -d ", " ``` - -This will print a list of in-scope targets from all your HackerOne programs (including public ones and VDPs) but, on the same line, it will also print the target description (when available) and the program's URL. -It might look like this: -``` +Output: +```plaintext something.com, Something's main website, https://hackerone.com/something *.demo.com, All assets owned by Demo are in scope, https://hackerone.com/demo ``` -### Get program URLs for your HackerOne private programs -``` +### 6️⃣ **Fetch program URLs for private HackerOne programs** +```bash bbscope h1 -t -u -o u -p | sort -u ``` -You'll get a list like this: -``` +Output: +```plaintext https://hackerone.com/demo https://hackerone.com/something ``` -### Get all immunefi scope - -``` +### 7️⃣ **Get the entire Immunefi scope** +```bash bbscope immunefi ``` -## Beware of scope oddities -In an ideal world, all programs use the in-scope table in the same way to clearly show what's in scope, and make parsing easy. -Unfortunately, that's not always the case. +--- + +## ⚠️ **Beware of Scope Oddities** +While most programs clearly outline their in-scope elements, some may have inconsistencies: +- Assets might be categorized incorrectly. +- For example, if you’re targeting URLs using `-c url`, consider cross-checking with `-c all` to avoid missing anything important. + +--- + +## πŸ™ **Thanks** +Special thanks to the amazing contributors and supporters: +- [0xatul](https://github.com/0xatul) +- [JoeMilian](https://github.com/JoeMilian) +- [ByteOven](https://github.com/ByteOven) +- [dee-see](https://gitlab.com/dee-see) +- [jub0bs](https://jub0bs.com) +- [0xbeefed](https://github.com/0xbeefed) + -Sometimes assets are assigned the wrong category. -For example, if you're going after URLs using the `-c url`, double checking using `-c all` is often a good idea. -## Thanks -- [0xatul](https://github.com/0xatul) -- [JoeMilian](https://github.com/JoeMilian) -- [ByteOven](https://github.com/ByteOven) -- [dee-see](https://gitlab.com/dee-see) -- [jub0bs](https://jub0bs.com) -- [0xbeefed](https://github.com/0xbeefed) +### πŸŽ‰ **Enjoy using bbscope!** +Let **bbscope** simplify your bug bounty research and help you focus on what matters most. Happy hacking! πŸ›πŸ’»