ayuxsec/scrape_hone_programs.sh

## scrape_hone_programs.sh
# https://api.hackerone.com/hacker-resources/#programs-get-structured-scopes
# https://api.hackerone.com/hacker-resources/#programs-get-programs
# https://api.hackerone.com/getting-started/#rate-limits

HONE_API="<YOUR_API_USERNAME>:<YOUR_API_TOKEN>"

for i in {0..8}; do curl -u $HONE_API "https://api.hackerone.com/v1/hackers/programs?page\[size\]=100&page\[number\]=$i" -s \
        | jq -r '.data[].attributes.handle'; done | tee handles.txt

cat handles.txt | while read handle; do curl -s "https://api.hackerone.com/v1/hackers/programs/${handle}/structured_scopes" \
      -u $HONE_API -H 'Accept: application/json'; done | tee scopes.jsonl

# get domains
cat scopes.jsonl | jq '.data[] | select(.attributes.asset_type == "URL") | .attributes.asset_identifier' | sed 's|"||g'

# get wildcards
cat scopes.jsonl | jq '.data[] | select(.attributes.eligible_for_bounty == true) | select(.attributes.asset_type == "WILDCARD") | .attributes.asset_identifier' | sed 's|"||g' | unfurl domains | sed 's|*.||' | sort -u | grep -v "*$"

# generating reports

curl "https://api.hackerone.com/v1/hackers/reports" \
  -X POST \
  -u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d @- <<EOD
{
  "data": {
    "type": "report",
    "attributes": {
      "team_handle": "string",
      "title": "string",
      "vulnerability_information": "string",
      "impact": "string",
      "severity_rating": "none",
      "weakness_id": 0,
      "structured_scope_id": 0
    }
  }
}
EOD
	# https://api.hackerone.com/hacker-resources/#programs-get-structured-scopes
	# https://api.hackerone.com/hacker-resources/#programs-get-programs
	# https://api.hackerone.com/getting-started/#rate-limits

	HONE_API="<YOUR_API_USERNAME>:<YOUR_API_TOKEN>"

	for i in {0..8}; do curl -u $HONE_API "https://api.hackerone.com/v1/hackers/programs?page\[size\]=100&page\[number\]=$i" -s \
	\| jq -r '.data[].attributes.handle'; done \| tee handles.txt

	cat handles.txt \| while read handle; do curl -s "https://api.hackerone.com/v1/hackers/programs/${handle}/structured_scopes" \
	-u $HONE_API -H 'Accept: application/json'; done \| tee scopes.jsonl

	# get domains
	cat scopes.jsonl \| jq '.data[] \| select(.attributes.asset_type == "URL") \| .attributes.asset_identifier' \| sed 's\|"\|\|g'

	# get wildcards
	cat scopes.jsonl \| jq '.data[] \| select(.attributes.eligible_for_bounty == true) \| select(.attributes.asset_type == "WILDCARD") \| .attributes.asset_identifier' \| sed 's\|"\|\|g' \| unfurl domains \| sed 's\|.\|\|' \| sort -u \| grep -v "$"

	# generating reports

	curl "https://api.hackerone.com/v1/hackers/reports" \
	-X POST \
	-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
	-H 'Content-Type: application/json' \
	-H 'Accept: application/json' \
	-d @- <<EOD
	{
	"data": {
	"type": "report",
	"attributes": {
	"team_handle": "string",
	"title": "string",
	"vulnerability_information": "string",
	"impact": "string",
	"severity_rating": "none",
	"weakness_id": 0,
	"structured_scope_id": 0
	}
	}
	}
	EOD
No results found