module PWN::WWW::HackerOne

def self.authors

def self.authors
st.pentest@0dayinc.com>

def self.close(opts = {})

def self.close(opts = {})
[:browser_obj]
sparentBrowser.close(
wser_obj
 => e

def self.get_bounty_programs(opts = {})

def self.get_bounty_programs(opts = {})
[:browser_obj]
obj[:browser]
d = true if opts[:min_payouts_enabled]
d ||= false
s://hackerone.com/bug-bounty-programs')
ipt to load the DOM
'program__meta-data').wait_until(&:present?)
 'program__meta-data').each do |ul|
text.split('$').last.split.first.to_f
uts_enabled && min_payout.zero?
#{ul.first.text}"
 format('$%0.2f', min_payout)
se(link).scheme
(link).host
(link).path
ig = "#{scheme}://#{host}/teams#{path}/assets/download_burp_project_file.json"
ash = {
it('/').last,
n_payout_fmt,
k}?view_policy=true",
nfig: burp_target_config,
}/policy_scopes",
{link}/hacktivity",
k}/thanks",
nk}/updates",
 "#{link}/collaborators"
h(bounty_program_hash)
 => e

def self.get_scope_details(opts = {})

def self.get_scope_details(opts = {})
s[:program_name]
y]
:Plugins::TransparentBrowser.open(
est,
ser_obj[:browser]
t_client::Request
 'https://hackerone.com/graphql'
t_type: 'application/json' }
y this payload to the pwn REPL
... attempt to execute commands
ough>
PolicySearchStructuredScopesQuery',
m_name,
'',
mission: nil,
nty: nil,

_score',
DESC'
'h1_assets',
e: 'policy_scopes'
licySearchStructuredScopesQuery(
g!,
 String,
bmission: Boolean,
unty: Boolean,
ore: SeverityRatingEnum,
nt],
ize: Int, $sort: SortInput) {
 $handle) {
_scopes_search(
tring: $searchString
_for_submission: $eligibleForSubmission
_for_bounty: $eligibleForBounty
rity_score: $minSeverityScore
ids: $asmTagIds
rom
ize
ort
 StructuredScopeDocument {
olicyScopeStructuredScopeDocument
pename
name
 {
ursor
viousPage
sor
tPage
name
unt
me

yScopeStructuredScopeDocument on StructuredScopeDocument {

_bounty
_submission
ags
{
pe
rl

st_request.execute(
point,
,
.to_json.delete("\n"),
e
SON.parse(rest_response.body, symbolize_names: true)
me,
son_resp_hash[:data][:team][:structured_scopes_search]
xceptionWithResponse => e
NSE CODE: #{e.response.code}"
NSE HEADERS:\n#{e.response.headers}"
NSE BODY:\n#{e.response.body}\n\n\n"
 => e
:Plugins::TransparentBrowser.close(browser_obj: browser_obj) if browser_obj
if rest_client
 if rest_request

def self.help

def self.help
self}.open(
'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
al - scheme://proxy_host:port || tor'
{self}.get_bounty_programs(
required - browser_obj returned from #open method',
al - scheme://proxy_host:port || tor',
abled: 'optional - only display programs where payouts are > $0.00 (defaults to false)'
PWN::WWW::HackerOne.get_scope_details(
'required - program name from #get_bounty_programs method',
al - scheme://proxy_host:port || tor'
p_target_config_file(
'required - array of hashes returned from #get_bounty_programs method',
'optional - opts supported by PWN::Plugins::TransparentBrowser.open method',
l - name of burp target config file (defaults to ALL)',
ional - directory to save burp target config files (defaults to \"./\"))'
self}.login(
required - browser_obj returned from #open method',
uired - username',
ional - passwd (will prompt if blank),
self}.logout(
required - browser_obj returned from #open method'
required - browser_obj returned from #open method'

def self.login(opts = {})

def self.login(opts = {})
[:browser_obj]
sername].to_s.scrub.strip.chomp
assword]
obj[:browser]
Plugins::AuthenticationHelper.mask_password
:password].to_s.scrub.strip.chomp
s://hackerone.com/users/sign_in')
(name: 'user[email]').wait_until(&:present?).set(username)
(name: 'user[password]').wait_until(&:present?).set(password)
e: 'commit').click!
 => e

def self.logout(opts = {})

def self.logout(opts = {})
[:browser_obj]
obj[:browser]
icon-arrow-closure').click!
: 16).click!
 => e

def self.open(opts = {})

def self.open(opts = {})
:Plugins::TransparentBrowser.open(opts)
obj[:browser]
s://www.hackerone.com')
 => e

def self.save_burp_target_config_file(opts = {})

def self.save_burp_target_config_file(opts = {})
s[:programs_arr]
rams_arr should be data returned from #get_bounty_programs' unless programs_arr.any?
s[:browser_opts]
ser_opts should be a hash' unless browser_opts.nil? ||
                                  browser_opts.is_a?(Hash)
}
ser_type] = :rest

oot_dir]
ugins::TransparentBrowser.open(browser_opts)
_obj[:browser]::Request
lla/5.0 (Macintosh; Intel Mac OS X 13_5_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36'
arget_config_file-#{name}.json" if opts[:root_dir].nil?
ir}/burp_target_config_file-#{name}.json" unless opts[:root_dir].nil?
nk = programs_arr.select do |program|
 == name
target_config]
nt.execute(
r_agent: user_agent },
load_link
.parse(resp.body)
 #{path}"
 JSON.pretty_generate(json_resp))
h do |program|
[:name]
link = program[:burp_target_config]
_target_config_file-#{name}.json" if opts[:root_dir].nil?
_dir}/burp_target_config_file-#{name}.json" unless opts[:root_dir].nil?
ient.execute(
,
ser_agent: user_agent },
wnload_link
ON.parse(resp.body)
o: #{path}"
h, JSON.pretty_generate(json_resp))
serError,
t::NotFound
 => e

Class Methods

Defined in

lib/pwn/www/hacker_one.rb