bbscope
The ultimate scope gathering tool for HackerOne, Bugcrowd, and Intigriti by sw33tLie.
Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job.
What about getting a list of android apps that you are allowed to test? We've got you covered as well.
Reverse engineering god? No worries, you can get a list of binaries to analyze too :)
Installation
Make sure you've a recent version of the Go compiler installed on your system. Then just run:
GO111MODULE=on go get -u github.com/sw33tLie/bbscope
Usage
bbscope (h1|bc|it) -t <session-token> <other-flags>
How to get the session token:
- HackerOne: login, then grab the
__Host-session
cookie - Bugcrowd: login, then grab the
_crowdcontrol_session
cookie - Intigriti: login, then intercept a request to api.intigriti.com and look for the
Authentication: Bearer XXX
header. XXX is your token
Flags
HackerOne:
$ bbscope h1 --help
-b, --bbpOnly Only fetch programs offering monetary rewards
-c, --categories string Scope categories, comma separated (Available: all, url, cidr, mobile, android, apple, other, hardware, code, executable) (default "all")
-d, --descToo Also print the scope description (some URLs might be here)
-h, --help help for h1
-l, --list List programs instead of grabbing their scope
--noToken Don't use a session token (aka public programs only)
--proxy string HTTP Proxy (Useful for debugging. Example: http://127.0.0.1:8080)
-p, --pvtOnly Only fetch data from private programs
-t, --token string HackerOne session token (__Host-session cookie)
-u, --urlsToo Also print the program URL (on each line)
Bugcrowd:
$ bbscope bc --help
-b, --bbpOnly Only fetch programs offering monetary rewards
-c, --categories string Scope categories, comma separated (Available: all, url, api, mobile, android, apple, other, hardware) (default "all")
--concurrency int Concurrency (default 2)
-h, --help help for bc
-l, --list List programs instead of grabbing their scope
--proxy string HTTP Proxy (Useful for debugging. Example: http://127.0.0.1:8080)
-p, --pvtOnly Only fetch data from private programs
-t, --token string Bugcrowd session token (_crowdcontrol_session cookie)
-u, --urlsToo Also print the program URL (on each line)
Intigriti:
$ bbscope it --help
-b, --bbpOnly Only fetch programs offering monetary rewards
-c, --categories string Scope categories, comma separated (Available: all, url, cidr, mobile, android, apple, device, other) (default "all")
-h, --help help for it
-l, --list List programs instead of grabbing their scope
--proxy string HTTP Proxy (Useful for debugging. Example: http://127.0.0.1:8080)
-p, --pvtOnly Only fetch data from private programs
-t, --token string Intigriti Authentication Bearer Token (From api.intigriti.com)
-u, --urlsToo Also print the program URL (on each line)