scopes_extractor 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 694da3bb3d2fd3ed580db8d5afa0da7bac2c2326037ed4218b57d87eca7ca174
+  data.tar.gz: 100836692c414cd682653231a65a5937dc8b201560bbf10fa95e96e38d9b39a8
+SHA512:
+  metadata.gz: 1a3f2040079e8e05cfd2157b259f95b8912813f8f7ec2e867fd0ce9f7802a05a3b46c63027b5493a0d79a2b28f536b67686b9fb3b5d71926e70de31b846764ca
+  data.tar.gz: 53e92c8b6bcf0608c6c14d6e4f4733e29a8c86a930b7a25de1b6d5242c45d8e7eb38df8d0ebbf50a4c4d49d50e2c5c6286d0609d0140fc44d2d72ba21132466a

data/lib/scopes_extractor/http_client.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+# HttpClient Class
+class HttpClient
+  @request_options = {
+    ssl_verifypeer: false,
+    ssl_verifyhost: 0
+  }
+
+  def self.headers(url, authentication)
+    case
+    when url.include?('yeswehack')
+      { 'Content-Type' => 'application/json', Authorization: "Bearer #{authentication}" }
+    when url.include?('intigriti')
+      { Authorization: "Bearer #{authentication}" }
+    when url.include?('bugcrowd')
+      { 'Cookie' => authentication }
+    when url.include?('hackerone')
+      @request_options[:userpwd] = "#{ENV.fetch('H1_USERNAME', nil)}:#{ENV.fetch('H1_API_KEY', nil)}"
+      { 'Accept' => 'application/json' }
+    else
+      { 'Content-Type' => 'application/json' }
+    end
+  end
+
+  def self.get(url, authentication = nil)
+    @request_options[:headers] = headers(url, authentication)
+
+    Typhoeus.get(url, @request_options)
+  end
+
+  def self.post(url, data)
+    @request_options[:headers] = { 'Content-Type' => 'application/json' }
+    @request_options[:body] = data
+
+    Typhoeus.post(url, @request_options)
+  end
+end

data/lib/scopes_extractor/platforms/bugcrowd/cookie.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require 'mechanize'
+
+class Bugcrowd
+  # Bugcrowd Auth Class
+  class Auth
+    def self.cookie
+      # Use Mechanize otherwise the login flow is a hell with Typhoeus
+      mechanize = Mechanize.new
+
+      submit_credentials(mechanize)
+      cookie = dump_cookie(mechanize)
+      return unless cookie
+
+      cookie
+    end
+
+    def self.submit_credentials(mechanize)
+      login_page = mechanize.get('https://bugcrowd.com/user/sign_in')
+      form = login_page.forms.first
+
+      form.field_with(id: 'user_email').value = ENV.fetch('BUGCROWD_EMAIL', nil)
+      form.field_with(id: 'user_password').value = ENV.fetch('BUGCROWD_PASSWORD', nil)
+      form.submit
+    end
+
+    def self.dump_cookie(mechanize)
+      begin
+        page = mechanize.get('https://bugcrowd.com/dashboard')
+      rescue Mechanize::ResponseCodeError
+        return
+      end
+      return unless page
+
+      set_cookie = page.header['Set-Cookie']
+      match = /_crowdcontrol_session=[\w-]+/.match(set_cookie)
+
+      match[0]
+    end
+  end
+end

data/lib/scopes_extractor/platforms/bugcrowd/programs.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require_relative 'scopes'
+
+class Bugcrowd
+  # Bugcrowd Sync Programs
+  class Programs
+    def self.sync(results, options, cookie, page_id = 1)
+      response = HttpClient.get("https://bugcrowd.com/programs.json?page[]=#{page_id}&waitlistable[]=false&joinable[]=false", cookie)
+      return unless response&.code == 200
+
+      body = JSON.parse(response.body)
+      parse_programs(body['programs'], options, results, cookie)
+
+      sync(results, options, cookie, page_id + 1) unless page_id == body['meta']['totalPages']
+    end
+
+    def self.parse_programs(programs, options, results, cookie)
+      programs.each do |program|
+        next if program['status'] == 4 # Disabled
+        next if program['min_rewards'].nil? && options[:skip_vdp]
+
+        results[program['name']] = program_info(program)
+        results[program['name']]['scopes'] = Scopes.sync(program_info(program), cookie)
+      end
+    end
+
+    def self.program_info(program)
+      {
+        slug: program['code'],
+        enabled: true,
+        private: false
+      }
+    end
+  end
+end

data/lib/scopes_extractor/platforms/bugcrowd/scopes.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+class Bugcrowd
+  # Bugcrowd Sync Programs
+  class Scopes
+    def self.sync(program, cookie)
+      scopes = {}
+      response = HttpClient.get("https://bugcrowd.com/#{program[:slug]}.json", cookie)
+      return scopes unless response&.code == 200
+
+      target_group_url = JSON.parse(response.body).dig('program', 'targetGroupsUrl')
+      response = HttpClient.get(File.join('https://bugcrowd.com/', target_group_url), cookie)
+      return scopes unless response&.code == 200
+
+      targets_url = JSON.parse(response.body).dig('groups', 0, 'targets_url')
+      return scopes unless targets_url
+
+      response = HttpClient.get(File.join('https://bugcrowd.com/', targets_url), cookie)
+      return scopes unless response&.code == 200
+
+      in_scopes = JSON.parse(response.body)['targets']
+      scopes['in'] = parse_scopes(in_scopes)
+
+      scopes['out'] = { } # TODO
+
+      scopes
+    end
+
+    def self.parse_scopes(scopes)
+      exclusions = %w[}] # TODO : Try to normalize this
+      scopes_normalized = []
+
+      scopes.each do |scope|
+        next unless scope['category'] == 'website' || scope['category'] == 'api'
+
+        endpoint = scope['name']
+        next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
+
+        scopes_normalized << endpoint
+      end
+
+      scopes_normalized
+    end
+  end
+end

data/lib/scopes_extractor/platforms/hackerone/programs.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require_relative 'scopes'
+
+class Hackerone
+  # Hackerone Sync Programs
+  class Programs
+    def self.sync(results, options, page_id = 1)
+      programs_infos = programs_infos(page_id)
+      return unless programs_infos
+
+      programs_infos[:programs].each do |program|
+        next unless program['attributes']['submission_state'] == 'open' && program['attributes']['offers_bounties']
+        next if options[:skip_vdp] && !program['attributes']['offers_bounties']
+
+        results[program['attributes']['name']] = program_info(program)
+        results[program['attributes']['name']]['scopes'] = Scopes.sync(program_info(program))
+      end
+
+      sync(results, options, page_id + 1) if programs_infos[:next_page]
+    end
+
+    def self.program_info(program)
+      {
+        slug: program['attributes']['handle'],
+        enabled: true,
+        private: !program['attributes']['state'] == 'public_mode'
+      }
+    end
+
+    def self.programs_infos(page_id)
+      response = HttpClient.get("https://api.hackerone.com/v1/hackers/programs?page%5Bnumber%5D=#{page_id}")
+      if response&.code == 429
+        sleep 65 # Rate limit
+        programs_infos(page_id)
+      end
+      return unless response.code == 200
+
+      json_body = JSON.parse(response.body)
+      { next_page: json_body['links']['next'], programs: json_body['data'] }
+    end
+  end
+end

data/lib/scopes_extractor/platforms/hackerone/scopes.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+class Hackerone
+  # Hackerone Sync Programs
+  class Scopes
+    def self.sync(program)
+      scopes = {}
+      response = HttpClient.get( "https://api.hackerone.com/v1/hackers/programs/#{program[:slug]}")
+      return scopes unless response&.code == 200
+
+      in_scopes = JSON.parse(response.body)['relationships']['structured_scopes']['data']
+      scopes['in'] = parse_scopes(in_scopes)
+
+      scopes['out'] = { } # TODO
+
+      scopes
+    end
+
+    def self.parse_scopes(scopes)
+      scopes_normalized = []
+
+      scopes.each do |scope|
+        next unless scope['attributes']['asset_type'] == 'URL'
+
+        endpoint = scope['attributes']['asset_identifier']
+        normalized = normalized(endpoint)
+
+        normalized.each do |asset|
+          scopes_normalized << asset
+        end
+      end
+
+      scopes_normalized
+    end
+
+    def self.normalized(endpoint)
+      endpoint.sub!(%r{/$}, '')
+
+      normalized = []
+
+      if endpoint.include?(',')
+        endpoint.split(',').each { |asset| normalized << asset }
+      else
+        normalized << endpoint
+      end
+
+      normalized
+    end
+  end
+end

data/lib/scopes_extractor/platforms/intigriti/programs.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative 'scopes'
+
+class Intigriti
+  # Intigrit Sync Programs
+  class Programs
+    def self.sync(results, options, token)
+      response = HttpClient.get('https://api.intigriti.com/core/researcher/programs', token)
+      return unless response&.code == 200
+
+      programs = JSON.parse(response.body)
+      parse_programs(programs, options, results, token)
+    end
+
+    def self.parse_programs(programs, options, results, token)
+      programs.each do |program|
+        next if options[:skip_vdp] && !program['maxBounty']['value'].positive?
+        next if program['status'] == 4 # Suspended
+
+        results[program['name']] = program_info(program)
+        results[program['name']]['scopes'] = Scopes.sync({ handle: program['handle'], company: program['companyHandle'] }, token)
+      end
+    end
+
+    def self.program_info(program)
+      {
+        slug: program['handle'],
+        enabled: true,
+        private: program['confidentialityLevel'] != 4 # == public
+      }
+    end
+  end
+end

data/lib/scopes_extractor/platforms/intigriti/scopes.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'cgi'
+
+class Intigriti
+  # Intigrit Sync Programs
+  class Scopes
+    def self.sync(program, token)
+      scopes = {}
+      company = CGI.escape(program[:company])
+      handle = CGI.escape(program[:handle])
+
+      response = HttpClient.get("https://api.intigriti.com/core/researcher/programs/#{company}/#{handle}", token)
+      return scopes unless response&.code == 200
+
+      in_scopes = JSON.parse(response.body)['domains']&.last['content']
+      scopes['in'] = parse_scopes(in_scopes)
+
+      out_scopes = JSON.parse(response.body)['outOfScopes'].last['content']['content']
+      scopes['out'] = out_scopes
+
+      scopes
+    end
+
+    def self.parse_scopes(scopes)
+      exclusions = %w[> | \] } Anyrelated] # TODO : Try to normalize this, it only concerns 1 or 2 programs currently
+      scopes_normalized = []
+
+      scopes.each do |scope|
+        next unless scope['type'] == 1 # 1 == Web Application
+
+        endpoint = normalize(scope['endpoint'])
+        next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
+
+        scopes_normalized << endpoint
+      end
+
+      scopes_normalized
+    end
+
+    def self.normalize(endpoint)
+      endpoint.gsub('/*', '').gsub(' ', '').sub('.*', '.com').sub('.<tld>', '.com')
+              .sub(%r{/$}, '').sub(/\*$/, '')
+    end
+  end
+end

data/lib/scopes_extractor/platforms/intigriti/token.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'mechanize'
+
+class Intigriti
+  # Intigriti Auth Class
+  class Auth
+    def self.token
+      # Use Mechanize otherwise the login flow is a hell with Typhoeus
+      mechanize = Mechanize.new
+
+      submit_credentials(mechanize)
+      submit_otp(mechanize)
+      token = dump_token(mechanize)
+      return unless token
+
+      token
+    end
+
+    def self.submit_credentials(mechanize)
+      login_page = mechanize.get('https://login.intigriti.com/account/login')
+      form = login_page.forms.first
+
+      form.field_with(id: 'Input_Email').value = ENV.fetch('INTIGRITI_EMAIL', nil)
+      resp = form.submit
+      form = resp.forms.first
+
+      form.field_with(id: 'Input_Password').value = ENV.fetch('INTIGRITI_PASSWORD', nil)
+      form.submit
+    end
+
+    def self.submit_otp(mechanize)
+      return if ENV['INTIGRITI_OTP']&.empty?
+
+      totp_page = mechanize.get('https://login.intigriti.com/account/loginwith2fa')
+      totp_code = ROTP::TOTP.new(ENV.fetch('INTI_OTP', nil))
+
+      form = totp_page.forms.first
+      form.field_with(id: 'Input_TwoFactorAuthentication_VerificationCode').value = totp_code.now
+      form.submit
+    end
+
+    def self.dump_token(mechanize)
+      begin
+        token_page = mechanize.get('https://app.intigriti.com/auth/token')
+      rescue Mechanize::ResponseCodeError
+        return
+      end
+      return unless token_page&.body
+
+      token_page.body&.undump
+    end
+  end
+end

data/lib/scopes_extractor/platforms/yeswehack/jwt.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+class YesWeHack
+  # YesWeHack Auth Class
+  class Auth
+    def self.jwt
+      totp_token = get_totp_token
+      return unless totp_token
+
+      response = send_totp(totp_token)
+      return unless response
+
+      jwt = JSON.parse(response.body)['token']
+      return unless jwt
+
+      jwt
+    end
+
+    def self.get_totp_token
+      data = { email: ENV.fetch('YWH_EMAIL', nil), password: ENV.fetch('YWH_PASSWORD', nil) }.to_json
+      response = HttpClient.post('https://api.yeswehack.com/login', data)
+      return unless response&.code == 200
+
+      JSON.parse(response.body)['totp_token']
+    end
+
+    def self.send_totp(totp_token)
+      data = { token: totp_token, code: ROTP::TOTP.new(ENV['YWH_OTP']).now }.to_json
+      response = HttpClient.post('https://api.yeswehack.com/account/totp', data)
+      return unless response.code == 200
+
+      response
+    end
+  end
+end

data/lib/scopes_extractor/platforms/yeswehack/programs.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require_relative 'scopes'
+
+class YesWeHack
+  # YesWeHack Sync Programs
+  class Programs
+    def self.sync(results, options, jwt, page_id = 1)
+      programs_infos = get_programs_infos(page_id, jwt)
+      return unless programs_infos
+
+      parse_programs(programs_infos, options, results, jwt)
+      sync(results, options, jwt, page_id + 1) unless page_id == programs_infos[:nb_pages]
+    end
+
+    def self.get_programs_infos(page_id, jwt)
+      response = HttpClient.get("https://api.yeswehack.com/programs?page=#{page_id}", jwt)
+      return unless response&.code == 200
+
+      json_body = JSON.parse(response.body)
+      { nb_pages: json_body['pagination']['nb_pages'], programs: json_body['items'] }
+    end
+
+    def self.parse_programs(programs_infos, options, results, jwt)
+      programs_infos[:programs].each do |program|
+        next if program['disabled']
+        next if program['vdp'] && options[:skip_vdp]
+
+        results[program['title']] = program_info(program)
+        results[program['title']]['scopes'] = Scopes.sync(program_info(program), jwt)
+      end
+    end
+
+    def self.program_info(program)
+      {
+        slug: program['slug'],
+        enabled: true,
+        private: !program['public']
+      }
+    end
+  end
+end

data/lib/scopes_extractor/platforms/yeswehack/scopes.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+class YesWeHack
+  # YesWeHack Sync Scopes
+  class Scopes
+    def self.sync(program, jwt)
+      scopes = {}
+      response = HttpClient.get("https://api.yeswehack.com/programs/#{program[:slug]}", jwt)
+      return scopes unless response&.code == 200
+
+      in_scopes = JSON.parse(response.body)['scopes']
+      scopes['in'] = parse_scopes(in_scopes)
+
+      out_scopes = JSON.parse(response.body)&.dig('out_of_scope')
+      scopes['out'] = out_scopes
+
+      scopes
+    end
+
+    def self.parse_scopes(scopes)
+      scopes_normalized = []
+
+      scopes.each do |infos|
+        next unless %w[web-application api].include?(infos['scope_type'])
+
+        normalized = normalize(infos['scope'])
+        normalized.each do |asset|
+          scopes_normalized << asset
+        end
+      end
+
+      scopes_normalized
+    end
+
+    # rubocop:disable Metrics/AbcSize
+    # rubocop:disable Metrics/MethodLength
+    # rubocop:disable Metrics/PerceivedComplexity
+    # rubocop:disable Metrics/CyclomaticComplexity
+    def self.normalize(scope)
+      # Remove (+++) & When end with '*'
+      scope = scope.gsub(/\(?\+\)?/, '').sub(/\*$/, '').strip
+      return [] if scope.include?('<') # <yourdomain>-yeswehack.domain.tld
+
+      normalized = []
+
+      match = scope.match(/^(.*)\((.*)\)$/) # Ex: *.lazada.(sg|vn|co.id|co.th|com|com.ph|com.my)
+      if match && match[1] && match[2]
+        tlds = match[2].split('|')
+        tlds.each { |tld| normalized << "#{match[1]}#{tld}" }
+      elsif scope.include?(' ')
+        normalized << scope.split(' ')[0]
+      elsif scope.match?(%r{https?://\*})
+        normalized << scope.sub(%r{https?://}, '')
+      else
+        normalized << scope
+      end
+
+      normalized
+    end
+  end
+end

data/lib/scopes_extractor/utilities.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'logger'
+require 'colorize'
+
+class ScopesExtractor
+  # Provides helper methods to be used in all the different classes
+  class Utilities
+    # Creates a singleton logger
+    def self.logger
+      @logger ||= Logger.new($stdout)
+    end
+
+    # Set the log level for the previous logger
+    def self.log_level=(level)
+      logger.level = level.downcase.to_sym
+    end
+
+    def self.log_fatal(message)
+      logger.fatal(message.red)
+
+      exit
+    end
+
+    def self.log_info(message)
+      logger.info(message.green)
+    end
+
+    def self.log_control(message)
+      logger.info(message.light_blue)
+    end
+
+    def self.log_warn(message)
+      logger.warn(message.yellow)
+    end
+  end
+end

data/lib/scopes_extractor.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'dotenv'
+require 'json'
+require 'rotp'
+require 'typhoeus'
+
+require_relative 'scopes_extractor/utilities'
+require_relative 'scopes_extractor/http_client'
+require_relative 'scopes_extractor/platforms/bugcrowd/cookie'
+require_relative 'scopes_extractor/platforms/bugcrowd/programs'
+require_relative 'scopes_extractor/platforms/hackerone/programs'
+require_relative 'scopes_extractor/platforms/intigriti/token'
+require_relative 'scopes_extractor/platforms/intigriti/programs'
+require_relative 'scopes_extractor/platforms/yeswehack/jwt'
+require_relative 'scopes_extractor/platforms/yeswehack/programs'
+
+# Class entrypoint to start the extractions and initializes all the objects
+class ScopesExtractor
+  attr_reader :options
+  attr_accessor :results
+
+  def initialize(options = {})
+    @options = options
+    @results = {}
+  end
+
+  def extract
+    Utilities.log_fatal('[-] The file containing the credentials is mandatory') unless options[:credz_file]
+    Dotenv.load(options[:credz_file])
+
+    if options[:yeswehack]
+      jwt = YesWeHack::Auth.jwt
+
+      results['YesWeHack'] = {}
+      YesWeHack::Programs.sync(results['YesWeHack'], options, jwt)
+    end
+
+    if options[:intigriti]
+      token = Intigriti::Auth.token
+      results['Intigriti'] = {}
+
+      Intigriti::Programs.sync(results['Intigriti'], options, token)
+    end
+
+    if options[:bugcrowd]
+      cookie = Bugcrowd::Auth.cookie
+      results['Bugcrowd'] = {}
+
+      Bugcrowd::Programs.sync(results['Bugcrowd'], options, cookie)
+    end
+
+    if options[:hackerone]
+      results['Hackerone'] = {}
+      Hackerone::Programs.sync(results['Hackerone'], options)
+    end
+
+    p results
+  end
+end

metadata

@@ -0,0 +1,171 @@
+--- !ruby/object:Gem::Specification
+name: scopes_extractor
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Joshua MARTINELLE
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-05-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.8.1
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.3
+- !ruby/object:Gem::Dependency
+  name: mechanize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.9.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.9.1
+- !ruby/object:Gem::Dependency
+  name: typhoeus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.2.2
+description:
+email:
+- contact@jomar.fr
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/scopes_extractor.rb
+- lib/scopes_extractor/http_client.rb
+- lib/scopes_extractor/platforms/bugcrowd/cookie.rb
+- lib/scopes_extractor/platforms/bugcrowd/programs.rb
+- lib/scopes_extractor/platforms/bugcrowd/scopes.rb
+- lib/scopes_extractor/platforms/hackerone/programs.rb
+- lib/scopes_extractor/platforms/hackerone/scopes.rb
+- lib/scopes_extractor/platforms/intigriti/programs.rb
+- lib/scopes_extractor/platforms/intigriti/scopes.rb
+- lib/scopes_extractor/platforms/intigriti/token.rb
+- lib/scopes_extractor/platforms/yeswehack/jwt.rb
+- lib/scopes_extractor/platforms/yeswehack/programs.rb
+- lib/scopes_extractor/platforms/yeswehack/scopes.rb
+- lib/scopes_extractor/utilities.rb
+homepage: https://rubygems.org/gems/scopes_extractor
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.1
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: BugBounty Scopes Extractor
+test_files: []