scopes_extractor 0.2.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/scopes_extractor/http_client.rb +15 -11
  3. data/lib/scopes_extractor/platforms/intigriti/scopes.rb +21 -6
  4. data/lib/scopes_extractor.rb +3 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2720124a1d479958f99a1e40d303f5a8fa1fb45727b7c575197561522245cd3f
4
- data.tar.gz: bc579dc76168344ac983876d54db4b55977099e6488fbe26a0971bf85488af35
3
+ metadata.gz: 95cac573681be20212d7983aa2dbc9d6f7764c5454d3289eaa0b1dc8029183ed
4
+ data.tar.gz: e05c83b53ae0980ab98f2a2d67b2f92b2ca57ae80acd851ce3de04c07e85bd6e
5
5
  SHA512:
6
- metadata.gz: 9b5387a228e502be7cd36c5ea4e67151ece0a046406931619c159c17d4345069b0885b5de27683a63190b5ac0a108023dc7524e406e836179eb12cf820c6be41
7
- data.tar.gz: 784560b6ed8def4699d7c3e03a34ee02ef5db707183acc7d702e3c058cf0bb0df0c38ceca648609f24cb79941d10dd78bc1f64b8dd4583098bef70dcb19c6f78
6
+ metadata.gz: a087cc7e23fc0412556587194f25ffbfd1d2c94032a45aa99bf332868cef27e12eda2c9615cd43a8f14c26b0a2e59238ae33d610a2b754fcf5d46681c23b63d5
7
+ data.tar.gz: 7d3af7abf76821b52340ddd6eb0129c04d370f26aa4f07be8752f7b40868757c3c907191556e6a42c98afd57b70b71d2db952aa262986c86119954d32aa61c22
data/lib/scopes_extractor/http_client.rb CHANGED
@@ -2,10 +2,12 @@
2
2
 
3
3
  # HttpClient Class
4
4
  class HttpClient
5
- @request_options = {
6
- ssl_verifypeer: false,
7
- ssl_verifyhost: 0
8
- }
5
+ def self.request_options
6
+ {
7
+ ssl_verifypeer: false,
8
+ ssl_verifyhost: 0
9
+ }
10
+ end
9
11
 
10
12
  def self.headers(url, authentication)
11
13
  if url.include?('yeswehack')
@@ -15,23 +17,25 @@ class HttpClient
15
17
  elsif url.include?('bugcrowd')
16
18
  { 'Cookie' => authentication }
17
19
  elsif url.include?('hackerone')
18
- @request_options[:userpwd] = "#{ENV.fetch('H1_USERNAME', nil)}:#{ENV.fetch('H1_API_KEY', nil)}"
19
- { 'Accept' => 'application/json' }
20
+ h1_credz = Base64.urlsafe_encode64("#{ENV.fetch('H1_USERNAME', nil)}:#{ENV.fetch('H1_API_KEY', nil)}")
21
+ { 'Accept' => 'application/json', 'Authorization' => "Basic #{h1_credz}" }
20
22
  else
21
23
  { 'Content-Type' => 'application/json' }
22
24
  end
23
25
  end
24
26
 
25
27
  def self.get(url, authentication = nil)
26
- @request_options[:headers] = headers(url, authentication)
28
+ options = request_options
29
+ options[:headers] = headers(url, authentication)
27
30
 
28
- Typhoeus.get(url, @request_options)
31
+ Typhoeus.get(url, options)
29
32
  end
30
33
 
31
34
  def self.post(url, data)
32
- @request_options[:headers] = { 'Content-Type' => 'application/json' }
33
- @request_options[:body] = data
35
+ options = request_options
36
+ options[:headers] = { 'Content-Type' => 'application/json' }
37
+ options[:body] = data
34
38
 
35
- Typhoeus.post(url, @request_options)
39
+ Typhoeus.post(url, options)
36
40
  end
37
41
  end
data/lib/scopes_extractor/platforms/intigriti/scopes.rb CHANGED
@@ -27,12 +27,18 @@ class Intigriti
27
27
  scopes_normalized = []
28
28
 
29
29
  scopes.each do |scope|
30
- next unless scope['type'] == 1 # 1 == Web Application
31
-
32
- endpoint = normalize(scope['endpoint'])
33
- next if exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
34
-
35
- scopes_normalized << endpoint
30
+ next unless scope['type'] == 1 || scope['type'] == 6 # 1 == Web Application || 6 == Other
31
+
32
+ if scope['type'] == 1 # Web Application
33
+ endpoint = normalize(scope['endpoint'])
34
+ scopes_normalized << endpoint unless exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
35
+ end
36
+
37
+ endpoints_description = extract_description(scope['description'])
38
+ endpoints_description&.each do |endpoint_description|
39
+ endpoint_description = normalize(endpoint_description)
40
+ scopes_normalized << endpoint_description unless exclusions.any? { |exclusion| endpoint_description.include?(exclusion) } || !endpoint_description.include?('.')
41
+ end
36
42
  end
37
43
 
38
44
  scopes_normalized
@@ -42,5 +48,14 @@ class Intigriti
42
48
  endpoint.gsub('/*', '').gsub(' ', '').sub('.*', '.com').sub('.<tld>', '.com')
43
49
  .sub(%r{/$}, '').sub(/\*$/, '')
44
50
  end
51
+
52
+ def self.extract_description(description)
53
+ return [] unless description
54
+
55
+ match = description.match(/In Scope(.*)Out of Scope/)
56
+ return unless match && match[1]
57
+
58
+ match[1].scan(/\*\.[\w.-]+/)
59
+ end
45
60
  end
46
61
  end
data/lib/scopes_extractor.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'base64'
3
4
  require 'dotenv'
4
5
  require 'json'
5
6
  require 'rotp'
@@ -56,6 +57,8 @@ class ScopesExtractor
56
57
  Hackerone::Programs.sync(results['Hackerone'], options)
57
58
  end
58
59
 
60
+ File.open('extract.json', 'w') { |f| f.write(JSON.pretty_generate(results)) } if options[:save]
61
+
59
62
  results
60
63
  end
61
64
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scopes_extractor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joshua MARTINELLE
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-16 00:00:00.000000000 Z
11
+ date: 2023-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize