scopes_extractor 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/scopes_extractor/http_client.rb +15 -11
- data/lib/scopes_extractor/platforms/intigriti/scopes.rb +21 -6
- data/lib/scopes_extractor.rb +3 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 95cac573681be20212d7983aa2dbc9d6f7764c5454d3289eaa0b1dc8029183ed
|
|
4
|
+
data.tar.gz: e05c83b53ae0980ab98f2a2d67b2f92b2ca57ae80acd851ce3de04c07e85bd6e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a087cc7e23fc0412556587194f25ffbfd1d2c94032a45aa99bf332868cef27e12eda2c9615cd43a8f14c26b0a2e59238ae33d610a2b754fcf5d46681c23b63d5
|
|
7
|
+
data.tar.gz: 7d3af7abf76821b52340ddd6eb0129c04d370f26aa4f07be8752f7b40868757c3c907191556e6a42c98afd57b70b71d2db952aa262986c86119954d32aa61c22
|
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
|
|
3
3
|
# HttpClient Class
|
|
4
4
|
class HttpClient
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
def self.request_options
|
|
6
|
+
{
|
|
7
|
+
ssl_verifypeer: false,
|
|
8
|
+
ssl_verifyhost: 0
|
|
9
|
+
}
|
|
10
|
+
end
|
|
9
11
|
|
|
10
12
|
def self.headers(url, authentication)
|
|
11
13
|
if url.include?('yeswehack')
|
|
@@ -15,23 +17,25 @@ class HttpClient
|
|
|
15
17
|
elsif url.include?('bugcrowd')
|
|
16
18
|
{ 'Cookie' => authentication }
|
|
17
19
|
elsif url.include?('hackerone')
|
|
18
|
-
|
|
19
|
-
{ 'Accept' => 'application/json' }
|
|
20
|
+
h1_credz = Base64.urlsafe_encode64("#{ENV.fetch('H1_USERNAME', nil)}:#{ENV.fetch('H1_API_KEY', nil)}")
|
|
21
|
+
{ 'Accept' => 'application/json', 'Authorization' => "Basic #{h1_credz}" }
|
|
20
22
|
else
|
|
21
23
|
{ 'Content-Type' => 'application/json' }
|
|
22
24
|
end
|
|
23
25
|
end
|
|
24
26
|
|
|
25
27
|
def self.get(url, authentication = nil)
|
|
26
|
-
|
|
28
|
+
options = request_options
|
|
29
|
+
options[:headers] = headers(url, authentication)
|
|
27
30
|
|
|
28
|
-
Typhoeus.get(url,
|
|
31
|
+
Typhoeus.get(url, options)
|
|
29
32
|
end
|
|
30
33
|
|
|
31
34
|
def self.post(url, data)
|
|
32
|
-
|
|
33
|
-
|
|
35
|
+
options = request_options
|
|
36
|
+
options[:headers] = { 'Content-Type' => 'application/json' }
|
|
37
|
+
options[:body] = data
|
|
34
38
|
|
|
35
|
-
Typhoeus.post(url,
|
|
39
|
+
Typhoeus.post(url, options)
|
|
36
40
|
end
|
|
37
41
|
end
|
|
@@ -27,12 +27,18 @@ class Intigriti
|
|
|
27
27
|
scopes_normalized = []
|
|
28
28
|
|
|
29
29
|
scopes.each do |scope|
|
|
30
|
-
next unless scope['type'] == 1 # 1 == Web Application
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
30
|
+
next unless scope['type'] == 1 || scope['type'] == 6 # 1 == Web Application || 6 == Other
|
|
31
|
+
|
|
32
|
+
if scope['type'] == 1 # Web Application
|
|
33
|
+
endpoint = normalize(scope['endpoint'])
|
|
34
|
+
scopes_normalized << endpoint unless exclusions.any? { |exclusion| endpoint.include?(exclusion) } || !endpoint.include?('.')
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
endpoints_description = extract_description(scope['description'])
|
|
38
|
+
endpoints_description&.each do |endpoint_description|
|
|
39
|
+
endpoint_description = normalize(endpoint_description)
|
|
40
|
+
scopes_normalized << endpoint_description unless exclusions.any? { |exclusion| endpoint_description.include?(exclusion) } || !endpoint_description.include?('.')
|
|
41
|
+
end
|
|
36
42
|
end
|
|
37
43
|
|
|
38
44
|
scopes_normalized
|
|
@@ -42,5 +48,14 @@ class Intigriti
|
|
|
42
48
|
endpoint.gsub('/*', '').gsub(' ', '').sub('.*', '.com').sub('.<tld>', '.com')
|
|
43
49
|
.sub(%r{/$}, '').sub(/\*$/, '')
|
|
44
50
|
end
|
|
51
|
+
|
|
52
|
+
def self.extract_description(description)
|
|
53
|
+
return [] unless description
|
|
54
|
+
|
|
55
|
+
match = description.match(/In Scope(.*)Out of Scope/)
|
|
56
|
+
return unless match && match[1]
|
|
57
|
+
|
|
58
|
+
match[1].scan(/\*\.[\w.-]+/)
|
|
59
|
+
end
|
|
45
60
|
end
|
|
46
61
|
end
|
data/lib/scopes_extractor.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require 'base64'
|
|
3
4
|
require 'dotenv'
|
|
4
5
|
require 'json'
|
|
5
6
|
require 'rotp'
|
|
@@ -56,6 +57,8 @@ class ScopesExtractor
|
|
|
56
57
|
Hackerone::Programs.sync(results['Hackerone'], options)
|
|
57
58
|
end
|
|
58
59
|
|
|
60
|
+
File.open('extract.json', 'w') { |f| f.write(JSON.pretty_generate(results)) } if options[:save]
|
|
61
|
+
|
|
59
62
|
results
|
|
60
63
|
end
|
|
61
64
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: scopes_extractor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joshua MARTINELLE
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-05-
|
|
11
|
+
date: 2023-05-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|