fire-marshal-ebay 0.0.1-security.2 → 1.0.0

package/synackAPI/README.md

@@ -0,0 +1,238 @@
+# Library for interacting with Synack API 
+This is a library and set of scripts that make SRT life a little easier when interacting with the platform from a linux commandline.
+* Connect to platform
+  * Stay connected to the platform
+* Register available targets
+* Connect to targets
+* Download targets' scope
+* Retrieve analytics from `Web Application` and `Host` targets
+* Download hydra findings
+* Retrieve target specific information:
+  * Client names
+  * Codenames
+  * Slugs
+  * Target types
+* Enable mission-claiming bots
+* Manage notifications
+
+# Acknowledgements
+Thank you Malcolm, Nicolas, and pmnh for making this better!
+
+# Configuration requirements 
+## Operating System
+This has been developed on Linux. I have no idea if it will work on Windows. It might, but your mileage may vary. I do not use windows. If you do, and you want to test, please do. 
+
+## Configuration Directories
+The required directory is `~/.synack`.
+
+## synack.conf
+This is a required config file, and is expected to be in the directory ~/.synack/
+```
+[DEFAULT]
+login_wait = 15
+login_url = https://login.synack.com
+email = your.email@domain.tld
+password = your.synack.password
+authy_secret = ABCDEFGHIJKLMNOPQRSTUVWXYZ======
+webhook_url = https://hooks.slack.com/services/...
+```
+* login_wait
+  * Number of seconds to wait for the platform's website to be loaded before attempting to log in. Can take a while.
+* login_url
+  * This should stay as is, unless Synack changes something
+* email
+  * The email address you use to log into the platform
+* password
+  * The password you use to log into the platform
+* authy_secret
+  * base32 secret for generating Authy tokens
+  * Guillaume Boudreau provide a nice [walk through](https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93) for getting this secret
+    * Follow the above to get Authy into debug mode, then use [THIS CODE](https://gist.github.com/louiszuckerman/2dd4fddf8097ce89594bb33426ab5e23#ok-thats-nice-but-i-want-to-get-rid-of-authy-now) to get your valid TOTP SECRET!
+* webhook_url is the incoming webhook url for slack notifications.  This will be used from the bot.py to inform you about obtained missions in real time. To create one simply visit https://api.slack.com/apps?new_app=1 and create an app to add later an incoming webhook into it.  You can choose any workspace to do so.
+* gecko true/false (default true) - if false, the `requests` module will be used for the login flow, instead of the geckodriver (works well on Windows)
+* proxy true/false (default false) - if true, route requests through a local proxy for debugging
+* proxyport (default 8080) - local proxy port used for debugging
+* session_token_path (default /tmp/synacktoken) - location to store synack token
+* notification_token_path (default /tmp/notificationtoken) - location to store notification token
+
+## requirements.txt
+Your best bet to have all required python3 modules is to run `pip3 install -r requirements.txt`. I cannot help troubleshoot any other modules.
+
+## geckodriver
+You must install [geckodriver](https://github.com/mozilla/geckodriver/) and it must be in your $PATH (note, this is currently true even if you have `gecko` set to `False` in the config file)
+
+# Synack API python3 module
+
+This python3 module provides a class to create objects for interacting with the Synack LP/LP+ platform.
+<br>Basic use:
+```
+from synack import synack
+
+s1 = synack()
+s1.getSessionToken()
+s1.getAllTargets()
+```
+## synack()
+This method creates an object that can be used to interact with the LP/LP+ platform.
+
+## connectToPlatform()
+This method is used to connect to the Synack platform and writes the session token to disk using requests or Gecko.
+
+## connectToPlatformrequests()
+This method 
+
+## connectToPlatformGecko()
+### SSL Certificates
+This method will create the directory `~/.synack/selenium.profile`. The first time connecting to the SRT Platform, you will be asked to install the cacert.crt file. This allows the cert to be permanently stored and used with geckodriver.
+
+## getSessionToken()
+This method reads a file disk location of `synack.tokenPath` and stores the file contents into the `synack.token` variable. If the file does not contain a valid Synack platform authentication token, the rest of this library will not work.
+
+## getAllTargets()
+This method pulls down a descriptive JSON on all targets. Most other methods rely on this JSON and should normally be the second function method called.
+
+## getAssessments()
+This method returns a list of all Synack assessments that have been completed.
+
+## getCodenames(category, mission_only=False)
+This method takes two parameters and returns a list of codenames.
+
+### parameters:
+* category `STRING` defines the type of target you're looking for and must be one of the following:
+  * "web application"
+  * "host"
+  * "mobile"
+  * "source code"
+  * "reverse engineering"
+  * "hardware"
+* mission_only `BOOLEAN`
+  * True: returns targets that only allow SV2M missions
+  * False: returns targets that are NOT SV2M only.
+
+## clientName(codename)
+This method takes the target codename and returns the client's true name.
+
+## connectToTarget(codename)
+This method takes a target codename and connects to it.
+
+## getCategory(codename)
+This method takes a target codename and returns what type of assessment the target requires.
+
+## getTargetID(codename)
+This method takes a target codename and returns the project slug. This method is generally not used by end users, but rather supports other function methods.
+
+## getCodenameFromSlug(slug)
+This method takes a project slug and returns the target codename. This method is generally not used by end users, but rather supports other function methods.
+
+## getCurrentTargetSlug()
+This method returns the slug of whatever target you are connected to. If not connected to a target, this will return `None`.
+
+## getScope(codename)
+This method takes a codename and returns its scope as a list of dicts.
+* `Host` targets return the CIDR notation ranges
+* `Web Application` targets return the expanded list of rules:
+  * scheme: (http || https)
+  * netloc: the "domain" part of the url
+  * path: the path of the url
+  * wildcard: if the **subdomain** of the url is a wildcard, not the path
+
+```
+https://www.example.com/*
+*.example.com/path/*
+
+[
+  {
+    'scheme': 'https',
+    'netloc': 'www.example.com',
+    'path': '/*',
+    'wildcard': False
+  },
+  {
+    'scheme': '',
+    'netloc': 'example.com',
+    'path': '/path/*',
+    'wildcard': True
+  }
+]
+```
+
+## registerAll()
+This method registers all unregistered targets
+<br>**Thanks Ozgur for most of the leg work :)**
+
+## getAnalytics(codename, status)
+This method takes a codename and status `accepted | rejected | in_queue | all` and returns a list of all endpoints reported in that target's `Analytics` tab.
+
+## getHydra(codename)
+This method takes a codename and returns a json of all hydra reported in that target's `Hydra` tab.
+
+## getRoes(slug):
+This method takes a target slug and returns any additional rules of engagement as a list.
+
+## pollMissions()
+This method polls the API for available missions and returns a json to send to `claimMission(missionJson)`
+
+## claimMission(missionJson)
+This method takes a json from the pollMission() function and attempts to claim available missions based on dollar value, highest to lowest. The return value is a list of dicts in the format:
+```
+[
+  {
+    'target': 'Target Name',
+    'payout': '20',
+    'claimed': False
+  }
+]
+```
+
+## getNotificationToken()
+This method is used to obtain the bearer token used to authenticate to the notifications.synack.com API.
+
+## markNotificationsRead()
+This method marks all notifications as read.
+
+## pollNotifications()
+This method retrieves all unread notifications and returns a list of dicts with the following fields:
+```
+{
+  "id": INT,                  # ID of the notifications
+  "user_id": INT,             # Your synack ID (integer)
+  "subject": "STRING",        # Codename, dollar amount of transfer, etc..
+  "subject_type": "STRING",   # What is this? listing update, cashout, etc..
+  "action": "STRING",         # What is the action: outage_starts, scope, etc..
+  "url": "STRING",            # Relevant URL path
+  "created_at": "DATETIME",
+  "read": BOOL,               # true/false
+  "meta": {
+                              # All sorts of other stuff
+  }
+}
+```
+
+## getVulns(status="accepted")
+This method takes either zero or single parameter (status) and returns a list of all vulns you've submitted. The `status` parameter could be either
+* accepted (default)
+* rejected
+
+## getVuln(identifier)
+This method takes a vulnerability identifier, e.g. CODENAME-###, as a parameter and returns a dict with all details of the vulnerability.
+
+## getDrafts()
+This method returns a list of dictionaries containing data for each draft vulnerability.
+
+## deleteDraft(id)
+This method takes a draft vulnerability identifier (integer value) as a parameter and deletes the draft vulnerability.
+
+## getTransactions()
+This method returns all cashout transactions as list.
+
+## Docker setup
+There are few ways to run the module under docker, the fastest way will be to obtain it directly and run it using <br>
+```docker run -d --name synackapi --dns 8.8.8.8 --rm -v ~/.synack:/root/.synack krasn/synackapi```<br>
+The above will run the docker directly under the name synackapi and will use your synack.conf as it's configured per above instructions. The default mode of the docker will be to stay on the background and poll for new targets every hour which will accept.
+<br>
+To run the missions bot an idea will be to run the docker with the following method:<br>
+```docker run -ti --name synackapi --dns 8.8.8.8 --rm -v ~/.synack:/root/.synack krasn/synackapi python3 bot.py```<br>
+or if it's already running <br>
+```docker exec -ti synackapi krasn/synackapi python3 bot.py```<br>
+* Notes ** If would like to build the docker from scratch instructions are on Dockerfile, you will additionally need to modify synack.conf file and set `self.headless = True`
+* To simply pull the docker image and do nothing you can always use ```docker pull krasn/synackapi```

package/synackAPI/RHINOSPIDER/burpOOS.txt

@@ -0,0 +1,25 @@
+refacing\.homedepot\.com/
+careers\.homedepot\.com/
+(.*\.|)www\.thecompanystore\.com\/*
+(.*\.|)sam-v1\.fit\.homedepot\.com\/*
+(.*\.|)corporate\.homedepot\.com\/*
+(.*\.|)ir\.homedepot\.com\/*
+(.*\.|)thdloan\.greenskycredit\.com\/*
+(.*\.|)careers\.homedepot\.com\/*
+(.*\.|)hdmoving\.com\/*
+(.*\.|)sam-v2\.fit\.homedepot\.com\/*
+(.*\.|)www\.homedepot\.ca\/*
+(.*\.|)refacing\.homedepot\.com\/*
+(.*\.|)www\.homedepot\.com\.mx\/*
+(.*\.|)homedepotmeasures\.com\/*
+(.*\.|)measurecomp\.com\/*
+(.*\.|)ecooptions\.homedepot\.com\/*
+(.*\.|)www\.proreferral\.com\/*
+(.*\.|)citiretailservices\.citibankonline\.com\/*
+(.*\.|)www\.retailservicescommercial\.citi\.com\/*
+(.*\.|)homedepot\.cashstar\.com\/*
+(.*\.|)homedepot\.egifter\.com\/*
+(.*\.|)sam\.fit\.homedepot\.com\/*
+(.*\.|)www\.homedepot\.com\/services\/i\/homedepot-measures-b\/1d547910d\/form\/*
+(.*\.|)www\.blinds\.com\/*
+(.*\.|)www\.thdloanonline\.com\/*

package/synackAPI/RHINOSPIDER/burpScope.txt

@@ -0,0 +1 @@
+(.*\.|)homedepot\.com\/*

package/synackAPI/RHINOSPIDER/scope.txt

@@ -0,0 +1 @@
+homedepot.com/*

package/synackAPI/bot.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+from synack import synack
+import time
+
+
+###### PLEASE READ THIS FIRST #####
+## This is the URL you must read ##
+## before using a bot. It gives  ##
+## you the maximum API requests  ##
+## allowed. If you exceed the 5- ##
+## minute maximum, you are at    ##
+## risk for being removed from   ##
+## the platform in its entirety. ##
+##                               ##
+## IT IS ADVISED THAT YOU DO NOT ##
+## POLL MORE THAN ONCE EVERY 10  ##
+## SECONDS!!! PLEASE REVIEW THE  ##
+## HELP CENTER ARTICLE!          ##
+##                               ##
+
+## https://support.synack.com/hc/en-us/articles/1500002201401-Mission-Automation-Throttling-MUST-READ ##
+
+##                               ##
+## YOU ALONE ARE RESPONSIBLE FOR ##
+## MAKING SURE YOU DO NOT EXCEED ##
+## THE MAXIMUM NUMBER OF ALLOWED ##
+## API CALLS OVER THE SPECIFIED  ##
+## PERIOD!                       ##
+###################################
+
+## This is a bare-bones mission ##
+## bot. The sky is the limit on ##
+## what options you want to add ##
+## to it                        ##
+
+
+## pollSleep will sleep for x  ##
+## seconds after polling the   ##
+## API for available missions  ##
+pollSleep = 31
+
+## claimSleep will sleep for y  ##
+## seconds after attempting to  ##
+## claim mission. This is used  ##
+## to prevent hitting the max   ##
+## API requests over any 5 min  ##
+## period.                      ##
+claimSleep = 5
+
+
+## Don't claim missions on the following targets ##
+dontclaim=[]
+
+## Only claim missions on the following ##
+## target types:                        ##
+## "Web Application"                    ##
+## "Reverse Engineering"                ##
+## "Mobile"                             ##
+## "Host"                               ##
+## "Source Code"                        ##
+## "Hardware"                           ##
+assetType = []
+
+s1 = synack()
+s1.getSessionToken()
+while True:
+    time.sleep(pollSleep)
+    missionJson = s1.pollMissions()
+    if len(missionJson) == 0:
+        continue
+    s1.claimMission(missionJson, dontclaim, assetType)
+    time.sleep(claimSleep)

package/synackAPI/checkCerts.py

@@ -0,0 +1,67 @@
+#!/usr/bin/env python3
+import OpenSSL
+import datetime
+import requests
+import ssl
+import socket
+from synack import synack
+
+def process_server_cert(url, port=443, name=None):
+    if name is None:
+        name = url
+    process_cert(name, ssl.get_server_certificate((url, port)))
+
+def process_cert(name, cert):
+    try:
+        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
+        exp_date = datetime.datetime.strptime(x509.get_notAfter().decode(), '%Y%m%d%H%M%SZ')
+        now = datetime.datetime.now()
+        
+        exp_days = (exp_date-now).days
+        print(f'{name}: Expires {exp_date.strftime("%Y-%m-%d")} ({exp_days} days)')
+        
+        if exp_days <= 14:
+            print('****************************************************************')
+            print(f'WARNING: {name} is expiring soon! Send Synack a support ticket!')
+            print('****************************************************************')
+    except Exception as err:
+        print(f"Could not retrieve {name}: {err}")
+
+# Platform
+process_server_cert('platform.synack.com')
+
+# LP CA cert
+process_cert('CA cert', requests.get("https://storage.googleapis.com/wolfacid-prod-public/ca-root.cer").content)
+
+# LP Test
+process_server_cert('synack-launchpoint-test.com')
+
+# LP+
+process_server_cert('amberjack.synack-lp.com')
+
+# TuPoC
+process_server_cert('x1.pe')
+
+# ¯\_(ツ)_/¯
+process_server_cert('boss.synack.com')
+process_server_cert('client.synack.com')
+process_server_cert('login.synack.com')
+process_server_cert('acropolis.synack.com')
+process_server_cert('gladiolus.synack.com')
+
+# OpenVPN LP Cert
+try:
+    s1 = synack()
+    s1.gecko=False
+    s1.getSessionToken()
+    lp_creds = s1.getLPCredentials()
+    ovpn_file = lp_creds["openvpn_file"]
+
+    cert_start = ovpn_file.index(b"-----BEGIN CERTIFICATE-----")
+    cert_end = ovpn_file.index(b"-----END CERTIFICATE-----") + len(b"-----END CERTIFICATE-----")
+    cert = ovpn_file[cert_start:cert_end]
+    process_cert('OpenVPN LP cert', cert)
+    
+except Exception as err:
+    print(f"Could not obtain LP OpenVPN credentials: {err}")
+

package/synackAPI/connect.py

@@ -0,0 +1,9 @@
+#!/usr/bin/env python3
+from synack import synack
+import sys
+
+s1 = synack()
+s1.headless = False
+s1.configFile = "~/.synack/synack.conf"
+s1.connectToPlatform()
+s1.getSessionToken()

package/synackAPI/currentTarget

@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+from synack import synack
+
+s1 = synack()
+s1.gecko = False
+s1.getSessionToken()
+s1.getAllTargets()
+response = s1.try_requests("GET", "https://platform.synack.com/api/launchpoint", 10)
+jsonResponse=response.json()
+status = jsonResponse['status']
+if 'slug' in jsonResponse:
+    currentTarget = s1.getCodenameFromSlug(jsonResponse['slug'])
+    futureTarget = s1.getCodenameFromSlug(jsonResponse['pending_slug'])
+else:
+    print("Not connected")
+if currentTarget == None:
+    print("Not connected")
+if(status != "connected"):
+    print("Not connected to target.")
+else:
+    if(futureTarget != None):
+        print("Disconnecteding from "+currentTarget+" and connecting to "+futureTarget+".")
+    else:
+        print("Connected to "+currentTarget+".")

package/synackAPI/getAnalytics.py

@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+from synack import synack
+import psycopg2
+import subprocess
+import sys
+
+n = len(sys.argv)
+s1 = synack()
+
+def connect():
+    s1.getSessionToken()
+    s1.registerAll()
+    s1.getAllTargets()
+
+def analytics(codename):
+    print(codename)
+    analytics = s1.getAnalytics(codename)
+    analyticsList = []
+    for k in range(len(analytics)):
+        analyticsList.append(analytics[k])
+    with open(codename+"_analytics.txt", mode='wt', encoding='utf-8') as myfile1:
+        print(analyticsList)
+        myfile1.write('\n'.join(map(str,analyticsList)))
+
+
+if n > 1:
+    category = "Host"
+    connect()
+    codenames = s1.getCodenames(category)
+    codename = sys.argv[1]
+    analytics(codename)
+elif n > 2:
+    category = sys.argv[2]
+    connect()
+    codenames = s1.getCodenames(category)
+    codename = sys.argv[1]
+    analytics(codename)
+else:
+    print("Usage: %s target category" % (sys.argv[0]))

package/synackAPI/getHydra.py

@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+
+from synack import synack
+import os
+import sys
+
+def hydraOutput(codename):
+    jsonResponse = s1.getHydra(codename)
+    hydraOut = list()
+    for i in range(len(jsonResponse)):
+        keys = list(jsonResponse[i]['ports'].keys())
+        for j in range(len(keys)):
+            portKeys = list(jsonResponse[i]['ports'][keys[j]])
+            for k in range(len(portKeys)):
+                if len(jsonResponse[i]['ports'][keys[j]][portKeys[k]]) > 0:
+                    if "synack" in jsonResponse[i]['ports'][keys[j]][portKeys[k]]:
+                        if "cpe" in jsonResponse[i]['ports'][keys[j]][portKeys[k]]['synack']:
+                            if "parsed" in jsonResponse[i]['ports'][keys[j]][portKeys[k]]['synack']['cpe']:
+                                if jsonResponse[i]['ports'][keys[j]][portKeys[k]]['synack']['cpe']['parsed'] != "":
+                                    hydraOut.append(jsonResponse[i]['ip']+","+keys[j]+","+portKeys[k]+","+jsonResponse[i]['ports'][keys[j]][portKeys[k]]['synack']['cpe']['parsed'])
+                                else:
+                                    hydraOut.append(jsonResponse[i]['ip']+","+keys[j]+","+portKeys[k]+",''")
+    return hydraOut
+
+s1 = synack()
+s1.gecko = False
+s1.getSessionToken()
+s1.getAllTargets()
+args = len(sys.argv)
+if args == 2:
+    codename = str(sys.argv[1].lower())
+    output = hydraOutput(codename)
+    with open("hydra.out", 'a') as out:
+        out.write('\n'.join(output))
+if args > 2:
+    sys.exit()
+if args == 1:
+    codenames = s1.getCodenames("host")
+    for codename in codenames:
+        print(codename)
+        targetPath = "./"+codename.upper()+"/"
+        if os.path.isdir(targetPath) == False:
+            os.mkdir(targetPath)
+        output = hydraOutput(codename)
+        with open(targetPath+"hydra.txt", 'a') as out:
+            out.write('\n'.join(output))

package/synackAPI/getPayouts.py

@@ -0,0 +1,11 @@
+#!/usr/bin/env python3
+
+from synack import synack
+
+s1 = synack()
+s1.gecko = False
+s1.getSessionToken()
+
+payouts = s1.getTransactions()
+for i in range(len(payouts)):
+    print(payouts[i])

package/synackAPI/getscope.py

@@ -0,0 +1,123 @@
+#!/usr/bin/env python3
+
+from synack import synack
+import subprocess
+import os
+import sys
+
+s1 = synack()
+s1.gecko=False
+s1.getSessionToken()
+s1.getAllTargets()
+args = len(sys.argv)
+arg_1 = str(sys.argv[1].lower())
+
+if arg_1 == "web":
+    category = "Web Application"
+    codenames = s1.getCodenames(category)
+elif arg_1 == "host":
+    category = "Host"
+    codenames = s1.getCodenames(category)
+elif arg_1 == "mobile":
+    category = "mobile"
+    codenames = s1.getCodenames(category)
+elif arg_1 == "re":
+    category = "reverse engineering"
+    codenames = s1.getCodenames(category)
+elif arg_1 == "hardware":
+    category = "hardware"
+    codenames = s1.getCodenames(category)
+elif arg_1 == "sc":
+    category = "source code"
+    codenames = s1.getCodenames(category)
+else:
+    codenames = [arg_1]
+    category = s1.getCategory(codenames[0])
+
+
+if category == "Host":
+    for i in range(len(codenames)):
+        codename = codenames[i]
+        print(codename)
+        cidrs = s1.getScope(codename)
+        ips = s1.getIPs(cidrs)
+        targetPath = "./"+codename.upper()+"/"
+        if os.path.isdir(targetPath) == False:
+            os.mkdir(targetPath)
+        filePath = "./"+codename.upper()+"/scope.txt"
+        if os.path.exists(filePath):
+            os.remove(filePath)
+        with open('./'+codename.upper()+'/scope.txt', mode='wt', encoding='utf-8') as myfile:
+            myfile.write('\n'.join(ips))
+            myfile.write('\n')
+
+if category == "Web Application":
+    for i in range(len(codenames)):
+        print(codenames[i])
+        tupleList = set()
+        oosTupleList = set()
+        burpSet = set()
+        oosBurpSet = set()
+        codename = codenames[i]
+        scope,oos = s1.getScope(codename)
+
+        wildcardRegex = "(.*\.|)"
+
+        for j in range(len(scope)):
+            scheme = scope[j]['scheme']
+            netloc = scope[j]['netloc']
+            path = scope[j]['netloc']
+            port = scope[j]['port']
+            wildcard = scope[j]['wildcard']
+            path = scope[j]['path']
+            netloc = netloc+path
+#            tupleList.add(netloc)
+            print(netloc)
+            if wildcard == True:
+                tupleList.add(netloc)
+                burpStr = netloc.replace('.','\.')
+                burpStr = burpStr.replace('/','\/')
+                burpSet.add(wildcardRegex + burpStr)
+            else:
+                tupleList.add(netloc)
+                burpStr = netloc.replace('.','\.')
+                burpStr = burpStr.replace('/','\/')
+                burpSet.add(burpStr)
+
+        for k in range(len(oos)):
+            scheme = oos[k]['scheme']
+            netloc = oos[k]['netloc']
+            path = oos[k]['netloc']
+            port = oos[k]['port']
+            wildcard = oos[k]['wildcard']
+            path = oos[k]['path']
+            netloc = netloc + path
+            oosTupleList.add(netloc)
+            if wildcard == True:
+                oosTupleList.add(netloc)
+                oosBurpStr = netloc.replace('.','\.')
+                oosBurpStr = oosBurpStr.replace('/','\/')
+                oosBurpSet.add(wildcardRegex + oosBurpStr)
+            else:
+                oosBurpStr = netloc.replace('.','\.')
+                oosBurpStr = oosBurpStr.replace('/','\/')
+                oosTupleList.add(netloc)
+                oosBurpSet.add(netloc.replace('.','\.'))
+        scopeList = list(tupleList)
+        burpList = list(burpSet)
+        oosBurpList = list(oosBurpSet)
+        targetPath = "./"+codename.upper()+"/"
+        if os.path.isdir(targetPath) == False:
+            os.mkdir(targetPath)
+        filePath = "./"+codename.upper()+"/scope.txt"
+        if os.path.exists(filePath):
+            os.remove(filePath)
+        with open('./'+codename.upper()+'/scope.txt', mode='wt', encoding='utf-8') as myfile:
+            myfile.write('\n'.join(scopeList))
+            myfile.write('\n')
+        with open('./'+codename.upper()+'/burpScope.txt', mode='wt', encoding='utf-8') as myfile:
+            myfile.write('\n'.join(burpList))
+            myfile.write('\n')
+        with open('./'+codename.upper()+'/burpOOS.txt', mode='wt', encoding='utf-8') as myfile:
+            myfile.write('\n'.join(oosBurpList))
+            myfile.write('\n')