Remove support for hackenproof due to WAF restrictions

root4loot · Dec 12, 2024 · 4b494cd · 4b494cd
1 parent f211a7b
commit 4b494cd
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 277 deletions.
diff --git a/.github/workflows/test-hackenproof.yml b/.github/workflows/test-hackenproof.yml
diff --git a/README.md b/README.md
@@ -20,9 +20,6 @@
   <a href="https://github.com/root4loot/rescope/actions/workflows/test-yeswehack.yml">
     <img src="https://github.com/root4loot/rescope/actions/workflows/test-yeswehack.yml/badge.svg" alt="YesWeHack" style="margin: 10px;"/>
   </a>
-  <a href="https://github.com/root4loot/rescope/actions/workflows/test-hackenproof.yml">
-    <img src="https://github.com/root4loot/rescope/actions/workflows/test-hackenproof.yml/badge.svg" alt="HackenProof" style="margin: 10px;"/>
-  </a>
 </div>
 
 
@@ -67,7 +64,6 @@ OUTPUT FILTER:
 
 AUTHORIZATION:
   --auth-bugcrowd             bugcrowd secret    (_bugcrowd_session=cookie.value) [Optional]
-  --auth-hackenproof          hackenproof secret (_hackenproof_session=cookie.value) [Optional]
   --auth-hackerone            hackerone secret   (Authorization bearer token) [Optional]
   --auth-yeswehack            yeswehack secret   (Authorization bearer token) [Optional]
   --auth-intigriti            intigriti secret   (see https://app.intigriti.com/researcher/personal-access-tokens) [Optional]

diff --git a/cmd/main.go b/cmd/main.go
@@ -76,7 +76,6 @@ OUTPUT FILTER:
 
 AUTHORIZATION:
   --auth-bugcrowd             bugcrowd secret    (_bugcrowd_session=cookie.value) [Optional]
-  --auth-hackenproof          hackenproof secret (_hackenproof_session=cookie.value) [Optional]
   --auth-hackerone            hackerone secret   (Authorization bearer token) [Optional]
   --auth-yeswehack            yeswehack secret   (Authorization bearer token) [Optional]
   --auth-intigriti            intigriti secret   (see https://app.intigriti.com/researcher/personal-access-tokens) [Optional]
@@ -100,7 +99,6 @@ func parseCLI() ([]string, *CLI, error) {
 	flag.StringVar(&cli.TokenIntigriti, "auth-intigriti", "", "")
 	flag.StringVar(&cli.TokenYesWeHack, "auth-yeswehack", "", "")
 	flag.StringVar(&cli.TokenBugCrowd, "auth-bugcrowd", "", "")
-	flag.StringVar(&cli.TokenBugCrowd, "auth-hackenproof", "", "")
 	flag.StringVar(&cli.OutputFile, "oF", "", "")
 	flag.StringVar(&cli.OutputFile, "output-file", "", "")
 	flag.BoolVar(&cli.OutputText, "oT", false, "")
@@ -669,7 +667,6 @@ func (cli *CLI) setAuthTokens(opts *rescope.Options) {
 	opts.AuthIntigriti = cli.TokenIntigriti
 	opts.AuthYesWeHack = cli.TokenYesWeHack
 	opts.AuthBugcrowd = cli.TokenBugCrowd
-	opts.AuthHackenProof = cli.TokenBugCrowd
 
 	if cli.Debug {
 		opts.Debug = true

diff --git a/cmd/main_test.go b/cmd/main_test.go
@@ -71,7 +71,6 @@ func TestInvalidFlags(t *testing.T) {
 	fs.String("auth-intigriti", "", "")
 	fs.String("auth-yeswehack", "", "")
 	fs.String("auth-bugcrowd", "", "")
-	fs.String("auth-hackenproof", "", "")
 	fs.String("output-file", "", "")
 	fs.Bool("output-text", false, "")
 	fs.Bool("output-burp", false, "")

diff --git a/pkg/bugbounty/hackenproof/hackenproof.go b/pkg/bugbounty/hackenproof/hackenproof.go
diff --git a/pkg/bugbounty/hackenproof/hackenproof_test.go b/pkg/bugbounty/hackenproof/hackenproof_test.go
diff --git a/pkg/rescope/rescope.go b/pkg/rescope/rescope.go
@@ -11,7 +11,6 @@ import (
 	"github.com/root4loot/goutils/log"
 
 	"github.com/root4loot/rescope/pkg/bugbounty/bugcrowd"
-	"github.com/root4loot/rescope/pkg/bugbounty/hackenproof"
 	"github.com/root4loot/rescope/pkg/bugbounty/hackerone"
 	"github.com/root4loot/rescope/pkg/bugbounty/intigriti"
 	"github.com/root4loot/rescope/pkg/bugbounty/yeswehack"
@@ -29,24 +28,22 @@ type BugBountyProgram interface {
 }
 
 type Options struct {
-	Client          *http.Client
-	AuthHackerOne   string
-	AuthIntigriti   string
-	AuthBugcrowd    string
-	AuthHackenProof string
-	AuthYesWeHack   string
-	Debug           bool
+	Client        *http.Client
+	AuthHackerOne string
+	AuthIntigriti string
+	AuthBugcrowd  string
+	AuthYesWeHack string
+	Debug         bool
 }
 
 func DefaultOptions() *Options {
 	return &Options{
-		Client:          &http.Client{},
-		AuthHackerOne:   "",
-		AuthIntigriti:   "",
-		AuthBugcrowd:    "",
-		AuthHackenProof: "",
-		AuthYesWeHack:   "",
-		Debug:           false,
+		Client:        &http.Client{},
+		AuthHackerOne: "",
+		AuthIntigriti: "",
+		AuthBugcrowd:  "",
+		AuthYesWeHack: "",
+		Debug:         false,
 	}
 }
 
@@ -83,7 +80,7 @@ func IsBugBountyURL(bugbountyURL string) bool {
 	rootDomain := domainutil.GetRootDomain(u.Hostname())
 
 	switch rootDomain {
-	case "intigriti.com", "hackerone.com", "yeswehack.com", "bugcrowd.com", "hackenproof.com":
+	case "intigriti.com", "hackerone.com", "yeswehack.com", "bugcrowd.com":
 		return true
 	default:
 		return false
@@ -107,8 +104,6 @@ func IdentifyPlatform(bugbountyURL string, options *Options) (BugBountyProgram,
 		return &yeswehack.YesWeHack{Auth: options.AuthYesWeHack}, nil
 	case "bugcrowd.com":
 		return &bugcrowd.Bugcrowd{Auth: options.AuthBugcrowd}, nil
-	case "hackenproof.com":
-		return &hackenproof.HackenProof{Auth: options.AuthHackenProof}, nil
 	default:
 		return nil, fmt.Errorf("unsupported bug bounty platform for URL: %s", bugbountyURL)
 	}