From 4b494cdd76df00ed9a8818068f47d78ba04df445 Mon Sep 17 00:00:00 2001 From: Daniel Antonsen <44880186+root4loot@users.noreply.github.com> Date: Thu, 12 Dec 2024 14:20:01 +0100 Subject: [PATCH] Remove support for hackenproof due to WAF restrictions --- .github/workflows/test-hackenproof.yml | 27 ---- README.md | 4 - cmd/main.go | 3 - cmd/main_test.go | 1 - pkg/bugbounty/hackenproof/hackenproof.go | 134 ------------------ pkg/bugbounty/hackenproof/hackenproof_test.go | 90 ------------ pkg/rescope/rescope.go | 31 ++-- 7 files changed, 13 insertions(+), 277 deletions(-) delete mode 100644 .github/workflows/test-hackenproof.yml delete mode 100644 pkg/bugbounty/hackenproof/hackenproof.go delete mode 100644 pkg/bugbounty/hackenproof/hackenproof_test.go diff --git a/.github/workflows/test-hackenproof.yml b/.github/workflows/test-hackenproof.yml deleted file mode 100644 index 1acbef6..0000000 --- a/.github/workflows/test-hackenproof.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: HackenProof - -on: - push: - branches: - - main - schedule: - - cron: "0 8 * * *" - -jobs: - test: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: "1.23" - - - name: Install Dependencies - run: go mod download - - - name: Run HackenProof Tests - run: go test -v ./pkg/bugbounty/hackenproof/... diff --git a/README.md b/README.md index 2b87664..0bfe4cd 100644 --- a/README.md +++ b/README.md @@ -20,9 +20,6 @@ YesWeHack - - HackenProof - @@ -67,7 +64,6 @@ OUTPUT FILTER: AUTHORIZATION: --auth-bugcrowd bugcrowd secret (_bugcrowd_session=cookie.value) [Optional] - --auth-hackenproof hackenproof secret (_hackenproof_session=cookie.value) [Optional] --auth-hackerone hackerone secret (Authorization bearer token) [Optional] --auth-yeswehack yeswehack secret (Authorization bearer token) [Optional] --auth-intigriti intigriti secret (see https://app.intigriti.com/researcher/personal-access-tokens) [Optional] diff --git a/cmd/main.go b/cmd/main.go index cab58af..7f9641b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -76,7 +76,6 @@ OUTPUT FILTER: AUTHORIZATION: --auth-bugcrowd bugcrowd secret (_bugcrowd_session=cookie.value) [Optional] - --auth-hackenproof hackenproof secret (_hackenproof_session=cookie.value) [Optional] --auth-hackerone hackerone secret (Authorization bearer token) [Optional] --auth-yeswehack yeswehack secret (Authorization bearer token) [Optional] --auth-intigriti intigriti secret (see https://app.intigriti.com/researcher/personal-access-tokens) [Optional] @@ -100,7 +99,6 @@ func parseCLI() ([]string, *CLI, error) { flag.StringVar(&cli.TokenIntigriti, "auth-intigriti", "", "") flag.StringVar(&cli.TokenYesWeHack, "auth-yeswehack", "", "") flag.StringVar(&cli.TokenBugCrowd, "auth-bugcrowd", "", "") - flag.StringVar(&cli.TokenBugCrowd, "auth-hackenproof", "", "") flag.StringVar(&cli.OutputFile, "oF", "", "") flag.StringVar(&cli.OutputFile, "output-file", "", "") flag.BoolVar(&cli.OutputText, "oT", false, "") @@ -669,7 +667,6 @@ func (cli *CLI) setAuthTokens(opts *rescope.Options) { opts.AuthIntigriti = cli.TokenIntigriti opts.AuthYesWeHack = cli.TokenYesWeHack opts.AuthBugcrowd = cli.TokenBugCrowd - opts.AuthHackenProof = cli.TokenBugCrowd if cli.Debug { opts.Debug = true diff --git a/cmd/main_test.go b/cmd/main_test.go index 5bbe114..84c727a 100644 --- a/cmd/main_test.go +++ b/cmd/main_test.go @@ -71,7 +71,6 @@ func TestInvalidFlags(t *testing.T) { fs.String("auth-intigriti", "", "") fs.String("auth-yeswehack", "", "") fs.String("auth-bugcrowd", "", "") - fs.String("auth-hackenproof", "", "") fs.String("output-file", "", "") fs.Bool("output-text", false, "") fs.Bool("output-burp", false, "") diff --git a/pkg/bugbounty/hackenproof/hackenproof.go b/pkg/bugbounty/hackenproof/hackenproof.go deleted file mode 100644 index c716d36..0000000 --- a/pkg/bugbounty/hackenproof/hackenproof.go +++ /dev/null @@ -1,134 +0,0 @@ -package hackenproof - -import ( - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - - "github.com/root4loot/goutils/log" - "github.com/root4loot/goutils/sliceutil" - "github.com/root4loot/rescope/pkg/common" -) - -type HackenProof struct { - Result common.Result `json:"Result"` - Auth string // cookie: _hackenproof_session -} - -type ScopeDetails struct { - Type string `json:"type"` - Target string `json:"target"` - TargetDescription string `json:"target_description"` - Severity string `json:"severity"` - RewardType string `json:"reward_type"` - OutOfScope bool `json:"out_of_scope"` -} - -type ProgramData struct { - Scopes []ScopeDetails `json:"scopes"` -} - -func (i *HackenProof) Run(programURL string, client *http.Client) (*common.Result, error) { - parsedURL, err := i.ParseURL(programURL) - if err != nil { - return nil, err - } - - i.Result.ProgramDetails = *parsedURL - - req, err := http.NewRequest("POST", parsedURL.InputURL, nil) - if err != nil { - return nil, err - } - - req.Header.Set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36") - req.Header.Set("Referer", "https://hackenproof.com/bug-bounty-programs-list") - - if i.Auth != "" { - req.Header.Add("Cookie", "_hackenproof_session="+i.Auth) - } - - if client == nil { - client = &http.Client{} - } - - resp, err := client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - log.Debugf("HackenProof: Received response with status code %d and body: %s", resp.StatusCode, string(body)) - - if resp.StatusCode != 200 { - return nil, fmt.Errorf("bad response status: %s", resp.Status) - } - - var programData ProgramData - err = json.Unmarshal(body, &programData) - if err != nil { - return nil, err - } - - for _, scope := range programData.Scopes { - if strings.ToLower(scope.Target) == "" { - continue - } - if scope.OutOfScope { - i.Result.OutScope = sliceutil.AppendUnique(i.Result.OutScope, strings.ToLower(scope.Target)) - } else { - i.Result.InScope = sliceutil.AppendUnique(i.Result.InScope, strings.ToLower(scope.Target)) - } - } - - return &i.Result, nil -} - -func (b *HackenProof) ParseURL(rawURL string) (*common.BugBountyProgram, error) { - parsedURL, err := url.Parse(rawURL) - if err != nil { - return nil, fmt.Errorf("failed to parse URL: %w", err) - } - - if parsedURL.Hostname() != "hackenproof.com" { - return nil, fmt.Errorf("invalid domain: %s", parsedURL.Hostname()) - } - - if !strings.HasPrefix(parsedURL.Path, "/bug-bounty-programs-list") { - parsedURL.Path = "/bug-bounty-programs-list" + parsedURL.Path - } - - pathParts := strings.Split(strings.Trim(parsedURL.Path, "/"), "/") - - if len(pathParts) != 2 || pathParts[1] == "" { - return nil, fmt.Errorf("invalid program path in URL: %s", parsedURL.Path) - } - - programName := pathParts[1] - - program := &common.BugBountyProgram{ - InputURL: parsedURL.String(), - Platform: "HackenProof", - ProgramName: programName, - Business: programName, - PolicyURL: "https://" + parsedURL.Hostname() + "bug-bounty-programs-list/" + programName, - } - - return program, nil -} - -func (i *HackenProof) Serialize() (string, error) { - jsonData, err := json.Marshal(i.Result) - if err != nil { - return "", fmt.Errorf("failed to serialize Result: %w", err) - } - return string(jsonData), nil -} diff --git a/pkg/bugbounty/hackenproof/hackenproof_test.go b/pkg/bugbounty/hackenproof/hackenproof_test.go deleted file mode 100644 index 7be7ac5..0000000 --- a/pkg/bugbounty/hackenproof/hackenproof_test.go +++ /dev/null @@ -1,90 +0,0 @@ -package hackenproof - -import ( - "net/http" - "testing" - - "github.com/root4loot/rescope/pkg/common" -) - -var platform = HackenProof{} - -func TestRun(t *testing.T) { - url := "https://hackenproof.com/bug-bounty-programs-list/internet-computer-protocol" - client := &http.Client{} - - Result, err := platform.Run(url, client) - if err != nil { - t.Fatalf("expected no error, got %v", err) - } - if Result == nil { - t.Fatalf("expected a valid Result, got nil") - } - - foundInScope := false - for _, scope := range platform.Result.InScope { - if scope == "boundary.ic0.app" { - foundInScope = true - break - } - } - - if !foundInScope { - t.Fatalf("expected boundary.ic0.app in scope, got %v", platform.Result.InScope) - } -} - -func TestParseURL(t *testing.T) { - tests := []struct { - inputURL string - expectedError bool - expectedURL *common.BugBountyProgram - }{ - { - inputURL: "https://hackenproof.com/internet-computer-protocol", - expectedError: false, - expectedURL: &common.BugBountyProgram{ - Platform: "HackenProof", - Business: "internet-computer-protocol", - ProgramName: "internet-computer-protocol", - }, - }, - { - inputURL: "https://hackenproof.com/bug-bounty-programs-list/internet-computer-protocol", - expectedError: false, - expectedURL: &common.BugBountyProgram{ - Platform: "HackenProof", - Business: "internet-computer-protocol", - ProgramName: "internet-computer-protocol", - }, - }, - { - inputURL: "https://invalidsite.com/internet-computer-protocol", - expectedError: true, - expectedURL: nil, - }, - { - inputURL: "https://hackenproof.com/invalid/url/structure", - expectedError: true, - expectedURL: nil, - }, - } - - for _, test := range tests { - parsedURL, err := platform.ParseURL(test.inputURL) - if test.expectedError { - if err == nil { - t.Fatalf("expected an error for URL %s, but got none", test.inputURL) - } - } else { - if err != nil { - t.Fatalf("did not expect an error for URL %s, but got: %v", test.inputURL, err) - } - if parsedURL.Platform != test.expectedURL.Platform || - parsedURL.Business != test.expectedURL.Business || - parsedURL.ProgramName != test.expectedURL.ProgramName { - t.Fatalf("expected parsed URL %v, but got %v", test.expectedURL, parsedURL) - } - } - } -} diff --git a/pkg/rescope/rescope.go b/pkg/rescope/rescope.go index 9ef1a5a..9c5d85f 100644 --- a/pkg/rescope/rescope.go +++ b/pkg/rescope/rescope.go @@ -11,7 +11,6 @@ import ( "github.com/root4loot/goutils/log" "github.com/root4loot/rescope/pkg/bugbounty/bugcrowd" - "github.com/root4loot/rescope/pkg/bugbounty/hackenproof" "github.com/root4loot/rescope/pkg/bugbounty/hackerone" "github.com/root4loot/rescope/pkg/bugbounty/intigriti" "github.com/root4loot/rescope/pkg/bugbounty/yeswehack" @@ -29,24 +28,22 @@ type BugBountyProgram interface { } type Options struct { - Client *http.Client - AuthHackerOne string - AuthIntigriti string - AuthBugcrowd string - AuthHackenProof string - AuthYesWeHack string - Debug bool + Client *http.Client + AuthHackerOne string + AuthIntigriti string + AuthBugcrowd string + AuthYesWeHack string + Debug bool } func DefaultOptions() *Options { return &Options{ - Client: &http.Client{}, - AuthHackerOne: "", - AuthIntigriti: "", - AuthBugcrowd: "", - AuthHackenProof: "", - AuthYesWeHack: "", - Debug: false, + Client: &http.Client{}, + AuthHackerOne: "", + AuthIntigriti: "", + AuthBugcrowd: "", + AuthYesWeHack: "", + Debug: false, } } @@ -83,7 +80,7 @@ func IsBugBountyURL(bugbountyURL string) bool { rootDomain := domainutil.GetRootDomain(u.Hostname()) switch rootDomain { - case "intigriti.com", "hackerone.com", "yeswehack.com", "bugcrowd.com", "hackenproof.com": + case "intigriti.com", "hackerone.com", "yeswehack.com", "bugcrowd.com": return true default: return false @@ -107,8 +104,6 @@ func IdentifyPlatform(bugbountyURL string, options *Options) (BugBountyProgram, return &yeswehack.YesWeHack{Auth: options.AuthYesWeHack}, nil case "bugcrowd.com": return &bugcrowd.Bugcrowd{Auth: options.AuthBugcrowd}, nil - case "hackenproof.com": - return &hackenproof.HackenProof{Auth: options.AuthHackenProof}, nil default: return nil, fmt.Errorf("unsupported bug bounty platform for URL: %s", bugbountyURL) }