• Stars
    star
    440
  • Rank 99,050 (Top 2 %)
  • Language
    Shell
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)

bountyplz – automated security reporting from markdown templates

description

This is a project created by Frans Rosén. The idea is to be able to submit a report without any interaction. It's taking advantage of all features the existing site has, such as attachments, inline images, assets, weaknesses and severity.

bountyplz supports submitting to HackerOne and Bugcrowd.

bountyplz will sign in to HackerOne or Bugcrowd and keep the session, create a draft and submit the report, all in one step. It also supports 2FA, if this is enabled on your HackerOne- or Bugcrowd-account.

HackerOne:

Bugcrowd:

install

brew install jq
brew install gnu-sed
brew install coreutils

ln -fs "$(pwd)/bountyplz" /usr/local/bin/bountyplz

usage HackerOne h1

Place .env with HACKERONE_USERNAME and HACKERONE_PASSWORD next to the binary.

bountyplz h1 <program> <markdown-file>

-p for preview
-d for draft-only
-f for force

usage Bugcrowd bc

Place .env with BUGCROWD_USERNAME and BUGCROWD_PASSWORD next to the binary.

bountyplz bc <program> <markdown-file>

-p for preview
-d for draft-only (will upload files but not save any draft as this is currently not supported on Bugcrowd)
-f for force

howto

Write report in markdown, use frontmatter for attributes for the report. The title of the report will be taken from the content's first #-header.

---
severity: high
weakness: xss reflected
asset: example.com
---

# Report title

Report description

The following attributes are currently supported:

key type desc
asset string will be matched against the list of assets for the program
weakness string will be matched against the list of weaknesses for the program.
attachments json-array list of files that should be attached. ["test.jpg","test2.jpg"]
if images and videos are used inline, these does not need to be in this list
url string bug URL (BugCrowd only, not required)
severity string none, low, medium, high, crical (HackerOne only)

When the report is submitted, an additional report-attribute will be added to the markdown with the reference URL for the report. This is to make sure the same report is not submitted twice.

asset and weakness will try to match against the list of available options. If multiple results are found, a list will be shown to select the right one:

impact

For HackerOne, if any header with the word impact exist in the report, the report will be split in half and the content after Impact will be inserted in the Impact-field. If no Impact exists in the report, the Impact field will only contain a # rendering it empty.

---
asset: example.com
---

# Report title

Report description

### impact

This will be in the impact field.

For Bugcrowd, the whole report will be inside the Description-field.

inline attachments

When referring to images or videos inside the report, use this format: <img upload src="x.jpg" />

Every image or video element containing <img|video upload will be extracted from the report and uploaded automatically. The location of the file referenced will always be relative to the markdown-file, and the preview before submitting will make sure all files exists.

preview -p

You can preview the report before sending it using:

bountyplz h1 yahoo -p test/report1.md

This will not submit the report, but show you how the report was parsed.

draft-only -d

You can submit the report as a draft only using:

bountyplz h1 yahoo -d test/report1.md

Please note that Asset and Severity are not currently possible to save in the draft on HackerOne.

force -f

Whenever a file has been reported, the markdown-file is being modified to add a reference to the report-URL inside the frontmatter called report: URL. This is to prevent the report from being submitted again. By using -f you can force the report to be submitted, even if it has a report:-entry in the frontmatter. Use with caution to prevent duplicate reports.

batch

This command will run all markdown files and report them. If a report already has a "report: "-reference in it, the report will not be sent.

find . -name "*.md" \( -exec bountyplz h1 <program> {} \; -o -quit \)

More Repositories

1

postMessage-tracker

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
JavaScript
1,006
star
2

template-generator

A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates.
JavaScript
248
star
3

unpack-burp

For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)
PHP
49
star
4

bountytpl

bountytpl – template generator cli. By using a template similar to the ones for Template Generator (https://github.com/fransr/template-generator) you can combine it with a JSON to produce a proper report.
Shell
45
star
5

hot-jar-swapping-urlclassloader

Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
Java
30
star
6

detectify-cli

Detectify API v2 CLI using bash
Shell
6
star
7

WSDL-Viewer-for-PHP

Used to get a visible overview of a WSDL service. The class will also show a test request/response built up according to the spec.
PHP
6
star
8

epl2html-render

Will render an EPL in simple HTML. good for creating EPLs
PHP
5
star
9

posten-mypack-label-pdf

Generating a MyPack-label PDF using TCPDF
PHP
2
star
10

test111

HTML
2
star
11

Time-Register

AIR application doing time reporting using Google Calendar API
2
star
12

YS-Filter

Fast javascript filter that collects information about products and creates a filtering options out of them.
2
star
13

li-shortblock

Chrome Extension that adds a shortcut on linkedin to block users from the feed-view
JavaScript
2
star
14

heroku-buildpack-letsencrypt

Shell
1
star
15

.well-known

1
star
16

test123

HTML
1
star
17

heroku-buildpack-s3

Shell
1
star