Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while fetching scope from hackerone programs #12

Closed
matanber opened this issue Sep 17, 2022 · 3 comments
Closed

Error while fetching scope from hackerone programs #12

matanber opened this issue Sep 17, 2022 · 3 comments

Comments

@matanber
Copy link 

#command
rescope -u hackerone.com/hackerone -o burpscope.json

#output
panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
github.com/root4loot/rescope/internal/bbaas/hackerone.Scrape({0x7ffcb7bd6f7d, 0x17})
        /home/hood/.local/share/go/pkg/mod/github.com/root4loot/rescope@v0.0.0-20220215192950-f8a75c01e347/internal/bbaas/hackerone/hackerone.go:57 +0x645
github.com/root4loot/rescope/internal/url.BBaas({0xc000110f10?, 0x1?, 0x9ca7c8?}, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0})
        /home/hood/.local/share/go/pkg/mod/github.com/root4loot/rescope@v0.0.0-20220215192950-f8a75c01e347/internal/url/url.go:60 +0x4a2
main.main()
        /home/hood/.local/share/go/pkg/mod/github.com/root4loot/rescope@v0.0.0-20220215192950-f8a75c01e347/main.go:80 +0xcb

Other BBaaS providers are working for me.
@root4loot
Copy link
Owner

Hi and thank you for reporting this issue. Looks like H1 has implemented CSRF protection on graphql endpoints, preventing rescope from calling them directly. Will look into this

@root4loot root4loot reopened this Oct 6, 2022
@root4loot
Copy link
Owner

6f7a73e should resolve the issue for now. @EnemyTurret can you confirm the fix?

go install github.com/root4loot/rescope@latest

PS: The correct HackerOne scope is hackerone.com/security, not hackerone.com/hackerone

rescope -u hackerone.com/security -o burpscope.json

@matanber
Copy link
Author

matanber commented Oct 8, 2022

The fix is working for me:

rescope -u hackerone.com/security -o burpscope.json

[-] Grabbing targets from hackerone.com/security
 +  https://hackerone.com
 +  https://api.hackerone.com
 +  https://www.hackerone.com
 +  app.pullrequest.com
 +  reviewer.pullrequest.com
 +  ctf.hacker101.com
 +  hackerone-us-west-2-production-attachments.s3-us-west-2.amazonaws.com
 +  a5s.hackerone-ext-content.com
 +  b5s.hackerone-ext-content.com
 +  hackerone-ext-content.com
 +  hackathon-photos.hackerone-user-content.com
 +  cover-photos.hackerone-user-content.com
 +  hackathon-photos-us-east-2.hackerone-user-content.com
 +  profile-photos.hackerone-user-content.com
 +  hackerone-user-content.com
 +  profile-photos-us-east-2.hackerone-user-content.com
 +  cover-photos-us-east-2.hackerone-user-content.com
 +  https://errors.hackerone.net
 +  https://*.hackerone-ext-content.com
 +  https://*.hackerone-user-content.com/
 +  66.232.20.0/23
 +  206.166.248.0/23
 -  https://support.hackerone.com
 -  www.hackeronestatus.com
 -  go.hacker.one
 -  info.hacker.one
 -  ma.hacker.one

[-] Parsing to JSON (Burp Suite)
[✓] Done. Wrote 193247 bytes to burpscope.json

@matanber matanber closed this as completed Oct 8, 2022
@root4loot root4loot mentioned this issue Feb 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@root4loot @matanber