Skip to content
/ hackerone-to-threadfix Public

A quick tool for performing an export of your HackerOne program reports to ThreadFix

License

GPL-3.0 license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

whiskeykilo/hackerone-to-threadfix

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hackerone2threadfix.py
hackerone2threadfix.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

hackerone-to-threadfix

This script enables a quick, API-based export from HackerOne to a compatible .csv format for fast upload to ThreadFix.

HackerOne offers the ability to quickly export reports from a program via its API. This script takes HackerOne program data and converts it to a format that can be ingested by ThreadFix via their SSVL Converter tool.

This tool is not supported or endorsed by HackerOne.

Installation

Python 3 recommended.

Dependencies

These dependencies can optinally be installed using the requirements file:

sudo pip install -r requirements.txt

Clone Repo

git clone https://github.com/whisk3ykilo/hackerone2threadfix.git

or just grab the python file

API Authentication

  1. Make sure you've created a HackerOne API token according to the instructions here
  2. Add your HackerOne credentials as OS environment variables
    • the identifier as "H1_IDENTIFIER"
    • the token as "H1_TOKEN"

Usage

For all options and instructions run: python hackerone2threadfix.py -h

Reference Documentation

HackerOne

ThreadFix: SSVL Converter tool can be used with mappings and changes specified below

Field Mapping

SSVL Field H1 API Equivalent Field Modification to H1 Field
Severity data.relationships.severity.data.attributes.rating capitalize first letter of values. SSLV converter doesn’t accept 'none' as a severity value in this column so replace 'None' with 'Info'
CWE data.relationships.weakness.data.attributes.external_id trim “cwe-“ off the front
Source none value for all reports should be 'HackerOne'
url none build from 'https://hackerone.com/reports/' + data.id
parameter none leave blank
NativeID data.id none
ShortDescription data.attributes.title none
LongDescription data.attributes.vulnerability_information none
IssueID none leave blank
Date data.attributes.created_at comes in as ISO 8601. change date format to dd/mm/yyyy
SourceFileName none leave blank
LineNumber none SSVL converter expects this column to have a value since the input type is integer, otherwise it throws an exception. Value for all reports can be '1'
ColumnNumber none SSVL converter expects this column to have a value since the input type is integer, otherwise it throws an exception. Value for all reports can be '1'
LineText none leave blank

About

A quick tool for performing an export of your HackerOne program reports to ThreadFix

Topics

api converts threadfix hackerone ssvl-converter

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

4 forks
Report repository

Contributors 2

  •  
  •  

Languages