Error while fetching scope from hackerone programs
matanber opened this issue · 3 comments
matanber commented
#command
rescope -u hackerone.com/hackerone -o burpscope.json
#output
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/root4loot/rescope/internal/bbaas/hackerone.Scrape({0x7ffcb7bd6f7d, 0x17})
/home/hood/.local/share/go/pkg/mod/github.com/root4loot/rescope@v0.0.0-20220215192950-f8a75c01e347/internal/bbaas/hackerone/hackerone.go:57 +0x645
github.com/root4loot/rescope/internal/url.BBaas({0xc000110f10?, 0x1?, 0x9ca7c8?}, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0})
/home/hood/.local/share/go/pkg/mod/github.com/root4loot/rescope@v0.0.0-20220215192950-f8a75c01e347/internal/url/url.go:60 +0x4a2
main.main()
/home/hood/.local/share/go/pkg/mod/github.com/root4loot/rescope@v0.0.0-20220215192950-f8a75c01e347/main.go:80 +0xcb
Other BBaaS providers are working for me.
root4loot commented
Hi and thank you for reporting this issue. Looks like H1 has implemented CSRF protection on graphql endpoints, preventing rescope from calling them directly. Will look into this
root4loot commented
6f7a73e should resolve the issue for now. @EnemyTurret can you confirm the fix?
go install github.com/root4loot/rescope@latest
PS: The correct HackerOne scope is hackerone.com/security
, not hackerone.com/hackerone
rescope -u hackerone.com/security -o burpscope.json
matanber commented
The fix is working for me:
rescope -u hackerone.com/security -o burpscope.json
[-] Grabbing targets from hackerone.com/security
+ https://hackerone.com
+ https://api.hackerone.com
+ https://www.hackerone.com
+ app.pullrequest.com
+ reviewer.pullrequest.com
+ ctf.hacker101.com
+ hackerone-us-west-2-production-attachments.s3-us-west-2.amazonaws.com
+ a5s.hackerone-ext-content.com
+ b5s.hackerone-ext-content.com
+ hackerone-ext-content.com
+ hackathon-photos.hackerone-user-content.com
+ cover-photos.hackerone-user-content.com
+ hackathon-photos-us-east-2.hackerone-user-content.com
+ profile-photos.hackerone-user-content.com
+ hackerone-user-content.com
+ profile-photos-us-east-2.hackerone-user-content.com
+ cover-photos-us-east-2.hackerone-user-content.com
+ https://errors.hackerone.net
+ https://*.hackerone-ext-content.com
+ https://*.hackerone-user-content.com/
+ 66.232.20.0/23
+ 206.166.248.0/23
- https://support.hackerone.com
- www.hackeronestatus.com
- go.hacker.one
- info.hacker.one
- ma.hacker.one
[-] Parsing to JSON (Burp Suite)
[✓] Done. Wrote 193247 bytes to burpscope.json