Daniel Antonsen

rescope v1.0 - Bugbounty update

It's been roughly one month since rescope first got introduced and the feedback has been great. Also thank you pentester.land for #1 tool of the week

rescope has since then undergone several changes and today I'm excited to announce a new feature that I've been working on which lets you define scopes directly from pretty much any public bug-bounty program.

Unlike before, with this update you no longer do you have to copy/paste the scope section to a file and set excludes manually. Just tell rescope which program you'd like to scope and it'll take care of the rest.

$ rescope -u hackerone.com/security -o importme.json
[-] Grabbing targets from hackerone.com/security
+  https://hackerone.com
+  https://api.hackerone.com
+  *.vpn.hackerone.net
+  https://hackerone-us-west-2-production-attachments.s3-us-west-2.amazonaws.com/
+  https://www.hackerone.com
+  https://errors.hackerone.net
+  https://*.hackerone-ext-content.com
+  https://ctf.hacker101.com
+  https://*.hackerone-user-content.com/
+  66.232.20.0/23
+  206.166.248.0/23
-  https://support.hackerone.com
-  https://ma.hacker.one
-  https://www.hackeronestatus.com/
-  https://info.hacker.one/
-  https://go.hacker.one
[-] Parsing to JSON (Burp Suite)
[✓] Done. Wrote 185786 bytes to importme.json

The -u flag can be specified multiple times:

$ rescope -u bugcrowd.com/bugcrowd -u hackerone.com/security -o importme.json

Or throw them in a list:

$ cat bigscope.txt
bugcrowd.com/bugcrowd
hackerone.com/security  
hackenproof.com/hacken/hackenproof  
intigriti.com/intigriti/intigriti  
openbugbounty.org/bugbounty/mogiwitt/  
yeswehack.com/programs/yes-we-hack  
$ rescope -i bigscope.txt -o bigscope.json --silent
[-] Identified BBaaS program (bugcrowd.com/bugcrowd) in bigscope.txt
[-] Identified BBaaS program (hackerone.com/security) in bigscope.txt
[-] Identified BBaaS program (hackenproof.com/hacken/hackenproof) in bigscope.txt
[-] Identified BBaaS program (intigriti.com/intigriti/intigriti) in bigscope.txt
[-] Identified BBaaS program (openbugbounty.org/bugbounty/mogiwitt/) in bigscope.txt
[-] Identified BBaaS program (yeswehack.com/programs/yes-we-hack) in bigscope.txt
[-] Grabbing targets from bigscope.txt
[-] Grabbing targets from bugcrowd.com/bugcrowd
[-] Grabbing targets from hackerone.com/security
[-] Grabbing targets from hackenproof.com/hacken/hackenproof
[-] Grabbing targets from intigriti.com/intigriti/intigriti
[-] Grabbing targets from openbugbounty.org/bugbounty/mogiwitt
[-] Grabbing targets from yeswehack.com/programs/yes-we-hack
[-] Parsing to JSON (Burp Suite)
[✓] Done. Wrote 193234 bytes to bigscope.json

You may also mix public and private scopes in one go. See readme for details.

Quick install

go install github.com/root4loot/rescope@latest

Hope you found this useful and if you did then feel free to follow me on Twitter for future updates and other cool things to come. As always, let me know if you run into any issues.

First posted Apr 16, 2019