~tonyharris/bug-bounty-alerts

Email notification system for HackerOne bug bounty scope changes
68e9541d — tonyarris 3 years ago
add json() call to try block
310f5a39 — tonyarris 3 years ago
Uncomment genScope()
18632ee4 — tonyarris 3 years ago
Make file paths consistent

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~tonyharris/bug-bounty-alerts
read/write
git@git.sr.ht:~tonyharris/bug-bounty-alerts

You can also use your local clone with git send-email.

#bug-bounty-alerts

A script to scan HackerOne bug bounty scopes and notify via email when they change.

#Setup

  • Add a h1_device_id and __Host-session value to ./requests_template/headers.json. You can find this value by visiting a scope page, e.g. https://hackerone.com/spotify?type=team and inspecting cookies in your browser's Developer Tools pane. No login is required.
  • Rename the requests_template folder to requests
  • Browse the HackerOne Directory and add your desired bounty program names to the targets.txt file, one per line. This name must match exactly the URL directory of the program home. E.g. to add the AT&T program, first visit the program page at https://hackerone.com/att?type=team and note the directory name in the URL. In this case, we need to add the directory name att to our targets.txt file
  • Add your email SMTP settings to secrets_template.yml and rename the file to secrets.yml
  • Add your recipient first name(s) and email(s) to contacts.txt, one per line, separated by a space
  • Customise the body of the notification email by editing message.txt
  • Create two empty folders: responses and tmp
  • pip install PyYAML
  • Run init.py to populate the responses/ folder with existing bounty scopes
  • Run main.py to populate tmp/ and diff the current scopes against the previous
  • Automate with cron or similar to check the scopes at your desired frequency. I recommend not doing this too frequently to avoid spamming HackerOne and/or getting your IP blocked.