add json() call to try block
Uncomment genScope()
Make file paths consistent
A script to scan HackerOne bug bounty scopes and notify via email when they change.
h1_device_id
and __Host-session
value to ./requests_template/headers.json
. You can find this value by visiting a scope page, e.g. https://hackerone.com/spotify?type=team and inspecting cookies in your browser's Developer Tools pane. No login is required.requests_template
folder to requests
targets.txt
file, one per line. This name must match exactly the URL directory of the program home. E.g. to add the AT&T program, first visit the program page at https://hackerone.com/att?type=team and note the directory name in the URL. In this case, we need to add the directory name att
to our targets.txt
filesecrets_template.yml
and rename the file to secrets.yml
contacts.txt
, one per line, separated by a spacemessage.txt
responses
and tmp
pip install PyYAML
init.py
to populate the responses/
folder with existing bounty scopesmain.py
to populate tmp/
and diff the current scopes against the previouscron
or similar to check the scopes at your desired frequency. I recommend not doing this too frequently to avoid spamming HackerOne and/or getting your IP blocked.