arkadiyt / bounty-targets

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo
https://github.com/arkadiyt/bounty-targets-data
MIT License
619 stars 108 forks source link

OOS domains improperly scraped #140

Closed HolyBugx closed 1 year ago

HolyBugx commented 1 year ago

Hi,

With the recent updates, the parser is now invalidly parsing the OOS domains.

[Intigriti]

There is not a single OOS domain for Intigriti: https://github.com/arkadiyt/bounty-targets-data/blob/main/data/intigriti_data.json

If you check any program, no valid OOS domain is scraped for it.

[Bugcrowd]

The OOS domains are improperly scraped with empty JSON objects. e.g.

and

image

--

In addition, I believe this is one of the main commits that removed lots of OOS domains:

https://github.com/arkadiyt/bounty-targets-data/commit/b559c43b924d87f76c18697ce204c8a9533a8f26

Best regards, HolyBugx

HolyBugx commented 1 year ago

Something else I just realized:

For some programs, the parser has removed the * and replaced it with http scheme.

Example: https://bugcrowd.com/linktree-mbb-og

*.filestack.com
*.freshdesk.com
*.blstr.xyz
*.blstr.co

image

This is not only limited to the OOS, but also the main scopes:

Example: https://bugcrowd.com/kaleido

*.remove.bg 
*.designify.com 
*.kaleido.ai    
*.unscreen.com

image

Best regards, HolyBugx

HolyBugx commented 1 year ago

Hi again,

I spent some time today and found the core of this issue.

I believe that this pull request is the problem maker.

Although this is shown not to be merged, it actually is working on the server.

The commit improperly uses an || operator, which results in the bug.

Here is an example of the unparsed null JSON arrays:

image

Here is an example of unparsed * domains:

image

To fix this, simply revert the pull request to the original state.

Kind regards, @HolyBugx

arkadiyt commented 1 year ago

[Intigriti] There is not a single OOS domain for Intigriti: https://github.com/arkadiyt/bounty-targets-data/blob/main/data/intigriti_data.json

Intigriti does not provide out of scope domains in a structured way

[Bugcrowd] The OOS domains are improperly scraped with empty JSON objects. e.g.

This should be fixed now