Unable to fetch complete data

[rudraimmunefi]

Hi, First of all, thank you for such a tool.

I tried to fetch the public scope for h1 using the following command - bbscope h1 -b --noToken -c url

Fetched the result but somehow it is missing the details for Mailru program (https://hackerone.com/mailru). Is it because of the different formatting of the scope?

Thank you.

[sw33tLie]

Hi there, thanks for raising this issue. You're right, and yes it's because of the different formatting of the scope (honestly, I blame HackerOne for this :upside_down_face: ). A while ago I added the --descToo flag as an attempt to mitigate this but it looks like that flag isn't helpful here either... I need to think about a proper way to deal with these edge cases...exporting everything from a program as json (#2) then grepping might be a good workaround :thinking: If you have any suggestion, feel free to write below

[rudraimmunefi]

Thanks for coming back, I believe notifying users about such programs is crucial as they are missing major targets unless anything is figured out.

As of now, updating the Description should be done to make the users aware of such things.

[sw33tLie]

Hi there, I took a closer look and figured out what's actually wrong. Using the --proxy flag to send all requests through Burp I saw this:

{"node":{"id":"Z2lkOi8vaGFja2Vyb25lL1N0cnVjdHVyZWRTY29wZS80MDQxOA==","asset_type":"OTHER","asset_identifier":"Ext. A Scope","rendered_instruction":"\u003cp\u003eProductivity, e-commerce, B2B projects at \u003ccode\u003e*.mail.ru\u003c/code\u003e,  \u003ccode\u003e*.my.com\u003c/code\u003e and some dedicated project domains, including \u003ccode\u003ecorp.mail.ru\u003c/code\u003e,  \u003ccode\u003erb.mail.ru\u003c/code\u003e, \u003ccode\u003etop.mail.ru\u003c/code\u003e, \u003ccode\u003emoney.mail.ru\u003c/code\u003e, \u003ccode\u003etbank.mail.ru\u003c/code\u003e, \u003ccode\u003ecombo.mail.ru\u003c/code\u003e, \u003ccode\u003eapinotify.mail.ru\u003c/code\u003e, \u003ccode\u003eblog.mail.ru\u003c/code\u003e, \u003ccode\u003etarget.my.com\u003c/code\u003e, \u003ccode\u003etracker.my.com\u003c/code\u003e, \u003ccode\u003etarantool.io\u003c/code\u003e, \u003ccode\u003eyoula.ru\u003c/code\u003e, \u003ccode\u003epandao.ru\u003c/code\u003e, \u003ccode\u003eam.ru\u003c/code\u003e, \u003ccode\u003egibdd.mail.ru\u003c/code\u003e, \u003ccode\u003ehelp.mail.ru\u003c/code\u003e except delegated and externally hosted domains and branded partner services.\u003c/p\u003e\n\n\u003cp\u003e\u003cmark\u003eExtended scope only awards critical serverside vulnerabilities, if vulnerability compromises the infrastructure (e.g. RCE, SQLi, LFR, SSRF, etc) or data outside of project\u0026#39;s scope (e.g. personal information)  via serverside vector.\u003c/mark\u003e\u003c/p\u003e\n\n\u003cp\u003eClientside vulnerabilities (XSS, CSRF) and business logic specific bugs, including privilege escalations within the product are accepted without bounty. \u003cbr\u003e\n\u003cmark\u003eMitM and local attacks, user enumeration on registration/recovery, open redirections, insufficient session expiration, cookies working after logout etc are not accepted\u003c/mark\u003e unless there are additional vectors identified (e.g. ability to steal the session token via remote vector for open redirection).\u003c/p\u003e\n","max_severity":"critical","eligible_for_bounty":true},"cursor":"NQ"},

The --descToo flag is actually useful here, but as you can see these assets are marked as asset_type=OTHER, while you only selected the url category. To be sure to cover all cases, it's a good idea to select all categories. I still blame h1 here, but you're right, adding a warning in the readme to make everyone understand these scenarios is a good idea :smiley: