search

sw33tLie / bbscope

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Apache License 2.0
1.01k stars 145 forks source link

Filter out pentests from Intigriti programs #38

Closed 0xJeti closed 1 year ago

0xJeti commented 1 year ago

bbscope it breaks when a user has some Intigriti hybrid pentests active. The reason is that API call (https://api.intigriti.com/core/researcher/programs) to get list of programs
has active pentests attached at the end of JSON array:

[{"type":1,"minBounty":{"value":0.0,"currency":"EUR"},"maxBounty":{"value":3500.0,"currency":"EUR"},"programId":"f65f73f6-e60f-405e-a7fd-xxxxxxxxxx","status":3,"confidentialityLevel":1},

{"baseBounty":{"value":1600.0,"currency":"USD"},"bountyPool":{"value":5600.0,"currency":"USD"},"testWindowStartsAt":1696420800,"testWindowEndsAt":1697630400,"expectedEffort":144000,"type":2,"programId":"678fffc1-c455-452d-ad72-xxxxxxxxxxxxxxxx","status":1002,"confidentialityLevel":2}

Structure of JSON describing a pentest is different then for standard program (maxBounty field is missing).

The solution is to filter JSON array on type==1 which will only return regular programs.

sw33tLie commented 1 year ago

Hey @0xJeti ,happy to see you here :) Merging! Thank you so much