Issue on Hackerone BBP only function

[zy9ard3]

Hey @sw33tLie

Hope you're doing well !!

I've encountered an issue with Hackerone bbp only -b function. when using the -b flag for h1 which is intended to limit the scope targets to BBPs only, but it seems to also fetch entries from some 15+ VDPs including publitas, khan academy, expression engine, etc...

Run bbscope for Hackerone with bbp only flag

bbscope h1 -t <h1apikey> -u <h1username> -a -b -o tu | tee h1.txt

and you will find 15+ VDPs included on output along with targets as NO_IN_SCOPE_TABLE

search NO_IN_SCOPE_TABLE on output

Thanks & Regards, @zy9ard3

[sw33tLie]

Thanks for sending this, I'm checking now

[molitona]

confirm that i got

https://hackerone.com/publitas https://hackerone.com/khanacademy https://hackerone.com/stopthehacker https://hackerone.com/expressionengine https://hackerone.com/digitalsellz https://hackerone.com/cert https://hackerone.com/mobilevikings https://hackerone.com/nokogiri https://hackerone.com/libsass https://hackerone.com/gm https://hackerone.com/monero https://hackerone.com/olx https://hackerone.com/owox https://hackerone.com/fantasytote https://hackerone.com/pushwoosh https://hackerone.com/deptofdefense https://hackerone.com/disclosure-assistance https://hackerone.com/rbkmoney https://hackerone.com/homebrew https://hackerone.com/stellar https://hackerone.com/loofah https://hackerone.com/ratelimited https://hackerone.com/hannob https://hackerone.com/govtech-vdp https://hackerone.com/standard_notes https://hackerone.com/td-bank https://hackerone.com/checkout https://hackerone.com/pfizer https://hackerone.com/beiersdorf https://hackerone.com/caterpillar https://hackerone.com/godaddy-vdp https://hackerone.com/fresenius