sw33tLie / bbscope

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Apache License 2.0
1.01k stars 145 forks source link

Issue on Hackerone BBP only function #52

Open zy9ard3 opened 5 months ago

zy9ard3 commented 5 months ago

Hey @sw33tLie

Hope you're doing well !!

I've encountered an issue with Hackerone bbp only -b function. when using the -b flag for h1 which is intended to limit the scope targets to BBPs only, but it seems to also fetch entries from some 15+ VDPs including publitas, khan academy, expression engine, etc...

Run bbscope for Hackerone with bbp only flag

bbscope h1 -t <h1apikey> -u <h1username> -a -b -o tu | tee h1.txt

and you will find 15+ VDPs included on output along with targets as NO_IN_SCOPE_TABLE

search NO_IN_SCOPE_TABLE on output

Thanks & Regards, @zy9ard3

sw33tLie commented 5 months ago

Thanks for sending this, I'm checking now

molitona commented 5 months ago

confirm that i got

https://hackerone.com/publitas https://hackerone.com/khanacademy https://hackerone.com/stopthehacker https://hackerone.com/expressionengine https://hackerone.com/digitalsellz https://hackerone.com/cert https://hackerone.com/mobilevikings https://hackerone.com/nokogiri https://hackerone.com/libsass https://hackerone.com/gm https://hackerone.com/monero https://hackerone.com/olx https://hackerone.com/owox https://hackerone.com/fantasytote https://hackerone.com/pushwoosh https://hackerone.com/deptofdefense https://hackerone.com/disclosure-assistance https://hackerone.com/rbkmoney https://hackerone.com/homebrew https://hackerone.com/stellar https://hackerone.com/loofah https://hackerone.com/ratelimited https://hackerone.com/hannob https://hackerone.com/govtech-vdp https://hackerone.com/standard_notes https://hackerone.com/td-bank https://hackerone.com/checkout https://hackerone.com/pfizer https://hackerone.com/beiersdorf https://hackerone.com/caterpillar https://hackerone.com/godaddy-vdp https://hackerone.com/fresenius