├── LICENSE ├── README ├── h1 └── setup.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 EdOverflow 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | __ __ __ ____ ________ ____ 2 | / / / /___ ______/ /_____ _____/ __ \____ ___ / ____/ / / _/ 3 | / /_/ / __ `/ ___/ //_/ _ \/ ___/ / / / __ \/ _ \ / / / / / / 4 | / __ / /_/ / /__/ ,< / __/ / / /_/ / / / / __/ / /___/ /____/ / 5 | /_/ /_/\__,_/\___/_/|_|\___/_/ \____/_/ /_/\___/ \____/_____/___/ 6 | 7 | A CLI tool to interact with hackerone.com. 8 | 9 | Installation 10 | 11 | To install the tool and all necessary dependencies, run the 12 | following commands: 13 | 14 | $ git clone git@github.com:EdOverflow/h1-cli.git 15 | $ cd h1-cli 16 | $ ./setup.sh 17 | 18 | Dependencies 19 | 20 | - bountyplz (https://github.com/fransr/bountyplz) 21 | - cURL 22 | - jq 23 | - GNU grep (OSX users, please read https://apple.stackexchange.com/a/193300.) 24 | 25 | Contributing 26 | 27 | I welcome contributions from the public. The issue tracker is 28 | the preferred channel for bug reports and feature requests. 29 | The bug tracker utilises several labels to help organise and 30 | identify issues. Whenever submitting a new issue, please use 31 | the GitHub issue search first — check if the issue has already 32 | been reported. 33 | 34 | Make sure to run https://github.com/koalaman/shellcheck when you 35 | are done editing or create a shell script. This will help 36 | maintain clean and uniform code throughout the project. 37 | 38 | If you would like to submit a patch via email, that is fine too. 39 | Just run the following command and send the patch to contact 40 | [at] edoverflow [dot] com: 41 | 42 | $ git format-patch - 43 | 44 | Donations 45 | 46 | If you would like to support my work, you can use any of the 47 | addresses below: 48 | 49 | Liberapay: https://liberapay.com/EdOverflow 50 | 51 | Bitcoin: 1E2fZRNrrkCKPnWpKZAsJzByBoyoBURADN 52 | 53 | Ethereum: 0xe98FC23fB4A8762d700c0354979dA5Db6c29Acc3 54 | 55 | License 56 | 57 | MIT License — Copyright (c) 2018 EdOverflow 58 | -------------------------------------------------------------------------------- /h1: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ ! -x "$(command -v jq)" ]]; then 4 | echo "You need to install jq in order to run this tool." 5 | exit 1 6 | elif [[ ! -x "$(command -v curl)" ]]; then 7 | echo "You need to install cURL in order to run this tool." 8 | exit 1 9 | fi 10 | 11 | ################################################################ 12 | # Functions 13 | # Input: Argument from if statements below. 14 | # Output: Output to be displayed to the user. 15 | ################################################################ 16 | 17 | help_menu() { 18 | echo """ 19 | __ __ __ ____ ________ ____ 20 | / / / /___ ______/ /_____ _____/ __ \____ ___ / ____/ / / _/ 21 | / /_/ / __ \`/ ___/ //_/ _ \/ ___/ / / / __ \/ _ \ / / / / / / 22 | / __ / /_/ / /__/ ,< / __/ / / /_/ / / / / __/ / /___/ /____/ / 23 | /_/ /_/\__,_/\___/_/|_|\___/_/ \____/_/ /_/\___/ \____/_____/___/ 24 | 25 | By EdOverflow 26 | 27 | 28 | $ h1 29 | 30 | hacktivity Display the latest publicly-disclosed reports on the h1 hacktivity 31 | HackerOne Hacktivity feed. 32 | 33 | summary View report summary. h1 summary 34 | 35 | fetch Fetch the report itself. h1 fetch 36 | 37 | view View hacker's publicly-disclosed reports. h1 view 38 | 39 | report Submit a report to HackerOne. h1 report 40 | 41 | dork Quickly construct a Google dork for finding a particular h1 dork 42 | report on HackerOne 43 | 44 | stats Fetch stats about a hacker on HackerOne. h1 stats or h1 stats ' ' 45 | 46 | leaderboard Print the current all-time leaderboard. h1 leaderboard 47 | 48 | search Search for publicly disclosed reports. h1 search 49 | """ 50 | } 51 | 52 | hacktivity() { 53 | # h1 hacktivity 54 | curl -s -H'Accept: application/json' \ 55 | "https://hackerone.com/hacktivity?sort_type=popular&filter=type%3Apublic&page=1&range=forever" | 56 | jq -r '.reports[] | "\(.title) by \(.reporter.username) [https://hackerone.com/reports/\(.id)]"' 57 | } 58 | 59 | summary() { 60 | # h1 summary 61 | curl -s -H'Accept: application/json' \ 62 | "https://hackerone.com/reports/$1.json" | 63 | jq -r '.summaries[] | "\(.content)"' | 64 | fmt -w 80 65 | } 66 | 67 | dork() { 68 | # h1 dork 69 | echo "site:hackerone.com \"$1\" -\"Informative\" -\"Duplicate\" -\"Not Applicable\" -\"Spam\"" 70 | } 71 | 72 | stats() { 73 | # h1 stats 74 | # or 75 | # h1 stats ' ...' 76 | OUTPUT=$(echo "Name‡Rank‡Rep.‡Signal‡Reports"; for i in "$@"; do curl -s -H'Accept: application/json' "https://hackerone.com/$i" | 77 | jq -r '. | "\(.name)‡\(.rank)‡\(.reputation)‡\(.signal)‡\(.report_count)"'; done) 78 | echo "$OUTPUT" | column -t -s'‡' 79 | } 80 | 81 | leaderboard() { 82 | # h1 leaderboard 83 | OUTPUT=$(echo "Rank - Username"; curl -s -H'Accept: application/json' \ 84 | "https://hackerone.com/leaderboard/all-time" | 85 | jq -r '.users[] | "\(.rank) - \(.username)"' | 86 | head "-$1") 87 | echo "$OUTPUT" | column -t -s' ' 88 | } 89 | 90 | search() { 91 | TERM=$(echo "$1" | sed 's/ /%20/g') 92 | curl -s "http://h1.nobbd.de/search.php?q=$TERM" | grep -Eoi ']+' | 93 | grep -Po '(href|title)="\K[^"]+' | 94 | tr ' ' '‡' | tr -d "'" | xargs -n 2 | tr '‡' ' ' 95 | } 96 | 97 | fetch() { 98 | curl -s "https://hackerone.com/reports/$1.json" | 99 | jq -r '.vulnerability_information' | 100 | fmt -w 80 101 | } 102 | 103 | view() { 104 | curl -s -H'Accept: application/json' "https://hackerone.com/hacktivity?sort_type=latest_disclosable_activity_at&page=1&filter=type%3Apublic%20from%3A$1&range=forever" | 105 | jq -r '.reports[] | "\(.title) ‡https://hackerone.com\(.url)‡"' | 106 | column -t -s'‡' 107 | } 108 | 109 | frog() { 110 | # h1 frog 111 | echo """ 112 | _,-. -------------------- 113 | ,-. ,--' o ) -( Frogs find bugs! ) 114 | \(,' ' ,,-' -------------------- 115 | ,-.\-.__,\\\_ 116 | \('--' '\\ 117 | """ 118 | } 119 | 120 | ################################################################ 121 | # Commands (this sort of acts as the main() function) 122 | # Input: User input from $1 and $2. 123 | # Output: Output from selected function. 124 | ################################################################ 125 | 126 | if [[ $1 == "" ]] || [[ $1 == "-h" ]] || [[ $1 == "--help" ]]; then 127 | help_menu 128 | elif [[ $1 == "hacktivity" ]]; then 129 | hacktivity 130 | elif [[ $1 == "summary" ]]; then 131 | summary "$2" 132 | elif [[ $1 == "report" ]]; then 133 | if [[ -x "$(command -v bountyplz)" ]]; then 134 | bountyplz h1 "$2" "$3" 135 | else 136 | echo "You need to install https://github.com/fransr/bountyplz#install in order to use this feature." 137 | fi 138 | elif [[ $1 == "dork" ]]; then 139 | if [[ -x "$(command -v xclip)" ]]; then 140 | dork "$2" | xclip -selection clipboard 141 | echo "Google Dork has been copied to your clipboard." 142 | else 143 | dork "$2" 144 | fi 145 | elif [[ $1 == "stats" ]]; then 146 | stats "$2" 147 | elif [[ $1 == "leaderboard" ]]; then 148 | leaderboard $2 149 | elif [[ $1 == "search" ]]; then 150 | search "$2" 151 | elif [[ $1 == "fetch" ]]; then 152 | fetch "$2" 153 | elif [[ $1 == "view" ]]; then 154 | view "$2" 155 | elif [[ $1 == "frog" ]]; then 156 | frog 157 | else 158 | echo "Unknown command '$1'" 159 | help_menu 160 | fi 161 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Installing dependencies." 4 | 5 | sudo apt-get install xclip 6 | sudo apt-get install jq 7 | git clone https://github.com/fransr/bountyplz.git 8 | ln -fs "$(pwd)/bountyplz" /usr/local/bin/bountyplz 9 | 10 | echo "Place .env with HACKERONE_USERNAME and HACKERONE_PASSWORD next to the binary." 11 | read -p "Your HackerOne username: " 12 | echo "HACKERONE_USERNAME=$REPLY" > "$(pwd)/bountyplz/.env" 13 | read -p "Your HackerOne password: " 14 | echo "HACKERONE_PASSWORD=$REPLY" >> "$(pwd)/bountyplz/.env" 15 | 16 | echo "Done installing dependencies." --------------------------------------------------------------------------------