├── Licence.md
├── README.md
└── hack1.py


/Licence.md:
--------------------------------------------------------------------------------
1 | # WTF License 3.0
2 | 
3 | This Project is under WTF License 3.0 , Have fun . Happy Hunting!
4 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # HackerOne Disclosed Vulnerability Reports Aggregator
 2 | [![made-with-python](https://img.shields.io/badge/Made%20with-Python-1f425f.svg)](https://www.python.org/)  [![Maintenance](https://img.shields.io/badge/Maintained%3F-no-red.svg)]() [![GitHub issues](https://img.shields.io/github/issues/Naereen/StrapDown.js.svg)](https://GitHub.com/vjex/hackerone/issues/)
 3 | 
 4 | 
 5 | Basic Functionality:
 6 | 
 7 |  * Company wise disclosure report
 8 |  * Export to CSV file
 9 | 
10 | 
11 | 
12 | ### Usage
13 | 
14 |    - Install python dependencies (for windows and Linux):
15 | 
16 | ```
17 | pip install cssselect
18 | pip install lxml
19 | pip install urllib2
20 | ```
21 | 
22 |    - Run hack1.py file
23 | ```
24 | python hack1.py
25 | ```
26 | 
27 |    - Enter the company name (handle) that you want to aggregate the disclosed reports
28 | 
29 | ```
30 | hack1.py
31 | Company Name:twitter
32 | ```
33 | 
34 |    - Open the {company}.csv file under the folder created with the same name as company.
35 | 
36 | ### Walkthrough
37 | 
38 | ![alt tag](http://i.imgur.com/xWj8htp.gif)
39 |  _____
40 | ![alt tag](http://i.imgur.com/qBdhQJ9.gif)   
41 | _____
42 | ![alt tag](http://i.imgur.com/3yUZOnS.gif)   
43 | 
44 | 
45 | ## Licence 
46 | #### WTFPL 3.0
47 | 
48 | ##  Contributing
49 | 
50 |   -  Fork it ( https://github.com/vjex/Hackerone/fork )
51 |   - Create your feature branch (git checkout -b my-new-feature)
52 |   - Commit your changes (git commit -am 'Add some feature')
53 |   - Push to the branch (git push origin my-new-feature)
54 |   - Create a new Pull Request
55 | 


--------------------------------------------------------------------------------
/hack1.py:
--------------------------------------------------------------------------------
 1 | from lxml.html import parse
 2 | from urllib2 import urlopen, Request
 3 | import os
 4 | import time
 5 | import os.path
 6 | 
 7 | def seperator():
 8 |     print  "----------------------------------------------"
 9 | 
10 | 
11 | def bountycheck(content):
12 |         for ele in content:
13 |                 if ele[0] == "$" and ele[1:].isdigit():
14 |                         return True
15 |         return False
16 | def main(companyName):
17 | 
18 |     if not os.path.exists(companyName):
19 |         os.mkdir(companyName)
20 |     
21 |     for page in range(1, 10000):
22 |         seperator()
23 |         print "[*]  Parsing Page " + str(page)
24 |         seperator()
25 |         url = "https://hackerone.com/" + companyName.lower() + "?page=" + str(page)
26 |         req = Request(url, None, headers)
27 |         tree = parse(urlopen(req)).getroot()
28 |         mydiv = tree.cssselect("div.hacktivity-container-subject-entry")
29 |         if mydiv == []:
30 |                 return
31 |         element = 0
32 |         relevantElements = []
33 |         listOne = []
34 |         dates = []
35 |         for x in mydiv:
36 |             content = x.text_content().split()
37 | 
38 |             if "rewarded" in content:
39 |                 relevantElements.append(element)
40 |                 name = content[content.index("rewarded") + 1]
41 |                 url = ""
42 |                 if "for" in content:
43 | 					url = "https://hackerone.com" + x[3].attrib['href']
44 | 					vulnerablity= ' '.join(content[8:])
45 | 					#bounty= content[content.index("rewarded") + 4]
46 | 					listOne.append([name,url,vulnerablity])
47 |             element += 1
48 |         element = 0
49 |         for y in tree.cssselect("a.hacktivity-timestamp-link"):
50 |             if element not in relevantElements:
51 |                 element += 1
52 |                 continue
53 |             for z in y:
54 |                 date = z.attrib['title']
55 |                 dates.append(" ".join(date.split()[:3]))
56 |             element += 1
57 |         blarg = 0
58 |         for arr in listOne:
59 |             with open(companyName + "\\" + companyName  + ".csv", "a") as myfile:
60 |                 myfile.write('"' + arr[0] + '"' + ',' + '"' + dates[blarg] + '"' + ',' + '"' + arr[1] + '"' + ','  + '"' + arr[2] + '"' + '\n')
61 |             #print '"' + arr[0] + '"' + ','  + '"' + dates[blarg] + '"' + ',' + '"' + arr[1] + '"'  + ',' + '"' + arr[2] + '"'
62 |             print 'Vulnerablity Name: "' + arr[2] + '"'
63 |             print "Hunter: " + arr[0]
64 |             print "Date: " + dates[blarg]
65 |             print "URL: " + arr[1]
66 |             #print "Bounty: " + arr[3]
67 |             print "\n"
68 |             blarg += 1
69 | headers = { 'User-Agent' : 'Mozilla/5.0' }
70 | 
71 | 
72 | if __name__=="__main__":
73 |     try:
74 |         companyName = raw_input("Company Name: ")
75 |         path=companyName + "\\" + companyName  + ".csv"
76 |         if os.path.isfile(path): 
77 |             f=open(companyName + "\\" + companyName  + ".csv", "w+")
78 |             f.close
79 |         main(companyName)
80 | 
81 |         print "\n\nDone"
82 |         print "\n Data saved in CSV file, open it with your favorite Text Editor"
83 |     except KeyboardInterrupt:
84 |         print "[*] Stopping"
85 |         time.sleep(1)
86 |         pass
87 | 


--------------------------------------------------------------------------------