├── README.md └── h1finder /README.md: -------------------------------------------------------------------------------- 1 | # This h1finder.sh is script which collect all program names and then collect all assets and save it into wild and non-wild domains 2 | 3 | You can get your API key from https://hackerone.com/settings/api_token/edit 4 | 5 | 6 | 7 | # Installation 8 | 9 | **Please replace your api-token and username** 10 | ``` 11 | git clone https://github.com/bug-vs-me/h1-asset-fetcher.git 12 | cd h1-asset-fetcher 13 | chmod +x h1finder 14 | mv h1finder /usr/bin/ 15 | ``` 16 | 17 | ![image](https://github.com/bug-vs-me/h1-asset-fetcher/assets/57610657/724b3e50-5f99-4e9a-90cd-218426a66be7) 18 | 19 | 20 | # Usage 21 | ``` 22 | h1finder -t -u -b 23 | ``` 24 | 25 | -t = H1 token 26 | 27 | -u = h1 username 28 | 29 | -b = true or false, if you want bounty only target set it to true if you want vdp only set it to false 30 | 31 | **wild.txt files output will look like this:** 32 | ``` 33 | hackerone-ext-content.com 34 | hackerone-user-content.com 35 | cloudflare.com 36 | cloudflarepartners.com 37 | teams.cloudflare.com 38 | ``` 39 | 40 | **nonwild.txt files output will look like this:** 41 | ``` 42 | a5s.hackerone-ext-content.com 43 | api.hackerone.com 44 | app.pullrequest.com 45 | b5s.hackerone-ext-content.com 46 | cover-photos-us-east-2.hackerone-user-content.com 47 | ``` 48 | -------------------------------------------------------------------------------- /h1finder: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | USE_BOUNTY=true # Default value 4 | while getopts "t:u:b:" opt; do 5 | case $opt in 6 | t) 7 | API_KEY=$OPTARG 8 | ;; 9 | u) 10 | API_USERNAME=$OPTARG 11 | ;; 12 | b) 13 | USE_BOUNTY=$OPTARG 14 | ;; 15 | \?) 16 | echo "Invalid option: -$OPTARG" >&2 17 | exit 1 18 | ;; 19 | :) 20 | echo "Option -$OPTARG requires an argument." >&2 21 | exit 1 22 | ;; 23 | esac 24 | done 25 | 26 | if [[ -z $API_KEY || -z $API_USERNAME ]] 27 | then 28 | echo "Usage: htfinder -t -u [-b ]" 29 | exit 1 30 | fi 31 | 32 | # Retrieve list of programs 33 | page=1 34 | while [ true ] 35 | do 36 | response=$(curl -s -X GET -u "$API_USERNAME:$API_KEY" -H "Accept: application/json" "https://api.hackerone.com/v1/hackers/programs/?page%5Bnumber%5D=$page&page%5Bsize%5D=100") 37 | if [ "$(echo $response | jq '.data | length')" -eq 0 ] 38 | then 39 | break 40 | fi 41 | if [ "$USE_BOUNTY" == "true" ]; then 42 | echo "$response" | jq -r '.data[] | select(.attributes.offers_bounties == true) | .attributes.handle' >> programs.txt 43 | else 44 | echo "$response" | jq -r '.data[] | select(.attributes.offers_bounties == false) | .attributes.handle' >> programs.txt 45 | fi 46 | ((page++)) 47 | done 48 | 49 | # Retrieve domains for each program 50 | while read -r handle 51 | do 52 | curl -s -X GET -u "$API_USERNAME:$API_KEY" -H 'Accept: application/json' "https://api.hackerone.com/v1/hackers/programs/$handle" | jq -r '.relationships.structured_scopes.data[] | select((.attributes.asset_type=="URL" or .attributes.asset_type=="WILDCARD") and .attributes.eligible_for_submission==true) | .attributes.asset_identifier' | tr -s ' ' '\n' | sort -u | sed '/^$/d' | tr ',' '\n' | tee -a target.txt 53 | done < programs.txt 54 | 55 | grep '*' target.txt | grep -Eo '[a-zA-Z0-9]+([.-][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}' >> wild.txt 56 | grep -v '*' target.txt | grep -Eo '[a-zA-Z0-9]+([.-][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}' >> nonwild.txt 57 | 58 | ## Removing unnecessary files 59 | rm -rf target.txt programs.txt 60 | 61 | echo -e "\033[1;31mwild.txt AND nonwild.txt BOTH FILES SAVED IN $(pwd)\033[0;0m" 62 | --------------------------------------------------------------------------------