├── requirements.txt ├── huntr.com.png ├── README.md └── main.py /requirements.txt: -------------------------------------------------------------------------------- 1 | BeautifulSoup4 2 | selenium 3 | webdriver-manager 4 | -------------------------------------------------------------------------------- /huntr.com.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/password123456/huntr-com-bug-bounties-collector/HEAD/huntr.com.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # huntr.com bugs collector 2 | New bug bounty(vulnerabilities) collector 3 | 4 | ![made-with-python][made-with-python] 5 | ![Python Versions][pyversion-button] [![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fpassword123456%2Fwatching_new_bounty_posting&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=hits&edge_flat=false)](https://hits.seeyoufarm.com) 6 | 7 | [pyversion-button]: https://img.shields.io/pypi/pyversions/Markdown.svg 8 | [made-with-python]: https://img.shields.io/badge/Made%20with-Python-1f425f.svg 9 | 10 | 11 | # Requirements 12 | - Chrome with GUI (If you encounter trouble with script execution, check the status of VMs GPU features, if available.) 13 | - Chrome WebDriver 14 | 15 | ![img](https://github.com/password123456/huntr-com-bug-bounties-collector/blob/main/huntr.com.png) 16 | 17 | # Preview 18 | ``` 19 | # python3 main.py 20 | 21 | *2024-02-20 16:14:47.836189* 22 | 23 | 1. Arbitrary File Reading due to Lack of Input Filepath Validation 24 | - Feb 6th 2024 / High (CVE-2024-0964) 25 | - gradio-app/gradio 26 | - https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741/ 27 | 28 | 2. View Barcode Image leads to Remote Code Execution 29 | - Jan 31st 2024 / Critical (CVE: Not yet) 30 | - dolibarr/dolibarr 31 | - https://huntr.com/bounties/f0ffd01e-8054-4e43-96f7-a0d2e652ac7e/ 32 | 33 | ``` 34 | (delimiter-based file database) 35 | ``` 36 | # vim feeds.db 37 | 38 | 1|2024-02-20 16:17:40.393240|7fe14fd58ca2582d66539b2fe178eeaed3524342|CVE-2024-0964|https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741/ 39 | 2|2024-02-20 16:17:40.393987|c6b84ac808e7f229a4c8f9fbd073b4c0727e07e1|CVE: Not yet|https://huntr.com/bounties/f0ffd01e-8054-4e43-96f7-a0d2e652ac7e/ 40 | 3|2024-02-20 16:17:40.394582|7fead9658843919219a3b30b8249700d968d0cc9|CVE: Not yet|https://huntr.com/bounties/d6cb06dc-5d10-4197-8f89-847c3203d953/ 41 | 4|2024-02-20 16:17:40.395094|81fecdd74318ce7da9bc29e81198e62f3225bd44|CVE: Not yet|https://huntr.com/bounties/d875d1a2-7205-4b2b-93cf-439fa4c4f961/ 42 | 5|2024-02-20 16:17:40.395613|111045c8f1a7926174243db403614d4a58dc72ed|CVE: Not yet|https://huntr.com/bounties/10e423cd-7051-43fd-b736-4e18650d0172/ 43 | ``` 44 | 45 | ## Notes 46 | - This code is designed to parse HTML elements from huntr.com, so it may not function correctly if the HTML page structure changes. 47 | - In case of errors during parsing, exception handling has been included, so if it doesn't work as expected, please inspect the HTML source for any changes. 48 | - If get in trouble In a typical cloud environment, scripts may not function properly within virtual machines (VMs). 49 | -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | __author__ = 'https://github.com/password123456/' 2 | __date__ = '2024.04.02' 3 | __version__ = '1.0.7' 4 | __status__ = 'Production' 5 | 6 | import os 7 | import sys 8 | import hashlib 9 | from datetime import datetime 10 | from bs4 import BeautifulSoup 11 | from selenium import webdriver 12 | from selenium.webdriver.chrome.service import Service 13 | 14 | 15 | class Bcolors: 16 | Black = '\033[30m' 17 | Red = '\033[31m' 18 | Green = '\033[32m' 19 | Yellow = '\033[33m' 20 | Blue = '\033[34m' 21 | Magenta = '\033[35m' 22 | Cyan = '\033[36m' 23 | White = '\033[37m' 24 | Endc = '\033[0m' 25 | BOLD = '\033[1m' 26 | UNDERLINE = '\033[4m' 27 | 28 | 29 | def sha256_hash(string): 30 | return hashlib.sha256(string.encode()).hexdigest() 31 | 32 | 33 | def chrome_webdriver(): 34 | chromedriver_path = 'your-chrome-webdriver-path' 35 | user_agent = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) ' \ 36 | 'Chrome/123.0.0.0 Safari/537.36' 37 | options = webdriver.ChromeOptions() 38 | options.add_argument('--headless') 39 | options.add_experimental_option("excludeSwitches", ["enable-automation"]) 40 | options.add_experimental_option('useAutomationExtension', False) 41 | options.add_argument(f'user-agent={user_agent}') 42 | service = Service(executable_path=chromedriver_path) 43 | driver = webdriver.Chrome(service=service, options=options) 44 | return driver 45 | 46 | 47 | def feeds_exists_in_db(feed_db, _hash_to_check): 48 | try: 49 | if os.path.exists(feed_db): 50 | mode = 'r' 51 | else: 52 | mode = 'w' 53 | with open(feed_db, mode, encoding='utf-8') as database: 54 | for line in database: 55 | if not len(line.strip()) == 0: 56 | hash_in_db = str(line.split('|')[2].replace('\n', '')) 57 | if str(_hash_to_check) in str(hash_in_db): 58 | return True 59 | return False 60 | except Exception as error: 61 | print(f'{Bcolors.Yellow}- ::Exception:: Func:[{feeds_exists_in_db.__name__}] ' 62 | f'Line:[{sys.exc_info()[-1].tb_lineno}] [{type(error).__name__}] {error}{Bcolors.Endc}', flush=True) 63 | 64 | 65 | def retrieve_huntr_entries(feed_url, feed_db): 66 | driver = chrome_webdriver() 67 | driver.get(feed_url) 68 | driver.implicitly_wait(10) 69 | 70 | soup = BeautifulSoup(driver.page_source, 'html.parser') 71 | driver.quit() 72 | 73 | parse_table_id = 'hacktivity-table' 74 | try: 75 | table = soup.find('table', id=parse_table_id) 76 | rows = table.find_all('tr') 77 | except AttributeError as error: 78 | message = (f'{os.path.realpath(__file__)}\n\n' 79 | f'- [func]: {retrieve_huntr_entries.__name__}\n*{error}*\n\n' 80 | f'- [exception]: {feed_url}\n- Failed to parse HTML elements "{parse_table_id}"') 81 | print(f'{Bcolors.Yellow}[-] Error: {message} {Bcolors.Endc}\n\n') 82 | sys.exit(1) 83 | 84 | content_result = '' 85 | n = 0 86 | 87 | if os.path.exists(feed_db): 88 | mode = 'a' 89 | else: 90 | mode = 'w' 91 | 92 | with open(feed_db, mode, encoding='utf-8') as fa: 93 | for item in rows: 94 | title = '' 95 | link = '' 96 | date = '' 97 | product = '' 98 | cve = '' 99 | severity = '' 100 | try: 101 | title = item.find('a', class_='hover:text-blue-400').text.strip() 102 | link = f"https://huntr.com{item.find('a', class_='hover:text-blue-400')['href']}" 103 | date = item.find('div', class_='float-right hidden text-sm font-medium opacity-50 md:inline-block').text.strip() 104 | product = item.find('a', class_='ml-1 mr-1.5 cursor-pointer underline hover:text-blue-400').text.strip() 105 | product = product.replace(' ', '').replace('\n', '') 106 | cve = item.find('a', class_='float-right ml-2 hidden font-medium underline hover:text-blue-400 md:inline').text.strip() 107 | if not cve.startswith('CVE'): 108 | cve = 'CVE: Not yet' 109 | severity = item.find('span', class_='h-3 self-end').text.strip() 110 | except AttributeError: 111 | message = (f'{os.path.realpath(__file__)}\n\n' 112 | f'- [func]: {retrieve_huntr_entries.__name__}\n' 113 | f'- [exception]: {feed_url}\n- One of the variable is empty\n' 114 | f'> title: {title}\n> link: {link}\n> date: {date}\n' 115 | f'> product: {product}\n> severity: {severity}\n> cve_id: {cve}') 116 | print(f'{Bcolors.Yellow}[-] Error: {message} {Bcolors.Endc}\n\n') 117 | sys.exit(1) 118 | 119 | # if all variables are not empty, continue processing 120 | if title and link and date and product and severity: 121 | hashed_article = sha256_hash(f'{title}_{str(link)}') 122 | hashed_data = sha256_hash(hashed_article) 123 | if not feeds_exists_in_db(feed_db, hashed_data): 124 | n = n + 1 125 | cve_product = f'https://github.com/{product}' 126 | fa.write(f'{n}|{datetime.now()}|{hashed_data}|{cve}|{cve_product}|{link}\n') 127 | contents = f'{n}. *{title}*\n- {date}\n- *{cve} ({severity})*\n- {cve_product}\n- {link}\n\n' 128 | content_result += contents 129 | return content_result 130 | 131 | 132 | def main(): 133 | home_path = os.path.dirname(os.path.realpath(__file__)) 134 | feed_db = f'{home_path}/feeds.db' 135 | feed_url = 'https://huntr.com/bounties/hacktivity' 136 | 137 | result_entries = retrieve_huntr_entries(feed_url, feed_db) 138 | if result_entries: 139 | print(result_entries) 140 | ## Send the result to webhook. ## 141 | 142 | else: 143 | message = (f'{os.path.realpath(__file__)}\n' 144 | f'- [func]: {main.__name__}\n' 145 | f'- [exception]: No retrieved new huntr Data\n') 146 | print(f'{Bcolors.Green}[-] OK: ({datetime.now()})\n{message} {Bcolors.Endc}\n\n') 147 | 148 | 149 | if __name__ == '__main__': 150 | try: 151 | main() 152 | except KeyboardInterrupt: 153 | sys.exit(0) 154 | except Exception as e: 155 | print(f'{Bcolors.Yellow}- ::Exception:: Func:[{__name__.__name__}] ' 156 | f'Line:[{sys.exc_info()[-1].tb_lineno}] [{type(e).__name__}] {e}{Bcolors.Endc}') 157 | --------------------------------------------------------------------------------