Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

root4loot/rescope

Repository files navigation

Logo

Use this tool to fetch public/private scopes from bug bounty programs and output them in various formats.

Twitter Follow

Installation

Requires Go 1.21 or later.

go install github.com/root4loot/rescope/cmd/rescope@latest

Docker

git clone https://github.com/root4loot/rescope.git
cd rescope
docker run --rm -it $(docker build -q .) [options] [<BugBountyURL>...]

Usage

Usage:
 rescope [options] [<BugBountyURL>...] [-iL <file>] [-eL <file>]
INPUT:
 -iL, --include-list file containing list of URLs or custom in-scope definitions (newline separated)
 -eL, --exclude-list file containing list of URLs or custom out-of-scope definitions (newline separated)
OUTPUT:
 -oF, --output-file output to given file (default: stdout)
OUTPUT FORMAT:
 -oT, --output-text output simple text (default)
 -oB, --output-burp output Burp Suite Scope (JSON)
 -oZ, --output-zap output ZAP Scope (XML)
 -oJ, --output-json output JSON
 -oJL, --output-json-lines output JSON lines
OUTPUT FILTER:
 --filter-expand-ip-ranges output individual IPs instead of IP ranges / CIDRs
AUTHORIZATION:
 --auth-bugcrowd bugcrowd secret (_bugcrowd_session=cookie.value) [Optional]
 --auth-hackerone hackerone secret (Authorization bearer token) [Optional]
 --auth-yeswehack yeswehack secret (Authorization bearer token) [Optional]
 --auth-intigriti intigriti secret (see https://app.intigriti.com/researcher/personal-access-tokens) [Optional]
GENERAL:
 -c, --concurrency maximum number of concurrent requests (default: 5)
 --proxy proxy to use for requests (e.g. 127.0.0.1:8080)
 --debug enable debug mode
 --version display version

Example Usage

rescope https://hackerone.com/security https://bugcrowd.com/tesla
rescope --output-burp --output-file burp_scope.json https://hackerone.com/security https://bugcrowd.com/tesla

Custom Include and Exclude Lists

The --include-list (-iL) and --exclude-list (-eL) options allow you to define custom scope rules that may include wildcard domains, IP ranges, and specific ports.

Example include.txt:

*.example.com
api.example.com
192.168.1.0/24
10.0.0.1
10.0.0.1:8080

Example exclude.txt:

test.example.com
192.168.1.100

You can use these lists to specify which targets should be included or excluded in your scope definitions.

rescope -iL include.txt -eL exclude.txt

You can also pipe a list of bug bounty URLs directly into rescope using standard input:

cat urls.txt | rescope

This will process the URLs in urls.txt using the default configuration or any additional flags provided.

As a library

package main
import (
	"fmt"
	"log"
	"github.com/root4loot/rescope/pkg/rescope"
)
func main() {
	opts := rescope.DefaultOptions()
	opts.AuthHackerOne = "your_hackerone_token" // Optional
	opts.AuthIntigriti = "your_intigriti_token" // Optional
	bugBountyURLs := []string{
		"https://hackerone.com/security",
		"https://bugcrowd.com/tesla",
	}
	for _, url := range bugBountyURLs {
		result, err := rescope.Run(url, opts)
		if err != nil {
			log.Printf("Failed to run rescope for URL %s: %v", url, err)
			continue
		}
		fmt.Printf("Results for %s:\n", url)
		fmt.Printf("In-Scope: %v\n", result.InScope)
		fmt.Printf("Out-Scope: %v\n", result.OutScope)
	}
}

Importing to Burp Suite and OWASP ZAP

Burp Suite

  1. Select Settings -> Project -> Scope
  2. Click the ⚙︎ icon below the "Target Scope" title and choose "Load settings"
  3. Select Burp JSON file exported from rescope

OWASP ZAP

  1. Select File -> Import Context
  2. Select the ZAP XML file exported from rescope

Contributing

Contributions are welcome. To contribute, fork the repository, create a new branch, make your changes, and send a pull request.

AltStyle によって変換されたページ (->オリジナル) /