Skip to content

Instantly share code, notes, and snippets.

@ajxchapman
Last active Sep 27, 2021
Embed
What would you like to do?
import re
import requests
import sys
TOKEN="*x-csrf-token Header*"
COOKIE="*__Host-session Cookie*"
USERNAME="*HackerOne Username*"
bugs = []
pages = 1
page = 1
while page <= pages:
sys.stderr.write(f"Fetching bugs page {page}...\n")
r = requests.post("https://hackerone.com/bugs.json",
params={
"subject": "user",
"start_date": "2011-01-01",
"end_date": "2021-12-31",
"page": page
},
headers={
"x-csrf-token": TOKEN
},
cookies={
"__Host-session": COOKIE
}
)
try:
if "pages" in r.json():
pages = r.json()["pages"]
except Exception as e:
sys.stderr.write(f"{r.status_code} - {r.body[:100]}\n")
for bug in r.json().get("bugs", []):
bugs.append(bug["id"])
page += 1
sys.stderr.write(f"Found {len(bugs)} reports. Processing...\n")
for i, bug in enumerate(bugs):
sys.stderr.write(f"Fetching bug {i + 1}/{len(bugs)} - {bug}...\n")
r = requests.get(f"https://hackerone.com/reports/{bug}.json",
headers={
"x-csrf-token": TOKEN
},
cookies={
"__Host-session": COOKIE
}
)
bug = r.json()
try:
platform = "HackerOne"
program = bug["team"]["profile"]["name"]
program_type = "Public" if bug["team"].get("state") == "public_mode" else ("LHE" if re.search(r'[Hh]1-[0-9]+', bug["team"]["handle"] + bug["team"]["profile"]["name"]) else "Private")
report = str(bug["id"])
report_type = "Reporter" if bug.get("reporter", {}).get("username") == USERNAME else "Collaborator"
colaboration = bug.get("reporter", {}).get("username") != USERNAME
disclosed = bug["disclosed_at"] != None
submitted_date = bug["created_at"].replace("T", " ").split(".")[0]
triage_date = None
h1_triage = False
bounty_date = None
fixed_date = None
bounty = 0.0
bonus = 0.0
duplicate = bug["substate"] == "duplicate"
valid = bug["substate"] not in ["informative", "not-applicable", "spam"]
severity = bug.get("severity", {}).get("score") or {"none": 0.0, "low": 0.1, "medium": 4.0, "high": 7.0, "critical": 9.0}[bug.get("severity", {"rating" : "none"})["rating"]]
weakness = bug.get("weakness", {}).get("name") or "N/A"
asset = (bug.get("structured_scope") or {}).get("asset_identifier") or "N/A"
asset_type = (bug.get("structured_scope") or {}).get("asset_type") or "N/A"
for activity in bug["activities"]:
if activity["type"] == "Activities::BountyAwarded":
if activity.get("collaborator", {}).get("username") == USERNAME:
# Record the bounty date as the date of the first awarded bounty to the user
if bounty_date is None:
bounty_date = activity["created_at"].replace("T", " ").split(".")[0]
bounty += float(activity["bounty_amount"])
bonus += float(activity["bonus_amount"])
else:
colaboration = True
elif activity["type"] == "Activities::BugResolved":
fixed_date = activity["created_at"].replace("T", " ").split(".")[0]
elif activity["type"] == "Activities::BugTriaged":
triage_date = activity["created_at"].replace("T", " ").split(".")[0]
if activity["actor"].get("hackerone_triager") or activity["actor"].get("hackerone_employee"):
h1_triage = True
except Exception as e:
print(bug)
raise e
# Only list reports which the user reported or was awarded a bounty or a bonus as a collaborator
if report_type == "Reporter" or (bounty + bonus) > 0.0:
cols = [platform, program, program_type, report, report_type, colaboration, h1_triage, disclosed, submitted_date, triage_date, bounty_date, fixed_date, bounty, bonus, duplicate, valid, severity, weakness, asset, asset_type]
print(", ".join({int: str, float: str, bool: str, None.__class__: "".format}.get(type(x), lambda y: f"\"{y}\"")(x) for x in cols))
@imran-parray
Copy link

imran-parray commented Mar 29, 2021

This isn't working, After looping through the reports it just exists without printing the statistics.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment