Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Porting disclose.io programs list to chaos #27

Open
ehsandeep opened this issue Jun 12, 2020 · 7 comments
Open

Porting disclose.io programs list to chaos #27

ehsandeep opened this issue Jun 12, 2020 · 7 comments
Labels
defcon31 good first issue Good for newcomers

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Jun 12, 2020
edited

URL:- https://raw.githubusercontent.com/disclose/diodb/master/program-list.json
@ehsandeep ehsandeep added enhancement New feature or request help wanted Extra attention is needed labels Jun 12, 2020
@rishabhmishra25
Copy link
Contributor

Is this still open or already implemented?

@ehsandeep
Copy link
Member Author

@rishabhmishra25, As the above list missing domain details, this can not be automated, so it will take some time to do it manually.

@rishabhmishra25
Copy link
Contributor

We can have a script that pulls the domains and emails and at least separate them to ease the work. @bauthard! If you can update me on the progress of how much of it has been done, I can try to write a script over the weekend maybe for the same.

@ehsandeep
Copy link
Member Author

Hi @rishabhmishra25,

Thank you, we are not actively working on this list, but the fact public programs are common so, so we can say, a good number of programs are already included in chaos list, but so many left to add, but that's not the point of worry as we have a script which dedup the chaos-bugbounty-list.json list based on name field.

The only information we need here is the domain name of the given bug bounty program, if you can automate that, we can import all, dedup them and merge them in final list.

@ehsandeep
Copy link
Member Author

ehsandeep commented Sep 9, 2020
edited

From the above list, here is a one-liner to fetch the required info, and domains is something we need to add on top of this.

curl -s https://raw.githubusercontent.com/disclose/diodb/master/program-list.json | jq 'map({program_name, policy_url,bug_bounty})'

@rishabhmishra25
Copy link
Contributor

@bauthard I'll try extracting domains via WebScrapping via each domain over the weekend for sure!

@ehsandeep ehsandeep added good first issue Good for newcomers defcon31 and removed enhancement New feature or request help wanted Extra attention is needed labels Jun 24, 2023
@hhthacker
Copy link

hhthacker commented Aug 10, 2023
edited

Hey! I'm looking at this issue and would like to contribute! Wanted to reiterate my understanding, as I'm new to this :)

  1. Looks like the goal is to add programs from the URL to the public-bugbounty-programs chaos-bugbounty-list.json
  • The first entry in the programs-list links to a 404 for the policy_url and contact_url, so skip ones that do not have a current policy_url. Is there other criteria to skip programs? Looks like it is okay if there is no bounty or swag associated with the program.
  1. Domains associated with these added programs need to be found and added to the public-bugbountry-programs json
  • Does this include subdomains? If so, is using PD's subfinder the best way to do this?
  • Is this information to be found within the program policy?
  • Is there a recommended tool or method for finding domains? Is Who.is a reliable tool for this?

Are there additional details that I've overlooked, or has someone else started on this? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defcon31 good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ehsandeep @hhthacker @rishabhmishra25