bminossi/AllVideoPocsFromHackerOne
This script grab public report from hacker one and make some folders with poc videos
repo name | bminossi/AllVideoPocsFromHackerOne |
repo link | https://github.com/bminossi/AllVideoPocsFromHackerOne |
homepage | |
language | Shell |
size (curr.) | 39964 kB |
stars (curr.) | 266 |
created | 2020-12-29 |
license | |
AllPocsFromHackerOne
Contact me on
This script grabs public report from hacker one and download all JSON files to be grepable
The main goal is make easy categorize vulns by technique
Would you have a suggestion?
Please open it on issues tab =)
I would love hear from you.
All Categorized Vulns
Allocation of Resources Without Limits or Throttling
Authentication Bypass Using an Alternate Path or Channel
Cleartext Storage of Sensitive Information
Cleartext Transmission of Sensitive Information
Client-Side Enforcement of Server-Side Security
Cross-Site Request Forgery (CSRF)
Cross-site Scripting (XSS) - DOM
Cross-site Scripting (XSS) - Generic
Cross-site Scripting (XSS) - Reflected
Cross-site Scripting (XSS) - Stored
Cryptographic Issues - Generic
Deserialization of Untrusted Data
Execution with Unnecessary Privileges
Exposed Dangerous Method or Function
Externally Controlled Reference to a Resource in Another Sphere
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
File and Directory Information Exposure
Improper Access Control - Generic
Improper Authentication - Generic
Improper Certificate Validation
Improper Check or Handling of Exceptional Conditions
Improper Export of Android Application Components
Improper Handling of Insufficient Permissions or Privileges
Improper Handling of URL Encoding (Hex Encoding)
Improper Neutralization of Escape, Meta, or Control Sequences
Improper Neutralization of HTTP Headers for Scripting Syntax
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Inadequate Encryption Strength
Incorrect Calculation of Buffer Size
Information Exposure Through an Error Message
Information Exposure Through Debug Information
Information Exposure Through Directory Listing
Information Exposure Through Sent Data
Insecure Direct Object Reference (IDOR)
Insecure Storage of Sensitive Information
Insufficiently Protected Credentials
Insufficient Session Expiration
Key Exchange without Entity Authentication
Missing Authentication for Critical Function
Missing Encryption of Sensitive Data
Missing Required Cryptographic Step
Modification of Assumed-Immutable Data (MAID)
Password in Configuration File
Plaintext Storage of a Password
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Reliance on Reverse DNS Resolution for a Security-Critical Action
Reliance on Untrusted Inputs in a Security Decision
Reusing a Nonce, Key Pair in Encryption
Server-Side Request Forgery (SSRF)
Time-of-check Time-of-use (TOCTOU) Race Condition
Unprotected Transport of Credentials
Unrestricted Upload of File with Dangerous Type
Use of a Broken or Risky Cryptographic Algorithm
Use of a Key Past its Expiration Date
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of Externally-Controlled Format String
Use of Hard-coded Cryptographic Key
Use of Inherently Dangerous Function
User Interface (UI) Misrepresentation of Critical Information
Violation of Secure Design Principles
Weak Cryptography for Passwords
Weak Password Recovery Mechanism for Forgotten Password
Requirements
Gron
go get -u github.com/tomnomnom/gron
JQ
apt install jq
Tree
Weakness
All weakness categorized
jsonReports
All json files from disclosed reports from hackerone. Already downloaded.
reportLinksHackerOne file
All ids from hackerOne disclosed reports
Utils Folder
searchIntoJson.sh (gron required)
Script helping you finding keys and values into JSON
buildRepo.sh
Do your own jsonReports folder, downloading all disclosed reports from hackerone