June 25, 2020

230 words 2 mins read

xyele/hackerone_wordlist

xyele/hackerone_wordlist

The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform

repo name xyele/hackerone_wordlist
repo link https://github.com/xyele/hackerone_wordlist
homepage
language Python
size (curr.) 60 kB
stars (curr.) 158
created 2020-05-29
license GNU General Public License v3.0

Match Cases

Here is the match cases how it extracts all these data.

URLs

I’ve used urlextract library for extracting URLs based on TLDs. Eventhough it works awesome, there might be false matches rarely.

Raw HTTP Requests

It extracts the raw http requests which is in three backticks (```). Her are the example:

Hey team! I've found an SQL Injection issue with your website.

## Request
```
POST /xyele/hackerone_wordlist HTTP/1.1
Host: github.com

star_repo=true'
```

So it extracts the request and parsing it.

POST /xyele/hackerone_wordlist HTTP/1.1
Host: github.com

star_repo=true'

Parameter names

Besides the getting parameters from requests and URLs, it gets parameter names with regex again. Here are the examples:

LFI throught the filename parameter                 --> filename
SQL Injection on blabla domain via userid parameter --> userid
<?php echo $_GET['makesense']; ?>                   --> makesense

To Do

  • Develop own URL extracting library
  • Extract json and parse parameters from markdown code block.
  • Extract json and parse parameters from raw http response.

Known Issues

  • It downloads reports each by each but nothing to do for getting it faster because HackerOne has rate-limit.

Support Me

Reach out to me at one of the following places!

comments powered by Disqus