V2

.github/workflows/test-daily.yml

@@ -0,0 +1,20 @@
+name: Test Daily
+
+on:
+  schedule:
+    - cron: "0 8 * * *"
+
+jobs:
+  test:
+    uses: ./.github/workflows/test.yml
+
+  create_issue_if_failure:
+    if: failure()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create an issue for test failure
+        uses: peter-evans/create-issue-from-file@v4
+        with:
+          title: "Test failure detected"
+          content-filepath: test_output.log
+          labels: bug

.github/workflows/test.yml

@@ -0,0 +1,29 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.23"
+
+      - name: Install Dependencies
+        run: go mod download
+
+      - name: Run Tests
+        run: |
+          go list ./... | xargs -I {} sh -c 'go test -v {} || [ $? -eq 5 ]'

.gitignore

@@ -0,0 +1,3 @@
+.*
+!.gitignore
+!.github

CONTRIBUTING.md

@@ -0,0 +1,11 @@
+# Contributing Guidelines
+
+Thank you for considering contributing to this project.
+
+## How to Contribute
+
+1. **Fork the Repository**: Fork the repository to your GitHub account.
+3. **Make Changes**: Implement your changes in the codebase.
+4. **Commit Changes**: Commit your changes with a clear and concise commit message.
+5. **Push to GitHub**: Push your changes to your forked repository.
+6. **Create a Pull Request**: Go to the original repository on GitHub and create a pull request from your branch.

Dockerfile

@@ -0,0 +1,8 @@
+FROM golang:1.23-alpine as builder
+
+RUN mkdir /app
+ADD . /app
+WORKDIR /app
+RUN go build -o rescope ./cmd/...
+RUN chmod +x ./rescope
+ENTRYPOINT ["/app/rescope"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Daniel Antonsen (@root4loot)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,148 @@
+<img src="logo.png" alt="Logo" width="900"/>
+
+[![Test](https://github.com/root4loot/rescope/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/root4loot/rescope/actions/workflows/test.yml)
+![Twitter Follow](https://img.shields.io/twitter/follow/danielantonsen.svg?style=dark)
+
+
+Use this tool to fetch public/private scopes from bugbounty programs and output them in various formats. 
+
+## Supported platforms
+
+- [HackerOne](https://hackerone.com)
+- [Bugcrowd](https://bugcrowd.com)
+- [Intigriti](https://www.intigriti.com)
+- [YesWeHack](https://yeswehack.com)
+- [HackenProof](https://hackenproof.com)
+
+## Installation
+
+Requires Go 1.23 or later.
+
+```bash
+go install github.com/root4loot/rescope2/cmd/rescope@latest
+```
+
+## Docker
+
+```bash
+docker build -t rescope .
+docker run --rm -it rescope [options] [<BugBountyURL>...]
+```
+
+## Usage
+
+```
+Usage:
+  rescope [options] [<BugBountyURL>...] [-iL <file>] [-eL <file>]
+
+INPUT:
+  -iL, --include-list         file containing list of URLs or custom in-scope definitions (newline separated)
+  -eL, --exclude-list         file containing list of URLs or custom out-of-scope definitions (newline separated)
+
+OUTPUT:
+  -oF, --output-file          output to given file (default: stdout)
+
+OUTPUT FORMAT:
+  -oT, --output-text          output simple text (default)
+  -oB, --output-burp          output Burp Suite Scope (JSON)
+  -oZ, --output-zap           output ZAP Scope (XML)
+  -oJ, --output-json          output JSON
+  -oJL, --output-json-lines   output JSON lines
+
+OUTPUT FILTER:
+  --filter-expand-ip-ranges   output individual IPs instead of IP ranges / CIDRs
+
+AUTHORIZATION:
+  --auth-bugcrowd             bugcrowd secret    (_bugcrowd_session=cookie.value) [Optional]
+  --auth-hackenproof          hackenproof secret (_hackenproof_session=cookie.value) [Optional]
+  --auth-hackerone            hackerone secret   (Authorization bearer token) [Optional]
+  --auth-yeswehack            yeswehack secret   (Authorization bearer token) [Optional]
+  --auth-intigriti            intigriti secret   (see https://app.intigriti.com/researcher/personal-access-tokens) [Optional]
+
+GENERAL:
+  -c, --concurrency           maximum number of concurrent requests (default: 5)
+      --debug                 enable debug mode
+      --version               display version
+```
+
+### Examples
+
+#### Basic Usage
+
+```bash
+rescope https://hackerone.com/security https://bugcrowd.com/tesla
+```
+
+```bash
+rescope --output-file burp_scope.json --output-burp https://hackerone.com/security https://bugcrowd.com/tesla
+```
+
+#### Custom includes / excludes
+
+Note that `--include-list` file may also contain bug bounty URLs.
+
+```bash
+rescope -iL include.txt -eL exclude.txt
+```
+
+#### Piping to rescope
+
+You may also pipe a list of bug bounty URLs directly to rescope:
+
+```bash
+cat urls.txt | rescope
+```
+
+## As a library
+
+```go
+package main
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/root4loot/rescope2/pkg/rescope"
+)
+
+func main() {
+	opts := rescope.DefaultOptions()
+
+	opts.AuthHackerOne = "your_hackerone_token" // Optional
+	opts.AuthIntigriti = "your_intigriti_token" // Optional
+
+	bugBountyURLs := []string{
+		"https://hackerone.com/security",
+		"https://bugcrowd.com/tesla",
+	}
+
+	for _, url := range bugBountyURLs {
+		result, err := rescope.Run(url, opts)
+		if err != nil {
+			log.Printf("Failed to run rescope for URL %s: %v", url, err)
+			continue
+		}
+
+		fmt.Printf("Results for %s:\n", url)
+		fmt.Printf("In-Scope: %v\n", result.InScope)
+		fmt.Printf("Out-Scope: %v\n", result.OutScope)
+	}
+}
+```
+
+## Importing to Burp Suite and OWASP ZAP
+
+### Burp Suite
+
+1. Select Settings -> Project -> Scope
+2. Click the ⚙︎ icon below the "Target Scope" title and choose "Load settings"
+3. Select Burp JSON file exported from rescope
+
+### OWASP ZAP
+
+1. Select File -> Import Context
+2. Select the ZAP XML file exported from rescope
+
+## Contributing
+
+Contributions are welcome. To contribute, fork the repository, create a new branch, make your changes, and send a pull request.