Awesome
<img src="logo.png" alt="Logo" width="900"/>Use this tool to fetch public/private scopes from bugbounty programs and output them in various formats.
Supported platforms
Installation
Requires Go 1.23 or later.
go install github.com/root4loot/rescope2/cmd/rescope@latest
Docker
docker build -t rescope .
docker run --rm -it rescope [options] [<BugBountyURL>...]
Usage
Usage:
rescope [options] [<BugBountyURL>...] [-iL <file>] [-eL <file>]
INPUT:
-iL, --include-list file containing list of URLs or custom in-scope definitions (newline separated)
-eL, --exclude-list file containing list of URLs or custom out-of-scope definitions (newline separated)
OUTPUT:
-oF, --output-file output to given file (default: stdout)
OUTPUT FORMAT:
-oT, --output-text output simple text (default)
-oB, --output-burp output Burp Suite Scope (JSON)
-oZ, --output-zap output ZAP Scope (XML)
-oJ, --output-json output JSON
-oJL, --output-json-lines output JSON lines
OUTPUT FILTER:
--filter-expand-ip-ranges output individual IPs instead of IP ranges / CIDRs
AUTHORIZATION:
--auth-bugcrowd bugcrowd secret (_bugcrowd_session=cookie.value) [Optional]
--auth-hackenproof hackenproof secret (_hackenproof_session=cookie.value) [Optional]
--auth-hackerone hackerone secret (Authorization bearer token) [Optional]
--auth-yeswehack yeswehack secret (Authorization bearer token) [Optional]
--auth-intigriti intigriti secret (see https://app.intigriti.com/researcher/personal-access-tokens) [Optional]
GENERAL:
-c, --concurrency maximum number of concurrent requests (default: 5)
--debug enable debug mode
--version display version
Examples
Basic Usage
rescope https://hackerone.com/security https://bugcrowd.com/tesla
rescope --output-file burp_scope.json --output-burp https://hackerone.com/security https://bugcrowd.com/tesla
Custom includes / excludes
Note that --include-list
file may also contain bug bounty URLs.
rescope -iL include.txt -eL exclude.txt
Piping to rescope
You may also pipe a list of bug bounty URLs directly to rescope:
cat urls.txt | rescope
As a library
package main
import (
"fmt"
"log"
"github.com/root4loot/rescope2/pkg/rescope"
)
func main() {
opts := rescope.DefaultOptions()
opts.AuthHackerOne = "your_hackerone_token" // Optional
opts.AuthIntigriti = "your_intigriti_token" // Optional
bugBountyURLs := []string{
"https://hackerone.com/security",
"https://bugcrowd.com/tesla",
}
for _, url := range bugBountyURLs {
result, err := rescope.Run(url, opts)
if err != nil {
log.Printf("Failed to run rescope for URL %s: %v", url, err)
continue
}
fmt.Printf("Results for %s:\n", url)
fmt.Printf("In-Scope: %v\n", result.InScope)
fmt.Printf("Out-Scope: %v\n", result.OutScope)
}
}
Importing to Burp Suite and OWASP ZAP
Burp Suite
- Select Settings -> Project -> Scope
- Click the ⚙︎ icon below the "Target Scope" title and choose "Load settings"
- Select Burp JSON file exported from rescope
OWASP ZAP
- Select File -> Import Context
- Select the ZAP XML file exported from rescope
Contributing
Contributions are welcome. To contribute, fork the repository, create a new branch, make your changes, and send a pull request.