Module: PWN::Plugins::HackerOne

Defined in:
lib/pwn/plugins/hacker_one.rb

Overview

This plugin is used for interacting w/ HackerOne’s REST API using the ‘rest’ browser type of PWN::Plugins::TransparentBrowser.

Constant Summary collapse

@@logger = 
PWN::Plugins::PWNLogger.create

Class Method Summary collapse

Class Method Details

.authorsObject

Author(s)

0day Inc. <[email protected]>



128
129
130
131
132
 
# File 'lib/pwn/plugins/hacker_one.rb', line 128

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <[email protected]>
  "
end

.helpObject

Display Usage for this Module



136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'lib/pwn/plugins/hacker_one.rb', line 136

public_class_method def self.help
  puts "USAGE:
    h1_obj = #{self}.login(
      username: 'required username',
      token: 'optional api token (will prompt if nil)'
    )

    h1_obj = #{self}.logout(
      h1_obj: 'required h1_obj returned from #login method'
    )

    #{self}.authors
  "
end

.login(opts = {}) ⇒ Object

Supported Method Parameters

h1_obj = PWN::Plugins::HackerOne.login(

username: 'required - username',
token: 'optional - api token (will prompt if nil)'

)



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/pwn/plugins/hacker_one.rb', line 19

public_class_method def self.(opts = {})
  username = opts[:username].to_s.scrub
  base_h1_api_uri = 'https://api.hackerone.com/v1/'.to_s.scrub

  token = if opts[:token].nil?
            PWN::Plugins::AuthenticationHelper.mask_password
          else
            opts[:token].to_s.scrub
          end

  auth_payload = {}
  auth_payload[:username] = username
  auth_payload[:token] = token

  base64_str = "#{username}:#{token}"
  base64_encoded_auth = Base64.strict_encode64(base64_str).to_s.chomp
  basic_auth_header = "Basic #{base64_encoded_auth}"

  @@logger.info("Logging into HackerOne REST API: #{base_h1_api_uri}")
  rest_client = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
  response = rest_client.execute(
    method: :get,
    url: base_h1_api_uri,
    headers: {
      authorization: basic_auth_header,
      content_type: 'application/json; charset=UTF-8'
    }
  )

  # Return array containing the post-authenticated HackerOne REST API token
  json_response = JSON.parse(response, symbolize_names: true)
  h1_success = json_response['success']
  api_token = json_response['token']
  h1_obj = {}
  h1_obj[:h1_success] = h1_success
  h1_obj[:api_token] = api_token
  h1_obj[:raw_response] = response

  h1_obj
rescue StandardError => e
  raise e
end

.logout(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::HackerOne.logout(

h1_obj: 'required h1_obj returned from #login method'

)



118
119
120
121
122
123
124
 
# File 'lib/pwn/plugins/hacker_one.rb', line 118

public_class_method def self.logout(opts = {})
  h1_obj = opts[:h1_obj]
  @@logger.info('Logging out...')
  h1_obj = nil
rescue StandardError => e
  raise e
end