Module: PWN::Plugins::HackerOne

Defined in:

lib/pwn/plugins/hacker_one.rb

Overview

This plugin is used for interacting w/ HackerOne’s REST API using the ‘rest’ browser type of PWN::Plugins::TransparentBrowser.

Constant Summary

@@logger =

PWN::Plugins::PWNLogger.create

Class Method Summary

• .authors ⇒ Object

  Author(s)

  0day Inc.

• .help ⇒ Object

  Display Usage for this Module.

• .login(opts = {}) ⇒ Object

  Supported Method Parameters

  h1_obj = PWN::Plugins::HackerOne.login( username: ‘required - username’, token: ‘optional - api token (will prompt if nil)’ ).

• .logout(opts = {}) ⇒ Object

  Supported Method Parameters

  PWN::Plugins::HackerOne.logout( h1_obj: ‘required h1_obj returned from #login method’ ).

Class Method Details

.authors ⇒ Object

Author(s)

0day Inc. <support@0dayinc.com>

# File 'lib/pwn/plugins/hacker_one.rb', line 130

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <support@0dayinc.com>
  "
end

.help ⇒ Object

Display Usage for this Module

# File 'lib/pwn/plugins/hacker_one.rb', line 138

public_class_method def self.help
  puts "USAGE:
    h1_obj = #{self}.login(
      username: 'required username',
      token: 'optional api token (will prompt if nil)'
    )

    h1_obj = #{self}.logout(
      h1_obj: 'required h1_obj returned from #login method'
    )

    #{self}.authors
  "
end

.login(opts = {}) ⇒ Object

Supported Method Parameters

h1_obj = PWN::Plugins::HackerOne.login(

username: 'required - username',
token: 'optional - api token (will prompt if nil)'

)

# File 'lib/pwn/plugins/hacker_one.rb', line 19

public_class_method def self.login(opts = {})
  username = opts[:username].to_s.scrub
  base_h1_api_uri = 'https://api.hackerone.com/v1/'.to_s.scrub

  token = if opts[:token].nil?
            PWN::Plugins::AuthenticationHelper.mask_password
          else
            opts[:token].to_s.scrub
          end

  auth_payload = {}
  auth_payload[:username] = username
  auth_payload[:token] = token

  base64_str = "#{username}:#{token}"
  base64_encoded_auth = Base64.strict_encode64(base64_str).to_s.chomp
  basic_auth_header = "Basic #{base64_encoded_auth}"

  @@logger.info("Logging into HackerOne REST API: #{base_h1_api_uri}")
  browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
  rest_client = browser_obj[:browser]::Request
  response = rest_client.execute(
    method: :get,
    url: base_h1_api_uri,
    headers: {
      authorization: basic_auth_header,
      content_type: 'application/json; charset=UTF-8'
    }
  )

  # Return array containing the post-authenticated HackerOne REST API token
  json_response = JSON.parse(response, symbolize_names: true)
  h1_success = json_response['success']
  api_token = json_response['token']
  h1_obj = {}
  h1_obj[:h1_success] = h1_success
  h1_obj[:api_token] = api_token
  h1_obj[:raw_response] = response

  h1_obj
rescue StandardError => e
  raise e
end

.logout(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::HackerOne.logout(

h1_obj: 'required h1_obj returned from #login method'

)

# File 'lib/pwn/plugins/hacker_one.rb', line 120

public_class_method def self.logout(opts = {})
  h1_obj = opts[:h1_obj]
  @@logger.info('Logging out...')
  h1_obj = nil
rescue StandardError => e
  raise e
end