Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@ozguralp
ozguralp authored Apr 11, 2020
1 parent f1dd405 commit 5c400f8
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@
Custom created scripts for a better/faster experience at Synack Bug Bounty Platform.

***Scripts:***
- Download all in-scope IP's for host targets: `scope_download.py`
- Hydra open ports export: `hydra_export.py`
- Download all in-scope IP's for host targets: `scope_download_normal.py`
- Download all in-scope IP's for host targets (Threaded mode): `scope_download_threaded.py`

***Usages:***
- Do not forgot to change authorization headers for your user and target codename you want to process in the script which is used as hardcoded.
- Do not forgot to supply authorization headers for your user and target codename you want to process correctly while asked from command line.
- Auth headers can be easily gathered from the web browser console with the command: `sessionStorage.getItem('shared-session-com.synack.accessToken');` while logged in.
- Target codenames can also be easily gathered from URL, after clicking the target as: `https://platform.synack.com/targets/<target-codename>/scope`
- For `scope_download.py` script, `max_page_count` should be increased if the target scope is too big. It can also be confirmed with the curl command: `curl -i -s -k -X $'GET' -H $'Host: platform.synack.com' -H $'Authorization: Bearer <auth-token>' $'https://platform.synack.com/api/targets/<target-code>/cidrs?page=<max-page-count>'`. If it returns empty body while connected to the LP, then it can be said that the script covers all scope.
- For `scope_download_threaded.py` script, `max_page_count` should be increased if the target scope is too big. It can also be confirmed with the curl command: `curl -i -s -k -X $'GET' -H $'Host: platform.synack.com' -H $'Authorization: Bearer <auth-token>' $'https://platform.synack.com/api/targets/<target-code>/cidrs?page=<max-page-count>'`. If it returns empty body while connected to the LP, then it can be said that the script covers all scope. No other configuration is needed for non-threaded `scope_download_normal.py` script.

***Credits:***
- Thanks [Rezn0k](https://twitter.com/Rezn0k) for his contributions on Hydra export script!

0 comments on commit 5c400f8

Please sign in to comment.