-
Notifications
You must be signed in to change notification settings - Fork 2
/
get_assets_yeswehack.php
executable file
·94 lines (80 loc) · 4.28 KB
/
get_assets_yeswehack.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
include('common.php');
include('assets.api.php');
$programs = json_decode(file_get_contents("https://api.yeswehack.com/programs?page=1"));
$fp1 = fopen(__DIR__."/".$GLOBALS["ASSETS_SERVERS_PROJECTS"], "w");
$fp2 = fopen(__DIR__."/".$GLOBALS["ASSETS_SERVERS_HOSTNAMES"], "w");
$fp3 = fopen(__DIR__."/".$GLOBALS["ASSETS_SERVERS_IPS"], "w");
if ($fp1 == false || $fp2 == false || $fp3 == false) {
echo "can't open '".$GLOBALS["ASSETS_SERVERS_HOSTNAMES"];
echo "or '".$GLOBALS["ASSETS_SERVERS_IPS"];
echo "or '".$GLOBALS["ASSETS_SERVERS_PROJECTS"]."'\n";
} else {
if (isset($programs->items)) {
foreach ($programs->items as $program) {
$programContent = json_decode(file_get_contents("https://api.yeswehack.com/programs/".$program->slug));
if (isset($programContent->scopes)) {
foreach ($programContent->scopes as $scope) {
if (strpos($scope->scope_type, "mobile") === false) {
$host = null;
$ip = null;
$guessedHosts = [];
if (strpos($scope->scope, "*") !== false) {
$substar = substr($scope->scope, strpos($scope->scope, "*") + 2);
$cmd = $CONF_SUBLIST3R_BIN." -d $substar -o tmp/output.txt";
$output = shell_exec($cmd);
$guessedHosts = [];
$handle = fopen("./tmp/output.txt", "r");
if ($handle) {
while (($line = fgets($handle)) !== false) {
preg_match("/(.*\\.$substar)/", $line, $match);
if (isset($match[0])) {
array_push($guessedHosts, $match[0]);
}
}
fclose($handle);
} else {
// error opening the file.
}
var_dump($output);
var_dump($match);
} else {
array_push($guessedHosts, $scope->scope);
}
foreach ($guessedHosts as $guessedHost) {
if (filter_var($guessedHost, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
$host = $guessedHost;
$ip = gethostbyname($guessedHost);
} elseif (filter_var($guessedHost, FILTER_VALIDATE_URL)) {
$url = parse_url($guessedHost);
if (isset($url["host"])) {
$host = $url["host"];
$ip = gethostbyname($host);
}
} elseif (filter_var($guessedHost, FILTER_VALIDATE_IP)) {
$host = $guessedHost;
$ip = $guessedHost;
}
if (filter_var($ip, FILTER_VALIDATE_IP)
&& filter_var($host, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
if (strpos($host, "github.com") === false
&& strpos($host, "apps.apple.com") === false
&& strpos($host, "play.google.com") === false
&& strpos($host, "itunes.apple.com") === false) {
fwrite($fp1, $program->slug."\n");
fwrite($fp2, $host."\n");
fwrite($fp3, $ip."\n");
}
} else {
echo "can't find host or ip for scope: ".$guessedHost." (host=$host, ip=$ip) \n";
}
}
}
}
}
}
}
fclose($fp1);
fclose($fp2);
fclose($fp3);
}