Thanks to visit codestin.com
Credit goes to github.com

Skip to content

eliuha/h1-python

BranchesTags
 
 

Repository files navigation

h1

A HackerOne API client for Python. The API closely maps to the REST API that HackerOne provides. Documentation for their API is available here.

License

MIT

Installation

For installation via pip:

pip install h1

For development, In the project root run:

virtualenv env
source env/bin/activate
make bootstrap

The manual approach should work as well:

python setup.py install

for requirements.txt use:

requests
git+https://github.com/eliuha/h1-python@master#egg=h1-python

Examples

Initializing the Client

from h1.client import HackerOneClient
from h1.models import Report
c = HackerOneClient("YOUR-API-TOKEN-IDENTIFIER", "YOUR-API-TOKEN")

Getting all reports created in the last day

HackerOneClient.find_resources() allows you to specify a resource to find (only Report is supported for now) and some criteria to filter on. The only required filter is program, which must be set to the target HackerOne program's name. Any additional filters may be passed as kwargs, and everything in HackerOne's filter documentation should be supported.

For example, here's how we'd get all reports created in the past 24 hours:

import datetime as dt
day_ago = dt.datetime.now() - dt.timedelta(days=1)
listing = c.find_resources(Report, program=["test-program"], created_at__gt=day_ago)
len(listing)
# 3
listing[0].title
# u'This is a test report!'

Getting all resolved reports in a program

Similarly, if we filter on state we can get all the resolved reports:

resolved_listing = c.find_resources(Report, program=["test-program"], state=["resolved"])
resolved_listing[0].title

Getting a specific report by ID

HackerOneClient.get_resource() allows you to pass a resource type (again, currently just Report,) and an ID to fetch:

report = c.get_resource(Report, 110306)
report.title
# u'Test RCE SQLi'
report.state
# u'not-applicable'

Tallying report counts by user

Here's an example of using the client to figure out who your most prolific reporters are:

from collections import Counter
reporter_count = Counter()
all_reports = c.find_resources(Report, program=["test-program"])
for report in all_reports:
     reporter_count[report.reporter] += 1

print(reporter_count)
Counter({<User - bestreporter>: 21, <User - another_reporter>: 12, <User - r3p0rt3r>: 2, <User - newbie>: 1})

Create a csv

from h1.client import HackerOneClient
from h1.models import Report
from key import h1_token_identifier, h1_api_token

import datetime as dt


week_ago = dt.datetime.now() - dt.timedelta(days=600)
day_ago = dt.datetime.now() - dt.timedelta(days=1)

c = HackerOneClient(h1_token_identifier, h1_api_token)
c.s.verify = False # disable SSL checks if you have annoying proxy

listing = c.find_resources(Report, program=["program_name"], created_at__gt=week_ago, created_at__lt=day_ago)
print(len(listing))



with open("report.csv",'w') as f:
    for item in listing:
        id = item.id
        title = item.title
        weakness = "Undetermined"
        time_to_first_response = item.time_to_first_response.seconds / 3600
        time_to_closed = 'NaN'
        if item.time_to_closed:
            time_to_closed = item.time_to_closed.seconds / 3600
        link = item.html_url

        if item.weakness:
            weakness = item.weakness.name

        line = f"{id},{weakness},{title},{time_to_first_response},{time_to_closed},{link}\n"
        f.write(line)

Running Tests

virtualenv env
source env/bin/activate
make bootstrap
make test

About

A HackerOne API client for Python

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.1%
  • Makefile 4.9%