This repository has been archived by the owner on Apr 25, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 108
/
Copy pathfetch.php
85 lines (76 loc) · 2.32 KB
/
fetch.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
// Created by TomNomNom
<?php
$url = "https://hackerone.com/graphql";
$authtoken = $argv[1]?? die('needs auth token');
$query = <<<QUERY
query Settings {
query{
id,
teams(first: 50 after: "%s") {
pageInfo {
hasNextPage,
hasPreviousPage
},
edges{
cursor,
node{
_id,
handle,
structured_scopes {
edges {
node {
id,
asset_type,
asset_identifier,
eligible_for_submission,
eligible_for_bounty,
max_severity,
archived_at,
instruction
}
}
}
}
}
}
}
}
QUERY;
$gen = function($cursor = "") use($query){
return json_encode([
'query' => sprintf($query, $cursor),
'variables' => (object) []
]);
};
$cursor = "";
do {
$params = [
'http' => [
'method' => 'POST',
'header' => "Content-Type: application/json\r\n".
"Origin: https://hackerone.com\r\n".
"Referer: https://hackerone.com/programs\r\n".
"X-Auth-Token: {$authtoken}",
'content' => $gen($cursor)
]
];
$context = stream_context_create($params);
$fp = fopen($url, 'rb', false, $context);
$result = $fp ? stream_get_contents($fp) : null;
$result = json_decode($result);
if (!$result) die('response error');
$hasNextPage = $result->data->query->teams->pageInfo->hasNextPage;
foreach ($result->data->query->teams->edges as $edge){
$cursor = $edge->cursor;
foreach ($edge->node->structured_scopes->edges as $scope){
$scope = $scope->node;
if (!$scope->eligible_for_submission){
continue;
}
if (strToLower($scope->asset_type) != "url"){
continue;
}
echo $scope->asset_identifier.PHP_EOL;
}
}
} while($hasNextPage);