wip

lib/bounty-targets/hackenproof.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'nokogiri'
 require 'ssrf_filter'
 require 'uri'
 

lib/bounty-targets/intigriti.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'nokogiri'
 require 'json'
 require 'ssrf_filter'
 require 'uri'
@@ -21,10 +22,7 @@ class Intigriti
     def scan
       return @scan_results if instance_variable_defined?(:@scan_results)
 
-      @scan_results = directory_index.select do |program|
-        program[:confidentiality_level] == 'public' && program[:status] == 'open' && program[:tacRequired] != true &&
-          program[:twoFactorRequired] != true
-      end.map do |program|
+      @scan_results = directory_index.map do |program|
         program.merge(program_scopes(program))
       end.sort_by do |program|
         program[:name]
@@ -49,32 +47,25 @@ def encode(component)
     end
 
     def directory_index
-      page = SsrfFilter.get(::URI.parse('https://www.intigriti.com/programs')).body
-      tag = page.match(%r{/_next/static/([^/]+)/_buildManifest.js})[1]
-      programs = ::JSON.parse(SsrfFilter.get(::URI.parse("https://www.intigriti.com/_next/data/#{tag}/en/programs.json")).body)
-      programs['pageProps']['programs'].map do |program|
+      page = ::Nokogiri::HTML(::SsrfFilter.get(::URI.parse('https://www.intigriti.com/programs')).body)
+      page.css('section.bg-neutral-100 div.bg-white a').map do |node|
+        href = node.attr('href')
+        _, company_handle, handle = *href.match(%r{programs/([^/]+)/([^/]+)$})
         {
-          id: program['programId'],
-          name: program['name'],
-          company_handle: program['companyHandle'],
-          handle: program['handle'],
-          url: 'https://www.intigriti.com/programs/' + encode(program['companyHandle']) + '/' +
-            encode(program['handle']) + '/detail',
-          status: STATUSES[program['status']],
-          confidentiality_level: CONFIDENTIALITY_LEVELS[program['confidentialityLevel']],
-          tacRequired: program['tacRequired'],
-          twoFactorRequired: program['twoFactorRequired'],
-          min_bounty: program['minBounty'],
-          max_bounty: program['maxBounty']
+          company_handle: company_handle,
+          handle: handle,
+          url: href
         }
       end
     end
 
     def program_scopes(program)
       url = "https://app.intigriti.com/api/core/public/programs/#{encode(program[:company_handle])}/#{encode(program[:handle])}"
-      targets = (JSON.parse(SsrfFilter.get(url).body)['domains'].max_by do |domains|
+      json = JSON.parse(SsrfFilter.get(url).body)
+
+      targets = json['domains'].max_by do |domains|
         domains['createdAt']
-      end)['content'].map do |content|
+      end['content'].map do |content|
         {
           type: TYPES[content['type']],
           endpoint: content['endpoint'],
@@ -85,7 +76,27 @@ def program_scopes(program)
         scope[:impact] != 'Out of scope'
       end
 
+      bounty_cells = json['bountyTables'].max_by do |domains|
+        domains['createdAt']
+      end['content']['bountyRows'].flat_map do |row|
+        row['bountyRanges']
+      end
+      min_bounty = bounty_cells.min_by do |cell|
+        cell['minBounty']['value']
+      end
+      max_bounty = bounty_cells.max_by do |cell|
+        cell['maxBounty']['value']
+      end
+
       {
+        id: json['programId'],
+        name: json['name'],
+        status: STATUSES[json['status']],
+        confidentiality_level: CONFIDENTIALITY_LEVELS[json['confidentialityLevel']],
+        tacRequired: false,
+        twoFactorRequired: false,
+        min_bounty: min_bounty,
+        max_bounty: max_bounty,
         targets: {
           in_scope: targets[true] || [],
           out_of_scope: targets[false] || []