github/Fabric
1
1
Fork 0
mirror of https://github.com/danielmiessler/Fabric.git synced 2026-02-12 23:15:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
4004c51b9e54356ce64015b6d649ac4765cbde08
Fabric/data/patterns/write_hackerone_report
History
Kayvan Sylvan 4004c51b9e refactor: restructure project to align with standard Go layout 
### CHANGES

- Introduce `cmd` directory for all main application binaries.
- Move all Go packages into the `internal` directory.
- Rename the `restapi` package to `server` for clarity.
- Consolidate patterns and strategies into a new `data` directory.
- Group all auxiliary scripts into a new `scripts` directory.
- Move all documentation and images into a `docs` directory.
- Update all Go import paths to reflect the new structure.
- Adjust CI/CD workflows and build commands for new layout.
2025-07-08 22:47:17 -07:00
..
README.md
refactor: restructure project to align with standard Go layout
2025-07-08 22:47:17 -07:00
system.md
refactor: restructure project to align with standard Go layout
2025-07-08 22:47:17 -07:00

README.md

write_hackerone_report Pattern

Description

The write_hackerone_report pattern is designed to assist a bug bounty hunter with writing a bug bounty report for the HackerOne platform. It knows the structure that is normally in place on HackerOne, and is instructed on how to extrapolate from requests, responses, and comments, what the report should be about and how to create steps to reproduce for that vulnerability.

This is version 0.1. Please improve this prompt.

Functionality

  • Reviews the requests provided
  • Reviews the responses provided
  • Reviews the comments provided
  • Generates a report which can be copy-pasted into HackerOne and adjusted for details.

Use cases

  1. This can be helpful for dynamic report generation for automation
  2. This can be helpful when integrated with a Caido or Burp plugin to rapidly generate reports
  3. This can be helpful when generating reports from the command-line

Usage

This pattern is intended to be used with the bbReportFormatter tool which can be found here: https://github.com/rhynorater/bbReportFormatter

This utility automatically helps with the format that this pattern ingests which looks like this:

Request 1:

GET /...

Response 1:

HTTP/1.1 200 found...

Comment 1:

This request is vulnerable to blah blah blah

So, you'll add requests/responses to the report by using cat req | bbReportFormatter. You'll add comments to the report using echo "This request is vulnerable to blah blah blah" | bbReportFormatter.

Then, when you run bbReportFromatter --print-report it will output the above, write_hackerone_report format.

So, in the end, this usage will be bbReportFormatter --print-report | fabric -sp write_hackerone_report.

Meta

  • Author: Justin Gardner (@Rhynorater)
  • Version Information: 0.1
  • Published: Jul 3, 2024
Reference in New Issue View Git Blame Copy Permalink