{"id":19154380,"url":"https://github.com/baloise/c2sec-openbugbounty-module","last_synced_at":"2025-10-24T12:32:12.222Z","repository":{"id":70608832,"uuid":"138162251","full_name":"baloise/c2sec-openbugbounty-module","owner":"baloise","description":null,"archived":false,"fork":false,"pushed_at":"2019-02-01T14:20:35.000Z","size":65,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-01-03T19:26:43.631Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/baloise.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"docs/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-21T11:36:36.000Z","updated_at":"2018-09-25T05:34:17.000Z","dependencies_parsed_at":"2023-02-27T10:00:15.640Z","dependency_job_id":null,"html_url":"https://github.com/baloise/c2sec-openbugbounty-module","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fc2sec-openbugbounty-module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fc2sec-openbugbounty-module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fc2sec-openbugbounty-module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fc2sec-openbugbounty-module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/baloise","download_url":"https://codeload.github.com/baloise/c2sec-openbugbounty-module/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240238139,"owners_count":19769871,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T08:26:39.124Z","updated_at":"2025-10-24T12:32:07.189Z","avatar_url":"https://github.com/baloise.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Openbugbounty Module\n\n## Overview:\n\nThis PHP-module retrieves, processes and formats data from https://openbugbounty.org/api.\n\n## Description:\n\n### Configuration\n\nThe default configuration file is `./obb.ini`. \nTo change it, you must edit the following line in `functions.php`:\n```\ndefine('CONFIG','./obb.ini');\n```\nThe configuration contains the `incident_index`, which keeps track of wich incidents are already saved in the database.  \nTo setup the database connection, change `db_server`,`db_user`,`db_pass` and `database`.     \n\nobb uses rsyslog to write its logfiles. You can set the facility  with `log_local_facility`-entry in the configuration file.   \n\n### Report\n\nobb generates a short report about all incidents regarding a given domain.  \nThe data for the report is always fetched directly from openbugbounty.  \nThe report includes:  \n\n**host:** Domain  \n**reports:** A list of URLs, linking to the openbbugbounty reports  \n**total:** Number of incidents  \n**fixed:** Number of fixed incidents  \n**time:** Total amount of time (in seconds) the domain had unfixed incidents.   \n**average_time:** Total amount of time devided by number of incidents.   \n**percentage_fixed:** Number of fixed incidents devided by number of incidents   \n**types:** A list of the vulnerabilites in format of: {\"XSS\":4,\"REDIRECT\":2}\n\n\n### Metrics\n\nobb can give you \n* a ranking for a given domain in terms of response time (1=shortest response time,0=longest response time)\n* the average response time for all domains\n* the worst and best performing domains\n\nOnly a domain with no current vulnerabilites can be a candidate for 'best'. \nThe total time-to-fix is summed up for each incident individually. (So if there are 10 incidents on one day it counts as 10 days)    \nThe data for these metrics are coming from the database. In order to use them, you first have to populate your database.\n\n\n### Database\n\nWhen populating the database, the process starts to iterate through all incident ids from openbugbounty.   \nThe starting index found in `obb.ini` as `incident_index`.  \nEach incident is saved. After every 50 incidents the database will be updated.  \nEverytime the database is updated / populated, the still unfixed  incidents will be checked again.  \nIncidents with a wrong fixed date are ignored.\n\n## Dependencies:\n\nWritten / Testet on: PHP 7.2.0  \n(But it should work on PHP 5.x aswell.)  \n\n* MySQL Server\n\nOther dependencies:\n* php-xml\n* php-mysqli\n* php-curl\n\nFor testing:\n* [PHPUnit](https://phpunit.de/index.html)\n\n## Usage:\n\n### Setup\n```\nrequire 'obb.php';\n\n$obb = new Obb\\Obb();\n```\n\n### Report\nGet a report on a particular domain:\n```\n$obb-\u003ereport('example.com');\n```\nResult:\n```\n{\"host\":\"example.com\",\"reports\":[\"https:\\/\\/www.openbugbounty.org\\/reports\\/328896\\/\"],\"total\":1,\"fixed\":0,\"time\":22374879,\"average_time\":0,\"percentage_fixed\":0,\"types\":{\"XSS\":1}}\n```\n\nTo return an associative array instead of JSON use:\n```\n$report = $obb-\u003ereport('example.com',$obj = true);\necho $report['average_time'];\n0\n```\n\nThe report will be saved to the database automatically.\n\n### Database\n\nTo do more than just generating a report, you need to populate a database. To fetch the data from openbugbounty use: \n```\n$obb-\u003efetch_domains();\n```\nTo update the database for unfixed incidents, use:\n```\n$obb-\u003echeck_unfixed_domains();\n```\nTo do both steps in one:\n```\n$obb-\u003efetch_domains(update=true);\n```\n\nTo get all domain information from the database in form of associative arrays, use:\n```\n$all_domains = $obb-\u003eget_all_domains();\necho $all_domains['google.com']['total'];\n13\n```\nWhen running `fetch_domains` initially (with incident_index equals 0) it will take a very long time (but the procedure can be discontinued and later called again, since every 50 incidents are stored safely)  \nFor safety reasons only one request per seconds is send.  \n\nGo get only  all currently stored data use:\n```\n$all_domains = $obb-\u003eget_all_domains($fetch = false)\n```\n\nTo populate the database you can also run `populate_database.php`\n\n### Metrics\n\nAll functions descripted here use only the database as a source. They do not fetch it from openbugbounty.\n\nTo retrieve the total average response time of all domains, use:\n```\necho $obb-\u003eget_avg_time();\n```\nIt returns the following string. The time is measured in seconds.\n```\n{\"total_average_time\":19399344.782198}\n```\n\nTo get a report of the best-performing domain in regards to response time use:\n```\n$best_domain = $obb-\u003eget_best_domain(); \n```\n\nFor the report of the worst-performing domain:\n```\n$worst_domain = $obb-\u003eget_worst_domain();\n```\n\nRank of a given domain:\n```\necho $obb-\u003eget_rank(\"test.com\");\n{\"rank\":0.564}\n```\nThe rank is measured as a number between 0 and 1 (0 = worst, 1 = best).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbaloise%2Fc2sec-openbugbounty-module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbaloise%2Fc2sec-openbugbounty-module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbaloise%2Fc2sec-openbugbounty-module/lists"}