{"id":13721830,"url":"https://github.com/root4loot/rescope","last_synced_at":"2025-04-07T07:14:41.812Z","repository":{"id":46100792,"uuid":"174223089","full_name":"root4loot/rescope","owner":"root4loot","description":"A scope generation tool for Burp Suite \u0026 ZAP","archived":false,"fork":false,"pushed_at":"2023-10-27T10:45:02.000Z","size":2851,"stargazers_count":308,"open_issues_count":1,"forks_count":61,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-02-15T09:33:52.182Z","etag":null,"topics":["bugbounty","burp","burpsuite","enumeration","go","golang","infosec","pentesting","scope","security","security-tools","websec","zap"],"latest_commit_sha":null,"homepage":"https://root4loot.com/tags/rescope/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/root4loot.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-03-06T21:20:55.000Z","updated_at":"2024-02-02T23:33:46.000Z","dependencies_parsed_at":"2023-01-19T13:46:58.217Z","dependency_job_id":"c6c7b7c7-1d31-4fbf-b248-2e0a5476aa61","html_url":"https://github.com/root4loot/rescope","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/root4loot%2Frescope","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/root4loot%2Frescope/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/root4loot%2Frescope/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/root4loot%2Frescope/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/root4loot","download_url":"https://codeload.github.com/root4loot/rescope/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247608153,"owners_count":20965952,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","burp","burpsuite","enumeration","go","golang","infosec","pentesting","scope","security","security-tools","websec","zap"],"created_at":"2024-08-03T01:01:21.921Z","updated_at":"2025-04-07T07:14:41.664Z","avatar_url":"https://github.com/root4loot.png","language":"Go","readme":"\n![](assets/logo.png)\n![GitHub release](https://img.shields.io/github/release-pre/root4loot/rescope.svg)\n![GitHub](https://img.shields.io/github/license/root4loot/rescope.svg)\n[![Go Report Card](https://goreportcard.com/badge/github.com/root4loot/rescope)](https://goreportcard.com/report/github.com/root4loot/rescope)\n[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/root4loot/rescope/issues)\n![Twitter Follow](https://img.shields.io/twitter/follow/danielantonsen.svg?style=social)\n\nRescope is a cli-tool (written in Go) that aims to make life easier when defining scopes in Burp Suite and OWASP ZAP.\n\n\n## How it works\n1. Provide any public or private scope.\n2. rescope takes care of the rest and spits out a Burp/ZAP compatible JSON/XML file.\n3. Import results from Burp/ZAP.\n\n\n- [Installation](#installation)\n- [Features](#features)\n- [Supported bugbounty platforms](#supported-bug-bounty-services-bbaas)\n- [Usage](#usage)\n- [Arguments](#arguments)\n- [Public scopes](#public-scopes)\n- [Private scopes](#private-scopes)\n- [Combining Public and Private Scopes](#combining-public-and-private-scopes)\n- [Importing to Burp/ZAP](#importing-results)\n\n\n## ☛ Installation\n\nRequires [Go](\u003chttps://golang.org/\u003e) and git\n\n```\ngo install github.com/root4loot/rescope@latest\n```\n\n## Features\n\n* Define public scope(s) directly from any supported BBaaS (**Bug-Bounty-as-a-Service**) platform\n* Define private scopes by copy/pasting target definitions from pretty much anywhere\n* Outputs results that is compatible with Burp Suite and Zaproxy for direct import\n* Combine private and public scopes\n* Scope include/exclude separation\n* Parse multiple scopes to the same result\n* Supports IP-ranges \u0026 CIDR\n* Resolves conflicting includes/excludes\n* Avoid resources from third party services such as github.com, gitlab.com, itunes.apple.com, etc\n\n\n### Supported Bug-Bounty Services (BBaaS)\n\n- [bugcrowd.com](https://bugcrowd.com)\n- [hackerone.com](https://hackerone.com)\n- [hackenproof.com](https://hackenproof.com)\n- [intigriti.com](https://www.intigriti.com/public)\n- [openbugbounty.com](https://www.openbugbounty.org)\n- [yeswehack.com](https://yeswehack.com)\n- [bugbounty.jp](https://bugbounty.jp)\n- [federacy.com](https://www.federacy.com)\n\n## Usage\n```\nusage: rescope [arguments]\n```\n\n### Arguments\n\n| Short | Long \t | Description \t\t\t\t\t |\n| :---: |:------------------:| :---------------------------------------------------------------- |\n| -h | --help \t | Print help information \t\t\t\t\t \n| -z | --zap \t | Export scope to ZAP-compatible XML instead of default (Burp JSON) |\n| -r | --raw \t | Export raw scope-definitions to list of text |\n| -u | --url \t | Public bug bounty program URL \t\t\t\t\t |\n| -i | --infile \t | File containing scope-definitions \t\t\t\t\t |\n| -o | --outfile \t | Save results to given filename \t\t\t\t\t |\n| -s | --silent \t | Do not print identified targets \t\t\t\t\t |\n| -n | --name \t | Name of ZAP context \t\t\t\t\t |\n| | --itag \t | Custom include tag (default: !INCLUDE) \t\t\t |\n| | --etag \t | Custom exclude tag (default: !EXCLUDE) \t\t\t |\n| | --resolveConflicts | Resolve all exclude conflicts |\n| | --avoid3P | Avoid all third party resources |\n| | --version | Print version \t\t\t\t\t |\n\n\n### Example Usage\nParse scopes from public bugbounty program to Burp (JSON) \n`rescope -u hackerone.com/security -o burpscope.json` \n\nParse scopes from public bugbounty programs to ZAP (XML) \n`rescope --zap --name CoolScope -u hackerone.com/security -o zapscope.context`\n\nParse scope from infile having target definitions to Burp (JSON) \n`rescope -i scope.txt -o burpscope.json`\n\n### Example Result\n\u003cimg src=\"assets/example_result.png\" width=\"730\"\u003e\n\n## Public Scopes\n\nDefining scopes as a bugbounty researcher has never been this easy. \n(For private bugbounty scopes, see [Private Scopes](#private-scopes))\n\n```\nrescope -u hackerone.com/security -o burpscope.json\n```\nrescope will print out a list of identified targets as seen below. Use this list to verify that it got what you wanted. \nIncludes (+) are highlighted in Green, and Excludes (-) in Red.\n\n```diff\n$ rescope -u hackerone.com/security -o burpscope.json\n[-] Grabbing targets from hackerone.com/security \n+ https://hackerone.com\n+ https://api.hackerone.com\n+ *.vpn.hackerone.net\n+ https://hackerone-us-west-2-production-attachments.s3-us-west-2.amazonaws.com/\n+ https://www.hackerone.com\n+ https://errors.hackerone.net\n+ https://*.hackerone-ext-content.com\n+ https://ctf.hacker101.com\n+ https://*.hackerone-user-content.com/\n+ 66.232.20.0/23\n+ 206.166.248.0/23\n- https://support.hackerone.com\n- https://ma.hacker.one\n- https://www.hackeronestatus.com/\n- https://info.hacker.one/\n- https://go.hacker.one\n[-] Parsing to JSON (Burp Suite)\n[✓] Done. Wrote 185786 bytes to burpscope.json\n```\nThe resulting file may now be imported to Burp or ZAP depending on your choice. See [importing results](#importing-results) for details.\n\n### Defining multiple scopes\nDefining multiple scopes at once (to the same result) is only a matter of setting `-u` \u003curl\u003e several times.\n```\nrescope --zap -u hackerone.com/security -u bugcrowd.com/bugcrowd -u intigriti.com/intigriti/intigriti --name CoolScope -o zapscope.context\n```\n\nAlternatively, list them in an infile as so.\n```\n$ cat combined.txt\nhackerone.com/security\nbugcrowd.com/bugcrowd\nintigriti.com/intigriti/intigriti\n```\nAnd pass this as an infile.\n\n```\nrescope -i combined.txt -o burpscope.json\n```\n\n## Private Scopes\n\n**Update:** HackerOne users may parse private scopes directly by setting environment variable `H1_TOKEN` to the value of `X-Auth-Token`. \n\nrescope is not limited to public BBaaS scopes. \nIf your scope is private then list targets in a text file and pass it to `--infile` (`-i`).\n\nExample scope:\n\n```\n$ cat scope.txt\ntarget1.example.com\ntarget2.example.com\ntarget3.example.com\n192.168.0.1/24\n10.10.10.1-3\n```\n\n```\nrescope -i scope.txt -o burpscope.json\n```\nDefining multiple scopes at once (to the same result) is only a matter of setting `-i` \u003cinfile\u003e several times.\n```\nrescope --zap -i scope1.txt -i scope2.txt --name CoolScope -o zapscope.context\n```\n\nOne of the neat things about rescope is that it'll automagically detect the targets from the scope you provide- meaning they don't have to be in a specific structure/format. This allows you to simply copy/paste the scope from pretty much anywhere and provide it to rescope without the need of having to filter it out in advance.\n\nI.e., the same scope as above, but with some leading/ending text and multiple targets on the same line.\n\n```sh\n$ cat scope.txt\nHigh priority: target1.example.com\nMedium: target2.example.com and target3.example.com\nInternal: 192.168.0.1/24 (department A)\n 10.10.10.1-3\n```\n\nAs seen below, rescope was able to identify the targets, despite having leading text or multiple hosts on the same line. Includes (+) are highlighted in Green, and Excludes (-) in Red. Use this list to verify that it got what you wanted.\n\n```diff\n$ rescope -i scope.txt -o burpscope.json\n[-] Grabbing targets from scope.txt\n+ target1.example.com\n+ target2.example.com\n+ target3.example.com\n+ 192.168.0.1/24\n+ 10.10.10.1-3\n[-] Parsing to JSON (Burp Suite)\n[✓] Done. Wrote 46555 bytes to burpscope.json\n```\n\n### Setting Excludes\n\nOut-of-scope targets are set by specifying **!EXCLUDE** in the document, followed by the targets you want to exclude. Any target succeeding this tag is excluded (exclusively) from the scope. A custom exclude tag can be set with the optional `--etag` argument.\n\nExample (scope.txt):\n\n```\nIn-Scope:\ntarget1.example.com\ntarget2.example.com\ntarget3.example.com\n\n!EXCLUDE\nOut-of-Scope:\ntarget4.example.com\ntarget5.example.com\n```\n\nIf the \"out-of-scope\" targets happen to come _before_ the list of includes, then you must either move out-of-scope section _after_ the list of includes, or provide an **!INCLUDE** tag before the list of in-scope targets. A custom include tag can be set with the optional `--itag` argument.\n\nExample (scope.txt):\n\n```\n!EXCLUDE\nOut-of-Scope:\ntarget4.example.com\ntarget5.example.com\n\n!INCLUDE \u003c-- required when excludes come first\nIn-Scope:\ntarget1.example.com\ntarget2.example.com\ntarget3.example.com\n```\n\n## Combining Public and Private Scopes\n\nRescope is flexible in that you can define both public and private scopes to the same result. \nThis is accomplished by simply combining `-u` \u003curl\u003e and `-i` \u003cinfile\u003e as seen below.\n\n```sh\nrescope -i scope.txt -u bugcrowd.com/bugcrowd -o burpscope.json\n```\n\nAlternatively, you can include BBaaS URL's in an infile, along with your private identifiers. \nThe position at which you place these URL's does not matter.\n\n```\n$ cat scope.txt\nbugcrowd.com/bugcrowd\nhackerone.com/security \nintigriti.com/intigriti/intigriti \n!INCLUDE\ntarget1.example.com\ntarget2.example.com\n!EXCLUDE\ntarget3.example.com\n```\n\n```\n$ rescope --zap --name CoolScope -i scope.txt -o zapscope.context --silent\n[-] Identified BBaaS program (bugcrowd.com/bugcrowd) in scope.txt\n[-] Identified BBaaS program (hackerone.com/security) in scope.txt\n[-] Identified BBaaS program (intigriti.com/intigriti/intigriti) in scope.txt\n[-] Grabbing targets from scope.txt\n[-] Grabbing targets from bugcrowd.com/bugcrowd\n[-] Grabbing targets from hackerone.com/security\n[-] Grabbing targets from intigriti.com/intigriti/intigriti\n[-] Parsing to XML (OWASP ZAP)\n[✓] Done. Wrote 68994 bytes to zapscope.context\n```\n\n## Importing results\n\n### Burp Suite\n1. Head to **Target** -\u003e ⚙︎ Scope settings\n2. Click the ⚙︎ icon below \"Target Scope\" and choose \"Load Settings\"\n3. Choose file exported from rescope\n\n### OWASP ZAP\nChoose **File** -\u003e **Import Context** and select XML file.\n\n**Note for OWASP ZAP:**\n- If you set `-o` filename extension to anything other than `.context` then you'll have to choose \"All Format\" in file select.\n- For ZAP HUD; set context `--name \"HUD Context\"`\n\n## TODO\n\n- Scrap argparse\n- Pipe support\n- Docker support\n- Add more unit tests\n- CI\n\n## Author\n* Daniel Antonsen [@danielantonsen](https://twitter.com/danielantonsen)\n\n## License\nLicensed under MIT (see license file)\n","funding_links":[],"categories":["Go (531)","Web Application Testing","\u003ca id=\"5b761419863bc686be12c76451f49532\"\u003e\u003c/a\u003e新添加","Go"],"sub_categories":["\u003ca id=\"285c52a4e04dd2f86646c8e1235c9332\"\u003e\u003c/a\u003e工具"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Froot4loot%2Frescope","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Froot4loot%2Frescope","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Froot4loot%2Frescope/lists"}