Skip to content

gwen001/BBstats

Repository files navigation

BBStats

A tool that display stats and graphs about your bug bounty activity.

php badge MIT license badge twitter badge


Requirements

A web server with PHP installed and Curl extension enabled.

Put the code at the root of your web server:

git clone https://github.com/gwen001/BBstats

Auth

Set environment variable HACKERONE_USERNAME and HACKERONE_PASSWORD

Recommended usage

Grab the datas from your favorite platform for the first time: quick-init.sh

php data-grabber.php -p hackerone -a n -rr -tt -e

Or update your current database (once a week for example): quick-update.sh

php data-grabber.php -p hackerone -a u -r -t -e -n 50

Enjoy the stats!

firefox http://127.0.0.1/BBstats/

Grabber

Usage: php data-grabber.php -p <platform> [OPTIONS]

Options:
	-a	action to perform (default=N)
		   N: new, add new reports
		   U: update, add new reports and update the existing ones (title, bounty, state)
		   O: overwrite, add new reports and overwrite the existing ones
		   R: rollback, got back the previous last version of the database (not platform dependant)
	-e	grab reputation as well
	-f	import from file
	-g	import program datas
	-h	print this help
	-n	update/overwrite the last n reports (default=all, only recommended for the first init)
	-p	platform to grab datas (available: hackerone)
	-r	try to auto rate the reports but keep the current value if exists
	-rr	try to auto rate the reports and overwrite the current value
	-t	try to auto tag the reports but merge the current tags if exists
	-tt	try to auto tag the reports and overwrite the current tags

Examples:
	php data-grabber.php -p hackerone -a n
	php data-grabber.php -p hackerone -a u -n 50
	php data-grabber.php -p hackerone -a o -rr -tt -e
	php data-grabber.php -p hackerone -f bounties.csv -r -t
	php data-grabber.php -p hackerone -a r

Web

You can choose which graph you want to display in config.php.
You create your own autotag and autorate configuration in config.php.

Todo

grabber

  • add more platform (Bugcrowd, YesWeHack, Intigriti, Synack...)

db

  • ?

web ui

  • search engine filter: with/without bounty
  • scrollbar fot both part, left and right
  • calendar plugin for dates

graph

  • graph: bounties per month per program
  • graph: bounties per month per type
  • graph: bounties per month per platform
  • graph: reports per month per program
  • graph: reports per month per type
  • graph: reports per month per platform
  • graph: reports per status

bugs

  • probably alot!

Grabber
Listing
Bounties Evolution
Reports rating Program repartition

Feel free to open an issue if you have any problem with the script.