A tool I made to quickly store bug bounty program scopes in a local sqlite3 database

GoScope

A tool I made to quickly store bug bounty program scopes in a local sqlite3 database. Download or copy a Burpsuite configuration file from the bonty program page and save it as a .json file. Source it using GoScope and it will parse the file, storing a program name, in-scope domains and out-of-scope domains to the database.

I have only tested this with a few HackerOne Burpsuite configurations. I am uncertain if other platforms use the same format.

Disclaimer

Always double-check that the scope information in the database matches the listings on the bounty program page. I have found that some programs do not include out-of-scope domains in the Burpsuite configuration files. These can be manually added in to the .json file and then run through GoScope.

Usage

Due to the long urls these configuration files have, I find it easier just to open the link in a new tab, ctrl-a and copy all data, and then paste it into a .json file. The long links tend to lag my terminal.

GoScope is configured to utilize subcommands and flags.

E.x. goscope [command]

goscope -h

This will display help for the tool.

Command Description Example
add Add a new bounty program goscope add -p example -b example.json
query Query the database and return inscope and outscope goscope query -p example
remove Remove a program from the database gorecon remove -p example
pipe Output only wildcard domains and pipe to other enumeration tools such as assetfinder goscope pipe -p example
Flags Valid Commands Description Example
-a pipe Output all wildcard domains for all programs in database goscope pipe -a
-b add Burpsuite config file goscope add -p example -b burp.json
-c all Config file location (default $HOME/.goscope.yaml) Can set default database name / location here
-d all Specify database name and location (default ./scope.db) goscope add -d example.db
-h all See help for any command goscope add -h
-l query List all programs in database goscope query -l
-p all Set the name of the bounty program goscope query -p example

Installation

GoScope requires sqlite3 for the database

▶ sudo apt install sqlite3

GoScope requires go1.17+ to install successfully. Run the following command to get the repo -

▶ GO111MODULE=on go get -v github.com/d82r/goscope

Running GoScope

Add a new bounty program scope to the database.

▶ goscope -p example -b example.json 

Query an existing program

▶ goscope query -p example

Remove a program from the database

▶ goscope remove -p example

Output program wildcard domains (*.example.com) to stdout as example.com so it can be pipe to tools such as assetfinder or subfinder

▶ goscope pipe -a
Similar Resources

Goose database migration tool - fork of https://bitbucket.org/liamstask/goose

goose Goose is a database migration tool. Manage your database schema by creating incremental SQL changes or Go functions. Goals of this fork github.c

Dec 30, 2022

The EVEmu Database Tool

EVEDBTool - The EVEmu Database Tool This is a tool written in Go to manage the installation, versioning and update of the EVEmu database. A pre-built

Sep 27, 2022

A little database tool for version control

A little database tool for version control It's very like sqitch, because I imitate it. If it's not allowed, give me a message, I'll destroy this proj

Aug 18, 2022

A database connection tool for sensitive data

A database connection tool for sensitive data

go-sql 用于快速统计数据库行数、敏感字段匹配、数据库连接情况。 usage ./go-sql_darwin_amd64 -h ./go-sql_darwin_amd64 -f db.yaml -k name,user ./go-sql_darwin_amd64 -f db.yaml --min

Apr 4, 2022

Web-based, zero-config, dependency-free database schema change and version control tool for teams

Web-based, zero-config, dependency-free database schema change and version control tool for teams

Live Demo • Install • Help • Development • Design Doc Bytebase is a web-based, zero-config, dependency-free database schema change and version control

Jan 1, 2023

GORM SQLChaos manipulates DML at program runtime based on gorm

GORM SQLChaos GORM SQLChaos manipulates DML at program runtime based on gorm callbacks Motivation In Financial Business distributed system, account im

Oct 21, 2022

SQLFlow is a compiler that compiles a SQL program to a workflow that runs on Kubernetes.

SQLFlow is a compiler that compiles a SQL program to a workflow that runs on Kubernetes.

SQLFlow is a compiler that compiles a SQL program to a workflow that runs on Kubernetes. The input is a SQL program that writt

Jan 9, 2023

Database wrapper that manage read write connections

rwdb Database wrapper that manage read write connections Install go get github.com/andizzle/rwdb Create connections package main import "github.com/

Dec 10, 2022

Vitess is a database clustering system for horizontal scaling of MySQL.

Vitess Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. By encapsulating shard-routing logic, Vite

Jan 3, 2023
Create key value sqlite3 database from tabular data, fast.
Create key value sqlite3 database from tabular data, fast.

Turn tabular data into a lookup table using sqlite3. This is a working PROTOTYPE with limitations, e.g. no customizations, the table definition is fixed, etc.

Apr 2, 2022
Make a sqlite3 database from tabular data, fast.
Make a sqlite3 database from tabular data, fast.

MAKTA make a database from tabular data Turn tabular data into a lookup table using sqlite3. This is a working PROTOTYPE with limitations, e.g. no cus

Apr 2, 2022
Go sqlite3 http vfs: query sqlite databases over http with range headers

sqlite3vfshttp: a Go sqlite VFS for querying databases over http(s) sqlite3vfshttp is a sqlite3 VFS for querying remote databases over http(s). This a

Dec 27, 2022
Dumpling is a fast, easy-to-use tool written by Go for dumping data from the database(MySQL, TiDB...) to local/cloud(S3, GCP...) in multifarious formats(SQL, CSV...).

?? Dumpling Dumpling is a tool and a Go library for creating SQL dump from a MySQL-compatible database. It is intended to replace mysqldump and mydump

Nov 9, 2022
An observability database aims to ingest, analyze and store Metrics, Tracing and Logging data.
An observability database aims to ingest, analyze and store Metrics, Tracing and Logging data.

BanyanDB BanyanDB, as an observability database, aims to ingest, analyze and store Metrics, Tracing and Logging data. It's designed to handle observab

Dec 31, 2022
A Go rest API project that is following solid and common principles and is connected to local MySQL database.
A Go rest API project that is following solid and common principles and is connected to local MySQL database.

This is an intermediate-level go project that running with a project structure optimized RESTful API service in Go. API's of that project is designed based on solid and common principles and connected to the local MySQL database.

Dec 25, 2022
[mirror] the database client and tools for the Go vulnerability database

The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the

Dec 29, 2022
Database - Example project of database realization using drivers and models

database Golang based database realization Description Example project of databa

Feb 10, 2022
Simple key-value store on top of SQLite or MySQL

KV Work in progress, not ready for prime time. A simple key/value store on top of SQLite or MySQL (Go port of GitHub's KV). Aims to be 100% compatible

Dec 3, 2022
🏋️ dbbench is a simple database benchmarking tool which supports several databases and own scripts

dbbench Table of Contents Description Example Installation Supported Databases Usage Custom Scripts Troubeshooting Development Acknowledgements Descri

Dec 30, 2022