Skip to content

feat: add optional (IP/CIDR) scope + validator + CI job #1074

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
5h4rk-lab wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add optional (IP/CIDR) scope + validator + CI job #1074

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
99bc63f
feat: add optional (IP/CIDR) scope + validator + CI job
5h4rk-lab Sep 22, 2025
acea0c9
lint
Mzack9999 Sep 24, 2025
5f57f61
Merge branch 'main' into feat/cidr-network
dogancanbakir Sep 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .github/workflows/tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,29 @@ jobs:
fi
working-directory: cmd/validate-domains

network-scope:
name: Validate network (IP/CIDR)
needs: [validate-list, duplicate-domain, invalid-domain] # you can reduce to [validate-list] if you prefer
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Go
uses: projectdiscovery/actions/setup/go@v1 # keep consistent with your other jobs
# (Alternatively: actions/setup-go@v5 with go-version: '1.22.x')

- name: Build network validator
run: go build ./cmd/network-validate

- name: Validate network entries
run: ./network-validate

# Optional: run unit tests if you added network_validate_test.go
- name: Run validator unit tests
run: go test ./cmd/network-validate -v


# url-status:
# runs-on: ubuntu-latest
# steps:
Expand Down
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,13 @@ We are currently accepting submissions in JSON format. Here's an example of the
"hackerone.net",
"hacker101.com",
"hackerone-ext-content.com"
],
"network": [
"66.232.20.1",
"66.232.20.0/23",
"2001:db8::/32"
]

}
```

Expand Down
59 changes: 36 additions & 23 deletions chaos-bugbounty-list.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,40 +2,53 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Public Bug Bounty Programs",
"type": "object",

"definitions": {
"ipv4": { "type": "string", "format": "ipv4" },
"ipv6": { "type": "string", "format": "ipv6" },
"cidrv4": {
"type": "string",
"pattern": "^((25[0-5]|2[0-4]\\d|[01]?\\d?\\d)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d?\\d)\\/(3[0-2]|[12]?\\d)$"
},
"cidrv6": {
"type": "string",
"pattern": "^[0-9A-Fa-f:]+\\/(12[0-8]|1[01]\\d|\\d?\\d)$"
},
"networkItem": {
"oneOf": [
{ "$ref": "#/definitions/ipv4" },
{ "$ref": "#/definitions/ipv6" },
{ "$ref": "#/definitions/cidrv4" },
{ "$ref": "#/definitions/cidrv6" }
]
}
},

"properties": {
"programs": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"url": {
"type": "string",
"pattern": "^https?://"
},
"bounty": {
"type": "boolean"
},
"name": { "type": "string" },
"url": { "type": "string", "pattern": "^https?://" },
"bounty": { "type": "boolean" },
"domains": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
}
"items": { "type": "string" }
},
"network": {
"type": "array",
"description": "Optional IPv4/IPv6 addresses or CIDR ranges in scope for this program.",
"uniqueItems": true,
"items": { "$ref": "#/definitions/networkItem" }
}
},
"required": [
"name",
"url",
"bounty",
"domains"
]
"required": ["name", "url", "bounty", "domains"]
}
}
},
"required": [
"programs"
]
}

"required": ["programs"]
}
21 changes: 15 additions & 6 deletions cmd/bbp-scope/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,9 @@ func ReadExcludeList() {
log.Printf("[WARN] Could not read exclude.txt: %s\n", err)
return
}
defer f.Close()
defer func() {
_ = f.Close()
}()

scanner := bufio.NewScanner(f)
for scanner.Scan() {
Expand All @@ -82,7 +84,9 @@ func Process() error {
if err != nil {
return errors.Wrap(err, "could not create temporary directory")
}
defer os.RemoveAll(tempdir)
defer func() {
_ = os.RemoveAll(tempdir)
}()

log.Printf("[INFO] Cloning arkadiyt/bounty-targets-data repository\n")

Expand All @@ -108,13 +112,14 @@ func Process() error {
log.Printf("[WARN] Could not read %s file: %s\n", file, err)
continue
}
defer func() {
_ = f.Close()
}()
var data []Program
if err := json.NewDecoder(f).Decode(&data); err != nil {
log.Printf("[WARN] Could not decode %s file: %s\n", file, err)
f.Close()
continue
}
f.Close()

for _, item := range data {
// Fix for blank yeswehack url field
Expand Down Expand Up @@ -184,7 +189,9 @@ func Process() error {
if err != nil {
return errors.Wrap(err, "could not create new bbp file")
}
defer newFile.Close()
defer func() {
_ = newFile.Close()
}()

chaosData := dns.ChaosList{
Programs: chaosSlice,
Expand Down Expand Up @@ -239,7 +246,9 @@ func ReadChaosBountyPrograms() (map[string]dns.ChaosProgram, error) {
if err != nil {
return nil, errors.Wrap(err, "could not read chaos list")
}
defer file.Close()
defer func() {
_ = file.Close()
}()

var list dns.ChaosList
if err := json.NewDecoder(file).Decode(&list); err != nil {
Expand Down
59 changes: 59 additions & 0 deletions cmd/network-validate/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
package main

import (
"encoding/json"
"fmt"
"net"
"os"
)

type Program struct {
Name string `json:"name"`
URL string `json:"url"`
Bounty bool `json:"bounty"`
Domains []string `json:"domains"`
Network []string `json:"network"`
}
type Root struct {
Programs []Program `json:"programs"`
}

func main() {
f, err := os.Open("chaos-bugbounty-list.json")
if err != nil {
fmt.Println(err)
os.Exit(1)
}
defer func() {
_ = f.Close()
}()

var r Root
if err := json.NewDecoder(f).Decode(&r); err != nil {
fmt.Printf("json decode error: %v\n", err)
os.Exit(1)
}

var bad []string
for _, p := range r.Programs {
for _, n := range p.Network {
if n == "" {
continue
}
if ip := net.ParseIP(n); ip != nil {
continue
}
if _, _, err := net.ParseCIDR(n); err == nil {
continue
}
bad = append(bad, fmt.Sprintf("%s -> %s", p.Name, n))
}
}
if len(bad) > 0 {
fmt.Println("Invalid network entries:")
for _, b := range bad {
fmt.Println(" -", b)
}
os.Exit(2)
}
}
21 changes: 10 additions & 11 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ require (
github.com/pkg/errors v0.9.1
github.com/projectdiscovery/goflags v0.1.74
github.com/projectdiscovery/gologger v1.1.56
github.com/projectdiscovery/httpx v1.7.1
github.com/projectdiscovery/httpx v1.7.2-0.20250916113739-500e982d1e7a
github.com/projectdiscovery/retryabledns v1.0.107
github.com/projectdiscovery/utils v0.6.0
github.com/stretchr/testify v1.11.1
Expand All @@ -20,6 +20,8 @@ require (

require (
aead.dev/minisign v0.2.0 // indirect
github.com/JohannesKaufmann/dom v0.2.0 // indirect
github.com/JohannesKaufmann/html-to-markdown/v2 v2.4.0 // indirect
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/Microsoft/go-winio v0.5.2 // indirect
Expand Down Expand Up @@ -55,12 +57,12 @@ require (
github.com/emirpasic/gods v1.18.1 // indirect
github.com/fatih/color v1.18.0 // indirect
github.com/gaissmai/bart v0.25.0 // indirect
github.com/go-faker/faker/v4 v4.6.1 // indirect
github.com/go-faker/faker/v4 v4.6.2 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.4.1 // indirect
github.com/go-ole/go-ole v1.2.6 // indirect
github.com/go-rod/rod v0.116.2 // indirect
github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
github.com/gocarina/gocsv v0.0.0-20240520201108-78e41c74b4b1 // indirect
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
github.com/golang/snappy v0.0.4 // indirect
Expand All @@ -78,7 +80,6 @@ require (
github.com/hdm/jarm-go v0.0.7 // indirect
github.com/iangcarroll/cookiemonster v1.6.0 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kataras/jwt v0.1.10 // indirect
Expand All @@ -100,17 +101,16 @@ require (
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/muesli/reflow v0.3.0 // indirect
github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a // indirect
github.com/muesli/termenv v0.16.0 // indirect
github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 // indirect
github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78 // indirect
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/pierrec/lz4/v4 v4.1.21 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
github.com/projectdiscovery/asnmap v1.1.1 // indirect
github.com/projectdiscovery/blackrock v0.0.1 // indirect
github.com/projectdiscovery/cdncheck v1.2.3 // indirect
github.com/projectdiscovery/cdncheck v1.1.36 // indirect
github.com/projectdiscovery/clistats v0.1.1 // indirect
github.com/projectdiscovery/dsl v0.7.1 // indirect
github.com/projectdiscovery/fastdialer v0.4.11 // indirect
Expand All @@ -133,13 +133,12 @@ require (
github.com/rs/xid v1.6.0 // indirect
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
github.com/sashabaranov/go-openai v1.37.0 // indirect
github.com/sergi/go-diff v1.3.1 // indirect
github.com/sergi/go-diff v1.4.0 // indirect
github.com/shirou/gopsutil/v3 v3.24.2 // indirect
github.com/shoenig/go-m1cpu v0.1.6 // indirect
github.com/skeema/knownhosts v1.1.1 // indirect
github.com/sorairolake/lzip-go v0.3.5 // indirect
github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
github.com/syndtr/goleveldb v1.0.0 // indirect
github.com/therootcompany/xz v1.0.1 // indirect
github.com/tidwall/btree v1.7.0 // indirect
Expand All @@ -152,15 +151,15 @@ require (
github.com/tklauser/go-sysconf v0.3.12 // indirect
github.com/tklauser/numcpus v0.6.1 // indirect
github.com/ulikunitz/xz v0.5.15 // indirect
github.com/weppos/publicsuffix-go v0.40.3-0.20250408071509-6074bbe7fd39 // indirect
github.com/weppos/publicsuffix-go v0.50.0 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xdg-go/pbkdf2 v1.0.0 // indirect
github.com/ysmood/fetchup v0.2.3 // indirect
github.com/ysmood/goob v0.4.0 // indirect
github.com/ysmood/got v0.40.0 // indirect
github.com/ysmood/gson v0.7.3 // indirect
github.com/ysmood/leakless v0.9.0 // indirect
github.com/yuin/goldmark v1.7.4 // indirect
github.com/yuin/goldmark v1.7.13 // indirect
github.com/yuin/goldmark-emoji v1.0.3 // indirect
github.com/yusufpapurcu/wmi v1.2.4 // indirect
github.com/zcalusic/sysinfo v1.0.2 // indirect
Expand Down
Loading
Loading