|
| 1 | +# Bug Bounty Platform Integration Configuration |
| 2 | +# Copy this to .shells.yaml and configure your credentials |
| 3 | + |
| 4 | +platforms: |
| 5 | + # HackerOne Integration |
| 6 | + hackerone: |
| 7 | + enabled: false # Set to true to enable |
| 8 | + api_username: "your-api-username" |
| 9 | + api_token: "your-api-token" |
| 10 | + base_url: "https://api.hackerone.com/v1" |
| 11 | + timeout: 30s |
| 12 | + auto_submit: false # Set to true to automatically submit findings |
| 13 | + minimum_severity: "medium" # Only submit findings of this severity or higher (critical, high, medium, low) |
| 14 | + draft_mode: true # Create as draft instead of submitting directly |
| 15 | + |
| 16 | + # Bugcrowd Integration |
| 17 | + bugcrowd: |
| 18 | + enabled: false |
| 19 | + api_token: "your-api-token" |
| 20 | + base_url: "https://api.bugcrowd.com" |
| 21 | + timeout: 30s |
| 22 | + auto_submit: false |
| 23 | + minimum_severity: "P3" # P1 (Critical), P2 (High), P3 (Medium), P4 (Low), P5 (Info) |
| 24 | + draft_mode: true |
| 25 | + |
| 26 | + # AWS Vulnerability Research Program (via HackerOne) |
| 27 | + aws: |
| 28 | + enabled: false |
| 29 | + program_handle: "amazonvrp" # AWS VRP program handle on HackerOne |
| 30 | + use_hackerone: true |
| 31 | + api_username: "your-hackerone-api-username" |
| 32 | + api_token: "your-hackerone-api-token" |
| 33 | + timeout: 30s |
| 34 | + auto_submit: false |
| 35 | + minimum_severity: "medium" |
| 36 | + |
| 37 | + # Microsoft Azure Bug Bounty |
| 38 | + azure: |
| 39 | + enabled: false |
| 40 | + reporting_email: "secure@microsoft.com" |
| 41 | + program_type: "azure" # "azure" or "azure-devops" |
| 42 | + timeout: 30s |
| 43 | + auto_submit: false |
| 44 | + minimum_severity: "Important" # Critical, Important, Moderate, Low |
| 45 | + |
| 46 | + # Google Cloud Platform (Note: GCP doesn't have a public API for submissions) |
| 47 | + gcp: |
| 48 | + enabled: false |
| 49 | + reporting_url: "https://www.google.com/about/appsecurity/" |
| 50 | + timeout: 30s |
| 51 | + auto_submit: false |
| 52 | + minimum_severity: "medium" |
| 53 | + |
| 54 | +# Usage Examples: |
| 55 | +# |
| 56 | +# 1. List programs from HackerOne: |
| 57 | +# shells platform programs --platform hackerone |
| 58 | +# |
| 59 | +# 2. Submit a finding to Bugcrowd: |
| 60 | +# shells platform submit <finding-id> --platform bugcrowd --program example-program |
| 61 | +# |
| 62 | +# 3. Validate credentials: |
| 63 | +# shells platform validate --platform hackerone |
| 64 | +# |
| 65 | +# 4. Auto-submit critical findings: |
| 66 | +# shells platform auto-submit --severity CRITICAL |
| 67 | +# |
| 68 | +# 5. Dry-run submission: |
| 69 | +# shells platform submit <finding-id> --platform hackerone --dry-run |
| 70 | +# |
| 71 | +# Database Integration: |
| 72 | +# - All submissions are tracked in the platform_submissions table |
| 73 | +# - Duplicate submissions are prevented automatically |
| 74 | +# - Submission status and platform data are stored for reference |
0 commit comments