Skip to content

SamHutchins-Sage/hackerone2threadfix

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hackerone2threadfix.py
hackerone2threadfix.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

hackerone2threadfix

This script enables a quick, API-based export from HackerOne to a compatible .csv format for fast upload to ThreadFix.

HackerOne offers the ability to quickly export reports from a program via its API. This script takes HackerOne program data and converts it to a format that can be ingested by ThreadFix via their SSVL Converter tool.

Installation

Python 3 recommended.

Dependencies

These dependencies can optinally be installed using the requirements file:

sudo pip install -r requirements.txt

Clone Repo

git clone https://github.com/whiskeykilosec/hackerone2threadfix.git

or just grab the python file

API Authentication

  1. Make sure you've created a HackerOne API token according to the instructions here
  2. Add your HackerOne credentials as OS environment variables
    • the identifier as "H1_IDENTIFIER"
    • the token as "H1_TOKEN"

Usage

For all options and instructions run: python hackerone2threadfix.py -h

Reference Documentation

HackerOne

ThreadFix: SSVL Converter tool can be used with mappings and changes specified below

Field Mapping

SSVL Field H1 API Equivalent Field Modification to H1 Field
Severity data.relationships.severity.data.attributes.rating capitalize first letter of values. SSLV converter doesn’t accept 'none' as a severity value in this column so replace 'None' with 'Info'
CWE data.relationships.weakness.data.attributes.external_id trim “cwe-“ off the front
Source none value for all reports should be 'HackerOne'
url none build from 'https://hackerone.com/reports/' + data.id
paramter none leave blank
NativeID data.id none
ShortDescription data.attributes.title none
LongDescription data.attributes.vulnerability_information none
IssueID none leave blank
Date data.attributes.created_at comes in as ISO 8601. change date format to dd/mm/yyyy
SourceFileName none leave blank
LineNumber none SSVL converter expects this column to have a value since the input type is integer, otherwise it throws an exception. Value for all reports can be '1'
ColumnNumber none SSVL converter expects this column to have a value since the input type is integer, otherwise it throws an exception. Value for all reports can be '1'
LineText none leave blank

About

HackerOne export to ThreadFix tool

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%