Polling Scopes

The bbscope poll command fetches program scopes from bug bounty platforms.

Basic usage

# Poll all configured platforms
bbscope poll

# Poll a specific platform
bbscope poll h1
bbscope poll bc
bbscope poll it
bbscope poll ywh
bbscope poll immunefi

Flags

Platform-specific flags

Each platform subcommand accepts inline credentials, useful for one-off runs without a config file:

# HackerOne
bbscope poll h1 --user your_user --token your_token

# Bugcrowd
bbscope poll bc --email you@example.com --password pass --otp-secret SECRET

# Bugcrowd public-only (no auth)
bbscope poll bc --public-only

# Intigriti
bbscope poll it --token your_token

# YesWeHack
bbscope poll ywh --email you@example.com --password pass --otp-secret SECRET

Database mode

With --db, bbscope tracks scope state across runs:

• First run: Populates the database silently (no change output).
• Subsequent runs: Prints only what changed since last poll.
• Safety check: If a platform returns 0 programs but the database has >10, the sync is aborted to prevent accidental data loss.

# First run — silent population
bbscope poll --db

# Second run — prints changes
bbscope poll --db
# 🆕  h1  https://hackerone.com/example  *.new-target.com
# ❌  bc  https://bugcrowd.com/example  removed-target.com

Output formatting

The -o flag controls which fields are printed (non-DB mode):

# Target only
bbscope poll -o t

# Target + description + category + program URL
bbscope poll -o tdcu

# Tab-delimited for piping
bbscope poll -o tdu -d $'\t'

Filtering by category

# Only wildcard targets
bbscope poll --category wildcard

# Only mobile apps
bbscope poll --category android,ios

# Multiple categories
bbscope poll --category wildcard,url,cidr

Available categories: wildcard, url, cidr, android, ios, ai, hardware, blockchain, binary, code, other.