bbot 2.0.1.4654rc0__py3-none-any.whl → 2.3.0.5397rc0__py3-none-any.whl

bbot/test/test_step_2/module_tests/test_module_postman_download.py

@@ -0,0 +1,439 @@
+from .base import ModuleTestBase
+
+
+class TestPostman_Download(ModuleTestBase):
+    config_overrides = {"modules": {"postman_download": {"api_key": "asdf"}}}
+    modules_overrides = ["postman", "postman_download", "speculate"]
+
+    async def setup_before_prep(self, module_test):
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/me",
+            match_headers={"X-Api-Key": "asdf"},
+            json={
+                "user": {
+                    "id": 000000,
+                    "username": "test_key",
+                    "email": "blacklanternsecurity@test.com",
+                    "fullName": "Test Key",
+                    "avatar": "",
+                    "isPublic": True,
+                    "teamId": 0,
+                    "teamDomain": "",
+                    "roles": ["user"],
+                },
+                "operations": [
+                    {"name": "api_object_usage", "limit": 3, "usage": 0, "overage": 0},
+                    {"name": "collection_run_limit", "limit": 25, "usage": 0, "overage": 0},
+                    {"name": "file_storage_limit", "limit": 20, "usage": 0, "overage": 0},
+                    {"name": "flow_count", "limit": 5, "usage": 0, "overage": 0},
+                    {"name": "flow_requests", "limit": 5000, "usage": 0, "overage": 0},
+                    {"name": "performance_test_limit", "limit": 25, "usage": 0, "overage": 0},
+                    {"name": "postbot_calls", "limit": 50, "usage": 0, "overage": 0},
+                    {"name": "reusable_packages", "limit": 3, "usage": 0, "overage": 0},
+                    {"name": "test_data_retrieval", "limit": 1000, "usage": 0, "overage": 0},
+                    {"name": "test_data_storage", "limit": 10, "usage": 0, "overage": 0},
+                    {"name": "mock_usage", "limit": 1000, "usage": 0, "overage": 0},
+                    {"name": "monitor_request_runs", "limit": 1000, "usage": 0, "overage": 0},
+                    {"name": "api_usage", "limit": 1000, "usage": 0, "overage": 0},
+                ],
+            },
+        )
+
+    async def setup_after_prep(self, module_test):
+        await module_test.mock_dns(
+            {"blacklanternsecurity.com": {"A": ["127.0.0.99"]}, "github.com": {"A": ["127.0.0.99"]}}
+        )
+        module_test.httpx_mock.add_response(
+            url="https://www.postman.com/_api/ws/proxy",
+            match_content=b'{"service": "search", "method": "POST", "path": "/search-all", "body": {"queryIndices": ["collaboration.workspace"], "queryText": "blacklanternsecurity", "size": 100, "from": 0, "clientTraceId": "", "requestOrigin": "srp", "mergeEntities": "true", "nonNestedRequests": "true", "domain": "public"}}',
+            json={
+                "data": [
+                    {
+                        "score": 611.41156,
+                        "normalizedScore": 23,
+                        "document": {
+                            "watcherCount": 6,
+                            "apiCount": 0,
+                            "forkCount": 0,
+                            "isblacklisted": "false",
+                            "createdAt": "2021-06-15T14:03:51",
+                            "publishertype": "team",
+                            "publisherHandle": "blacklanternsecurity",
+                            "id": "11498add-357d-4bc5-a008-0a2d44fb8829",
+                            "slug": "bbot-public",
+                            "updatedAt": "2024-07-30T11:00:35",
+                            "entityType": "workspace",
+                            "visibilityStatus": "public",
+                            "forkcount": "0",
+                            "tags": [],
+                            "createdat": "2021-06-15T14:03:51",
+                            "forkLabel": "",
+                            "publisherName": "blacklanternsecurity",
+                            "name": "BlackLanternSecurity BBOT [Public]",
+                            "dependencyCount": 7,
+                            "collectionCount": 6,
+                            "warehouse__updated_at": "2024-07-30 11:00:00",
+                            "privateNetworkFolders": [],
+                            "isPublisherVerified": False,
+                            "publisherType": "team",
+                            "curatedInList": [],
+                            "creatorId": "6900157",
+                            "description": "",
+                            "forklabel": "",
+                            "publisherId": "299401",
+                            "publisherLogo": "",
+                            "popularity": 5,
+                            "isPublic": True,
+                            "categories": [],
+                            "universaltags": "",
+                            "views": 5788,
+                            "summary": "BLS public workspaces.",
+                            "memberCount": 2,
+                            "isBlacklisted": False,
+                            "publisherid": "299401",
+                            "isPrivateNetworkEntity": False,
+                            "isDomainNonTrivial": True,
+                            "privateNetworkMeta": "",
+                            "updatedat": "2021-10-20T16:19:29",
+                            "documentType": "workspace",
+                        },
+                        "highlight": {"summary": "<b>BLS</b> BBOT api test."},
+                    },
+                    {
+                        "score": 611.41156,
+                        "normalizedScore": 23,
+                        "document": {
+                            "watcherCount": 6,
+                            "apiCount": 0,
+                            "forkCount": 0,
+                            "isblacklisted": "false",
+                            "createdAt": "2021-06-15T14:03:51",
+                            "publishertype": "team",
+                            "publisherHandle": "testteam",
+                            "id": "11498add-357d-4bc5-a008-0a2d44fb8829",
+                            "slug": "testing-bbot-api",
+                            "updatedAt": "2024-07-30T11:00:35",
+                            "entityType": "workspace",
+                            "visibilityStatus": "public",
+                            "forkcount": "0",
+                            "tags": [],
+                            "createdat": "2021-06-15T14:03:51",
+                            "forkLabel": "",
+                            "publisherName": "testteam",
+                            "name": "Test BlackLanternSecurity API Team Workspace",
+                            "dependencyCount": 7,
+                            "collectionCount": 6,
+                            "warehouse__updated_at": "2024-07-30 11:00:00",
+                            "privateNetworkFolders": [],
+                            "isPublisherVerified": False,
+                            "publisherType": "team",
+                            "curatedInList": [],
+                            "creatorId": "6900157",
+                            "description": "",
+                            "forklabel": "",
+                            "publisherId": "299401",
+                            "publisherLogo": "",
+                            "popularity": 5,
+                            "isPublic": True,
+                            "categories": [],
+                            "universaltags": "",
+                            "views": 5788,
+                            "summary": "Private test of BBOTs public API",
+                            "memberCount": 2,
+                            "isBlacklisted": False,
+                            "publisherid": "299401",
+                            "isPrivateNetworkEntity": False,
+                            "isDomainNonTrivial": True,
+                            "privateNetworkMeta": "",
+                            "updatedat": "2021-10-20T16:19:29",
+                            "documentType": "workspace",
+                        },
+                        "highlight": {"summary": "Private test of BBOTs Public API"},
+                    },
+                ],
+                "meta": {
+                    "queryText": "blacklanternsecurity",
+                    "total": {
+                        "collection": 0,
+                        "request": 0,
+                        "workspace": 2,
+                        "api": 0,
+                        "team": 0,
+                        "user": 0,
+                        "flow": 0,
+                        "apiDefinition": 0,
+                        "privateNetworkFolder": 0,
+                    },
+                    "state": "AQ4",
+                    "spellCorrection": {"count": {"all": 2, "workspace": 2}, "correctedQueryText": None},
+                    "featureFlags": {
+                        "enabledPublicResultCuration": True,
+                        "boostByPopularity": True,
+                        "reRankPostNormalization": True,
+                        "enableUrlBarHostNameSearch": True,
+                    },
+                },
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://www.postman.com/_api/ws/proxy",
+            match_content=b'{"service": "workspaces", "method": "GET", "path": "/workspaces?handle=blacklanternsecurity&slug=bbot-public"}',
+            json={
+                "meta": {"model": "workspace", "action": "find", "nextCursor": ""},
+                "data": [
+                    {
+                        "id": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
+                        "name": "BlackLanternSecurity BBOT [Public]",
+                        "description": None,
+                        "summary": "BLS public workspaces.",
+                        "createdBy": "299401",
+                        "updatedBy": "299401",
+                        "team": None,
+                        "createdAt": "2021-10-20T16:19:29",
+                        "updatedAt": "2021-10-20T16:19:29",
+                        "visibilityStatus": "public",
+                        "profileInfo": {
+                            "slug": "bbot-public",
+                            "profileType": "team",
+                            "profileId": "000000",
+                            "publicHandle": "https://www.postman.com/blacklanternsecurity",
+                            "publicImageURL": "",
+                            "publicName": "BlackLanternSecurity",
+                            "isVerified": False,
+                        },
+                    }
+                ],
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://www.postman.com/_api/ws/proxy",
+            match_content=b'{"service": "workspaces", "method": "GET", "path": "/workspaces?handle=testteam&slug=testing-bbot-api"}',
+            json={
+                "meta": {"model": "workspace", "action": "find", "nextCursor": ""},
+                "data": [
+                    {
+                        "id": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
+                        "name": "Test BlackLanternSecurity API Team Workspace",
+                        "description": None,
+                        "summary": "Private test of BBOTs public API",
+                        "createdBy": "299401",
+                        "updatedBy": "299401",
+                        "team": None,
+                        "createdAt": "2021-10-20T16:19:29",
+                        "updatedAt": "2021-10-20T16:19:29",
+                        "visibilityStatus": "public",
+                        "profileInfo": {
+                            "slug": "bbot-public",
+                            "profileType": "team",
+                            "profileId": "000000",
+                            "publicHandle": "https://www.postman.com/testteam",
+                            "publicImageURL": "",
+                            "publicName": "testteam",
+                            "isVerified": False,
+                        },
+                    }
+                ],
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/workspaces/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
+            match_headers={"X-Api-Key": "asdf"},
+            json={
+                "workspace": {
+                    "id": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
+                    "name": "BlackLanternSecurity BBOT [Public]",
+                    "type": "personal",
+                    "description": None,
+                    "visibility": "public",
+                    "createdBy": "00000000",
+                    "updatedBy": "00000000",
+                    "createdAt": "2021-11-17T06:09:01.000Z",
+                    "updatedAt": "2021-11-17T08:57:16.000Z",
+                    "collections": [
+                        {
+                            "id": "2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
+                            "name": "BBOT Public",
+                            "uid": "10197090-2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
+                        },
+                    ],
+                    "environments": [
+                        {
+                            "id": "f770f816-9c6a-40f7-bde3-c0855d2a1089",
+                            "name": "BBOT Test",
+                            "uid": "10197090-f770f816-9c6a-40f7-bde3-c0855d2a1089",
+                        }
+                    ],
+                    "apis": [],
+                }
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/workspaces/a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
+            json={
+                "workspace": {
+                    "id": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
+                    "name": "Test BlackLanternSecurity API Team Workspace",
+                    "type": "personal",
+                    "description": None,
+                    "visibility": "public",
+                    "createdBy": "00000000",
+                    "updatedBy": "00000000",
+                    "createdAt": "2021-11-17T06:09:01.000Z",
+                    "updatedAt": "2021-11-17T08:57:16.000Z",
+                    "collections": [
+                        {
+                            "id": "f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
+                            "name": "BBOT Public",
+                            "uid": "10197090-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
+                        },
+                    ],
+                    "environments": [],
+                    "apis": [],
+                }
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://www.postman.com/_api/workspace/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b/globals",
+            json={
+                "model_id": "8be7574b-219f-49e0-8d25-da447a882e4e",
+                "meta": {"model": "globals", "action": "find"},
+                "data": {
+                    "workspace": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
+                    "lastUpdatedBy": "00000000",
+                    "lastRevision": 1637239113000,
+                    "id": "8be7574b-219f-49e0-8d25-da447a882e4e",
+                    "values": [
+                        {
+                            "key": "endpoint_url",
+                            "value": "https://api.blacklanternsecurity.com/",
+                            "enabled": True,
+                        },
+                    ],
+                    "createdAt": "2021-11-17T06:09:01.000Z",
+                    "updatedAt": "2021-11-18T12:38:33.000Z",
+                },
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://www.postman.com/_api/workspace/a4dfe981-2593-4f0b-b4c3-5145e8640f7d/globals",
+            json={
+                "model_id": "8be7574b-219f-49e0-8d25-da447a882e4e",
+                "meta": {"model": "globals", "action": "find"},
+                "data": {
+                    "workspace": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
+                    "lastUpdatedBy": "00000000",
+                    "lastRevision": 1637239113000,
+                    "id": "8be7574b-219f-49e0-8d25-da447a882e4e",
+                    "values": [],
+                    "createdAt": "2021-11-17T06:09:01.000Z",
+                    "updatedAt": "2021-11-18T12:38:33.000Z",
+                },
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/environments/10197090-f770f816-9c6a-40f7-bde3-c0855d2a1089",
+            match_headers={"X-Api-Key": "asdf"},
+            json={
+                "environment": {
+                    "id": "f770f816-9c6a-40f7-bde3-c0855d2a1089",
+                    "name": "BBOT Test",
+                    "owner": "00000000",
+                    "createdAt": "2021-11-17T06:29:54.000Z",
+                    "updatedAt": "2021-11-23T07:06:53.000Z",
+                    "values": [
+                        {
+                            "key": "temp_session_endpoint",
+                            "value": "https://api.blacklanternsecurity.com/",
+                            "enabled": True,
+                        },
+                    ],
+                    "isPublic": True,
+                }
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/collections/10197090-2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
+            match_headers={"X-Api-Key": "asdf"},
+            json={
+                "collection": {
+                    "info": {
+                        "_postman_id": "62b91565-d2e2-4bcd-8248-4dba2e3452f0",
+                        "name": "BBOT Public",
+                        "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+                        "updatedAt": "2021-11-17T07:13:16.000Z",
+                        "createdAt": "2021-11-17T07:13:15.000Z",
+                        "lastUpdatedBy": "00000000",
+                        "uid": "00000000-62b91565-d2e2-4bcd-8248-4dba2e3452f0",
+                    },
+                    "item": [
+                        {
+                            "name": "Generate API Session",
+                            "id": "c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
+                            "protocolProfileBehavior": {"disableBodyPruning": True},
+                            "request": {
+                                "method": "POST",
+                                "header": [{"key": "Content-Type", "value": "application/json"}],
+                                "body": {
+                                    "mode": "raw",
+                                    "raw": '{"username": "test", "password": "Test"}',
+                                },
+                                "url": {"raw": "{{endpoint_url}}", "host": ["{{endpoint_url}}"]},
+                                "description": "",
+                            },
+                            "response": [],
+                            "uid": "10197090-c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
+                        },
+                    ],
+                }
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/collections/10197090-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
+            json={
+                "collection": {
+                    "info": {
+                        "_postman_id": "f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
+                        "name": "BBOT Public",
+                        "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+                        "updatedAt": "2021-11-17T07:13:16.000Z",
+                        "createdAt": "2021-11-17T07:13:15.000Z",
+                        "lastUpdatedBy": "00000000",
+                        "uid": "00000000-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
+                    },
+                    "item": [
+                        {
+                            "name": "Out of Scope API request",
+                            "id": "c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
+                            "protocolProfileBehavior": {"disableBodyPruning": True},
+                            "request": {
+                                "method": "POST",
+                                "header": [{"key": "Content-Type", "value": "application/json"}],
+                                "body": {
+                                    "mode": "raw",
+                                    "raw": '{"username": "test", "password": "Test"}',
+                                },
+                                "url": {"raw": "https://www.outofscope.com", "host": ["www.outofscope.com"]},
+                                "description": "",
+                            },
+                            "response": [],
+                            "uid": "10197090-c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
+                        },
+                    ],
+                }
+            },
+        )
+
+    def check(self, module_test, events):
+        assert 2 == len(
+            [e for e in events if e.type == "CODE_REPOSITORY" and "postman" in e.tags and e.scope_distance == 1]
+        ), "Failed to find blacklanternsecurity postman workspace"
+        assert 1 == len(
+            [
+                e
+                for e in events
+                if e.type == "FILESYSTEM"
+                and "postman_workspaces/BlackLanternSecurity BBOT [Public]" in e.data["path"]
+                and "postman" in e.tags
+                and e.scope_distance == 1
+            ]
+        ), "Failed to find blacklanternsecurity postman workspace"

bbot/test/test_step_2/module_tests/test_module_rapiddns.py

@@ -1,3 +1,5 @@
+import httpx
+
 from .base import ModuleTestBase
 
 
@@ -9,8 +11,98 @@ class TestRapidDNS(ModuleTestBase):
     async def setup_after_prep(self, module_test):
         module_test.module.abort_if = lambda e: False
         module_test.httpx_mock.add_response(
-            url=f"https://rapiddns.io/subdomain/blacklanternsecurity.com?full=1#result", text=self.web_body
+            url="https://rapiddns.io/subdomain/blacklanternsecurity.com?full=1#result", text=self.web_body
         )
 
     def check(self, module_test, events):
         assert any(e.data == "asdf.blacklanternsecurity.com" for e in events), "Failed to detect subdomain"
+
+
+class TestRapidDNSAbortThreshold1(TestRapidDNS):
+    module_name = "rapiddns"
+
+    async def setup_after_prep(self, module_test):
+        self.url_count = {}
+
+        async def custom_callback(request):
+            url = str(request.url)
+            try:
+                self.url_count[url] += 1
+            except KeyError:
+                self.url_count[url] = 1
+            raise httpx.TimeoutException("timeout")
+
+        module_test.httpx_mock.add_callback(custom_callback)
+
+        await module_test.mock_dns(
+            {
+                "blacklanternsecurity.com": {"A": ["127.0.0.88"]},
+                "evilcorp.com": {"A": ["127.0.0.11"]},
+                "evilcorp.net": {"A": ["127.0.0.22"]},
+                "evilcorp.co.uk": {"A": ["127.0.0.33"]},
+            }
+        )
+
+    def check(self, module_test, events):
+        assert module_test.module.api_failure_abort_threshold == 10
+        assert module_test.module.errored is False
+        assert module_test.module._api_request_failures == 3
+        assert module_test.module.api_retries == 3
+        assert {e.data for e in events if e.type == "DNS_NAME"} == {"blacklanternsecurity.com"}
+        assert self.url_count == {
+            "https://rapiddns.io/subdomain/blacklanternsecurity.com?full=1#result": 3,
+        }
+
+
+class TestRapidDNSAbortThreshold2(TestRapidDNSAbortThreshold1):
+    targets = ["blacklanternsecurity.com", "evilcorp.com"]
+
+    def check(self, module_test, events):
+        assert module_test.module.api_failure_abort_threshold == 10
+        assert module_test.module.errored is False
+        assert module_test.module._api_request_failures == 6
+        assert module_test.module.api_retries == 3
+        assert {e.data for e in events if e.type == "DNS_NAME"} == {"blacklanternsecurity.com", "evilcorp.com"}
+        assert self.url_count == {
+            "https://rapiddns.io/subdomain/blacklanternsecurity.com?full=1#result": 3,
+            "https://rapiddns.io/subdomain/evilcorp.com?full=1#result": 3,
+        }
+
+
+class TestRapidDNSAbortThreshold3(TestRapidDNSAbortThreshold1):
+    targets = ["blacklanternsecurity.com", "evilcorp.com", "evilcorp.net"]
+
+    def check(self, module_test, events):
+        assert module_test.module.api_failure_abort_threshold == 10
+        assert module_test.module.errored is False
+        assert module_test.module._api_request_failures == 9
+        assert module_test.module.api_retries == 3
+        assert {e.data for e in events if e.type == "DNS_NAME"} == {
+            "blacklanternsecurity.com",
+            "evilcorp.com",
+            "evilcorp.net",
+        }
+        assert self.url_count == {
+            "https://rapiddns.io/subdomain/blacklanternsecurity.com?full=1#result": 3,
+            "https://rapiddns.io/subdomain/evilcorp.com?full=1#result": 3,
+            "https://rapiddns.io/subdomain/evilcorp.net?full=1#result": 3,
+        }
+
+
+class TestRapidDNSAbortThreshold4(TestRapidDNSAbortThreshold1):
+    targets = ["blacklanternsecurity.com", "evilcorp.com", "evilcorp.net", "evilcorp.co.uk"]
+
+    def check(self, module_test, events):
+        assert module_test.module.api_failure_abort_threshold == 10
+        assert module_test.module.errored is True
+        assert module_test.module._api_request_failures == 10
+        assert module_test.module.api_retries == 3
+        assert {e.data for e in events if e.type == "DNS_NAME"} == {
+            "blacklanternsecurity.com",
+            "evilcorp.com",
+            "evilcorp.net",
+            "evilcorp.co.uk",
+        }
+        assert len(self.url_count) == 4
+        assert list(self.url_count.values()).count(3) == 3
+        assert list(self.url_count.values()).count(1) == 1

bbot/test/test_step_2/module_tests/test_module_securitytxt.py

@@ -0,0 +1,50 @@
+from .base import ModuleTestBase
+
+
+class TestSecurityTxt(ModuleTestBase):
+    targets = ["blacklanternsecurity.notreal"]
+    modules_overrides = ["securitytxt", "speculate"]
+
+    async def setup_before_prep(self, module_test):
+        module_test.httpx_mock.add_response(
+            url="https://blacklanternsecurity.notreal/.well-known/security.txt",
+            text="-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nContact: mailto:joe.smith@blacklanternsecurity.notreal\nContact: mailto:vdp@example.com\nContact: https://vdp.example.com\nExpires: 2025-01-01T00:00:00.000Z\nPreferred-Languages: fr, en\nCanonical: https://blacklanternsecurity.notreal/.well-known/security.txt\nPolicy: https://example.com/cert\nHiring: https://www.careers.example.com\n-----BEGIN PGP SIGNATURE-----\n\nSIGNATURE\n\n-----END PGP SIGNATURE-----",
+        )
+
+    async def setup_after_prep(self, module_test):
+        await module_test.mock_dns(
+            {
+                "blacklanternsecurity.notreal": {
+                    "A": ["127.0.0.11"],
+                },
+            }
+        )
+
+    def check(self, module_test, events):
+        assert any(
+            e.type == "EMAIL_ADDRESS" and e.data == "joe.smith@blacklanternsecurity.notreal" for e in events
+        ), "Failed to detect email address"
+        assert not any(
+            e.type == "URL_UNVERIFIED" and e.data == "https://blacklanternsecurity.notreal/.well-known/security.txt"
+            for e in events
+        ), "Failed to filter Canonical URL to self"
+        assert not any(str(e.data) == "vdp@example.com" for e in events)
+
+
+class TestSecurityTxtEmailsFalse(TestSecurityTxt):
+    config_overrides = {
+        "scope": {"report_distance": 1},
+        "modules": {"securitytxt": {"emails": False}},
+    }
+
+    def check(self, module_test, events):
+        assert not any(e.type == "EMAIL_ADDRESS" for e in events), "Detected email address when emails=False"
+        assert any(
+            e.type == "URL_UNVERIFIED" and e.data == "https://vdp.example.com/" for e in events
+        ), "Failed to detect URL"
+        assert any(
+            e.type == "URL_UNVERIFIED" and e.data == "https://example.com/cert" for e in events
+        ), "Failed to detect URL"
+        assert any(
+            e.type == "URL_UNVERIFIED" and e.data == "https://www.careers.example.com/" for e in events
+        ), "Failed to detect URL"

bbot/test/test_step_2/module_tests/test_module_shodan_dns.py

@@ -9,13 +9,32 @@ class TestShodan_DNS(ModuleTestBase):
             url="https://api.shodan.io/api-info?key=asdf",
         )
         module_test.httpx_mock.add_response(
-            url="https://api.shodan.io/dns/domain/blacklanternsecurity.com?key=asdf",
+            url="https://api.shodan.io/dns/domain/blacklanternsecurity.com?key=asdf&page=1",
             json={
                 "subdomains": [
                     "asdf",
                 ],
             },
         )
+        module_test.httpx_mock.add_response(
+            url="https://api.shodan.io/dns/domain/blacklanternsecurity.com?key=asdf&page=2",
+            json={
+                "subdomains": [
+                    "www",
+                ],
+            },
+        )
+        await module_test.mock_dns(
+            {
+                "blacklanternsecurity.com": {
+                    "A": ["127.0.0.11"],
+                },
+                "www.blacklanternsecurity.com": {"A": ["127.0.0.22"]},
+                "asdf.blacklanternsecurity.com": {"A": ["127.0.0.33"]},
+            }
+        )
 
     def check(self, module_test, events):
+        assert len([e for e in events if e.type == "DNS_NAME"]) == 3, "Failed to detect both subdomains"
         assert any(e.data == "asdf.blacklanternsecurity.com" for e in events), "Failed to detect subdomain"
+        assert any(e.data == "www.blacklanternsecurity.com" for e in events), "Failed to detect subdomain"

bbot/test/test_step_2/module_tests/test_module_sitedossier.py

@@ -136,11 +136,11 @@ class TestSitedossier(ModuleTestBase):
             }
         )
         module_test.httpx_mock.add_response(
-            url=f"http://www.sitedossier.com/parentdomain/evilcorp.com",
+            url="http://www.sitedossier.com/parentdomain/evilcorp.com",
             text=page1,
         )
         module_test.httpx_mock.add_response(
-            url=f"http://www.sitedossier.com/parentdomain/evilcorp.com/101",
+            url="http://www.sitedossier.com/parentdomain/evilcorp.com/101",
             text=page2,
         )
 

bbot/test/test_step_2/module_tests/test_module_smuggler.py

@@ -39,7 +39,7 @@ class TestSmuggler(ModuleTestBase):
         old_run_live = module_test.scan.helpers.run_live
 
         async def smuggler_mock_run_live(*command, **kwargs):
-            if not "smuggler" in command[0][1]:
+            if "smuggler" not in command[0][1]:
                 async for l in old_run_live(*command, **kwargs):
                     yield l
             else: