bbot 2.0.1.4720rc0__py3-none-any.whl → 2.3.0.5397rc0__py3-none-any.whl

bbot/test/test_step_1/test_web.py

@@ -29,7 +29,7 @@ async def test_web_engine(bbot_scanner, bbot_httpserver, httpx_mock):
     urls = [f"{base_url}{i}" for i in range(num_urls)]
     responses = [r async for r in scan.helpers.request_batch(urls)]
     assert len(responses) == 100
-    assert all([r[1].status_code == 200 and r[1].text.startswith(f"{r[0]}: ") for r in responses])
+    assert all(r[1].status_code == 200 and r[1].text.startswith(f"{r[0]}: ") for r in responses)
 
     # request_batch w/ cancellation
     agen = scan.helpers.request_batch(urls)
@@ -153,9 +153,12 @@ async def test_web_helpers(bbot_scanner, bbot_httpserver, httpx_mock):
 
     await scan._cleanup()
 
-    scan1 = bbot_scanner("8.8.8.8")
+    scan1 = bbot_scanner("8.8.8.8", modules=["ipneighbor"])
     scan2 = bbot_scanner("127.0.0.1")
 
+    await scan1._prep()
+    module = scan1.modules["ipneighbor"]
+
     web_config = CORE.config.get("web", {})
     user_agent = web_config.get("user_agent", "")
     headers = {"User-Agent": user_agent}
@@ -208,14 +211,14 @@ async def test_web_helpers(bbot_scanner, bbot_httpserver, httpx_mock):
     url = bbot_httpserver.url_for(path)
     bbot_httpserver.expect_request(uri=path).respond_with_data(download_content, status=200)
     webpage = await scan1.helpers.request(url)
-    assert webpage, f"Webpage is False"
+    assert webpage, "Webpage is False"
     soup = scan1.helpers.beautifulsoup(webpage, "html.parser")
-    assert soup, f"Soup is False"
+    assert soup, "Soup is False"
     # pretty_print = soup.prettify()
     # assert pretty_print, f"PrettyPrint is False"
     # scan1.helpers.log.info(f"{pretty_print}")
     html_text = soup.find(text="Example Domain")
-    assert html_text, f"Find HTML Text is False"
+    assert html_text, "Find HTML Text is False"
 
     # 404
     path = "/test_http_helpers_download_404"
@@ -252,7 +255,7 @@ async def test_web_helpers(bbot_scanner, bbot_httpserver, httpx_mock):
         uri=f"{base_path}/3", query_string={"page_size": "100", "offset": "200"}
     ).respond_with_data("page3")
     results = []
-    agen = scan1.helpers.api_page_iter(template_url)
+    agen = module.api_page_iter(template_url)
     try:
         async for result in agen:
             if result and result.text.startswith("page"):
@@ -262,7 +265,7 @@ async def test_web_helpers(bbot_scanner, bbot_httpserver, httpx_mock):
     finally:
         await agen.aclose()
     assert not results
-    agen = scan1.helpers.api_page_iter(template_url, json=False)
+    agen = module.api_page_iter(template_url, json=False)
     try:
         async for result in agen:
             if result and result.text.startswith("page"):
@@ -386,7 +389,7 @@ async def test_web_http_compare(httpx_mock, bbot_scanner):
     await compare_helper.compare("http://www.example.com", check_reflection=True)
     compare_helper.compare_body({"asdf": "fdsa"}, {"fdsa": "asdf"})
     for mode in ("getparam", "header", "cookie"):
-        assert await compare_helper.canary_check("http://www.example.com", mode=mode) == True
+        assert await compare_helper.canary_check("http://www.example.com", mode=mode) is True
 
     await scan._cleanup()
 
@@ -468,6 +471,9 @@ async def test_web_cookies(bbot_scanner, httpx_mock):
     # but that they're not sent in the response
     with pytest.raises(httpx.TimeoutException):
         r = await client2.get(url="http://www2.evilcorp.com/cookies/test")
+    # make sure cookies are sent
+    r = await client2.get(url="http://www2.evilcorp.com/cookies/test", cookies={"wats": "fdsa"})
+    assert r.status_code == 200
     # make sure we can manually send cookies
     httpx_mock.add_response(url="http://www2.evilcorp.com/cookies/test2", match_headers={"Cookie": "fdsa=wats"})
     r = await client2.get(url="http://www2.evilcorp.com/cookies/test2", cookies={"fdsa": "wats"})

bbot/test/test_step_2/module_tests/base.py

@@ -20,6 +20,8 @@ class ModuleTestBase:
     config_overrides = {}
     modules_overrides = None
     log = logging.getLogger("bbot")
+    # if True, the test will be skipped (useful for tests that require docker)
+    skip_distro_tests = False
 
     class ModuleTest:
         def __init__(
@@ -89,33 +91,39 @@ class ModuleTestBase:
     async def module_test(
         self, httpx_mock, bbot_httpserver, bbot_httpserver_ssl, monkeypatch, request, caplog, capsys
     ):
+        # Skip dastardly test if we're in the distro tests (because dastardly uses docker)
+        if os.getenv("BBOT_DISTRO_TESTS") and self.skip_distro_tests:
+            pytest.skip("Skipping module_test for dastardly module due to BBOT_DISTRO_TESTS environment variable")
+
         self.log.info(f"Starting {self.name} module test")
         module_test = self.ModuleTest(
             self, httpx_mock, bbot_httpserver, bbot_httpserver_ssl, monkeypatch, request, caplog, capsys
         )
-        self.log.debug(f"Mocking DNS")
+        self.log.debug("Mocking DNS")
         await module_test.mock_dns({"blacklanternsecurity.com": {"A": ["127.0.0.88"]}})
-        self.log.debug(f"Executing setup_before_prep()")
+        self.log.debug("Executing setup_before_prep()")
         await self.setup_before_prep(module_test)
-        self.log.debug(f"Executing scan._prep()")
+        self.log.debug("Executing scan._prep()")
         await module_test.scan._prep()
-        self.log.debug(f"Executing setup_after_prep()")
+        self.log.debug("Executing setup_after_prep()")
         await self.setup_after_prep(module_test)
-        self.log.debug(f"Starting scan")
+        self.log.debug("Starting scan")
         module_test.events = [e async for e in module_test.scan.async_start()]
         self.log.debug(f"Finished {module_test.name} module test")
         yield module_test
 
     @pytest.mark.asyncio
     async def test_module_run(self, module_test):
-        self.check(module_test, module_test.events)
+        from bbot.core.helpers.misc import execute_sync_or_async
+
+        await execute_sync_or_async(self.check, module_test, module_test.events)
         module_test.log.info(f"Finished {self.name} module test")
         current_task = asyncio.current_task()
         tasks = [t for t in asyncio.all_tasks() if t != current_task]
         if len(tasks):
             module_test.log.info(f"Unfinished tasks detected: {tasks}")
         else:
-            module_test.log.info(f"No unfinished tasks detected")
+            module_test.log.info("No unfinished tasks detected")
 
     def check(self, module_test, events):
         assert False, f"Must override {self.name}.check()"

bbot/test/test_step_2/module_tests/test_module_anubisdb.py

@@ -5,7 +5,7 @@ class TestAnubisdb(ModuleTestBase):
     async def setup_after_prep(self, module_test):
         module_test.module.abort_if = lambda e: False
         module_test.httpx_mock.add_response(
-            url=f"https://jldc.me/anubis/subdomains/blacklanternsecurity.com",
+            url="https://jldc.me/anubis/subdomains/blacklanternsecurity.com",
             json=["asdf.blacklanternsecurity.com", "zzzz.blacklanternsecurity.com"],
         )
 

bbot/test/test_step_2/module_tests/test_module_apkpure.py

@@ -0,0 +1,71 @@
+from pathlib import Path
+from .base import ModuleTestBase, tempapkfile
+
+
+class TestAPKPure(ModuleTestBase):
+    modules_overrides = ["apkpure", "google_playstore", "speculate"]
+    apk_file = tempapkfile()
+
+    async def setup_after_prep(self, module_test):
+        await module_test.mock_dns({"blacklanternsecurity.com": {"A": ["127.0.0.99"]}})
+        module_test.httpx_mock.add_response(
+            url="https://play.google.com/store/search?q=blacklanternsecurity&c=apps",
+            text="""<!DOCTYPE html>
+            <html>
+            <head>
+            <title>"blacklanternsecurity" - Android Apps on Google Play</title>
+            </head>
+            <body>
+            <a href="/store/apps/details?id=com.bbot.test&pcampaignid=dontmatchme&pli=1"/>
+            </body>
+            </html>""",
+        )
+        module_test.httpx_mock.add_response(
+            url="https://play.google.com/store/apps/details?id=com.bbot.test",
+            text="""<!DOCTYPE html>
+            <html>
+            <head>
+            <title>BBOT</title>
+            </head>
+            <body>
+            <meta name="appstore:developer_url" content="https://www.blacklanternsecurity.com">
+            </div>
+            </div>
+            </body>
+            </html>""",
+        )
+        module_test.httpx_mock.add_response(
+            url="https://d.apkpure.com/b/XAPK/com.bbot.test?version=latest",
+            content=self.apk_file,
+            headers={
+                "Content-Type": "application/vnd.android.package-archive",
+                "Content-Disposition": "attachment; filename=com.bbot.test.apk",
+            },
+        )
+
+    def check(self, module_test, events):
+        assert len(events) == 6
+        assert 1 == len(
+            [
+                e
+                for e in events
+                if e.type == "DNS_NAME" and e.data == "blacklanternsecurity.com" and e.scope_distance == 0
+            ]
+        ), "Failed to emit target DNS_NAME"
+        assert 1 == len(
+            [e for e in events if e.type == "ORG_STUB" and e.data == "blacklanternsecurity" and e.scope_distance == 0]
+        ), "Failed to find ORG_STUB"
+        assert 1 == len(
+            [
+                e
+                for e in events
+                if e.type == "MOBILE_APP"
+                and "android" in e.tags
+                and e.data["id"] == "com.bbot.test"
+                and e.data["url"] == "https://play.google.com/store/apps/details?id=com.bbot.test"
+            ]
+        ), "Failed to find bbot android app"
+        filesystem_event = [e for e in events if e.type == "FILESYSTEM" and "com.bbot.test.apk" in e.data["path"]]
+        assert 1 == len(filesystem_event), "Failed to download apk"
+        file = Path(filesystem_event[0].data["path"])
+        assert file.is_file(), "Destination apk doesn't exist"

bbot/test/test_step_2/module_tests/test_module_asset_inventory.py

@@ -10,7 +10,6 @@ class TestAsset_Inventory(ModuleTestBase):
     masscan_output = """{   "ip": "127.0.0.1",   "timestamp": "1680197558", "ports": [ {"port": 9999, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 54} ] }"""
 
     async def setup_before_prep(self, module_test):
-
         async def run_masscan(command, *args, **kwargs):
             if "masscan" in command[:2]:
                 targets = open(command[11]).read().splitlines()

bbot/test/test_step_2/module_tests/test_module_azure_realm.py

@@ -22,7 +22,7 @@ class TestAzure_Realm(ModuleTestBase):
     async def setup_after_prep(self, module_test):
         await module_test.mock_dns({"evilcorp.com": {"A": ["127.0.0.5"]}})
         module_test.httpx_mock.add_response(
-            url=f"https://login.microsoftonline.com/getuserrealm.srf?login=test@evilcorp.com",
+            url="https://login.microsoftonline.com/getuserrealm.srf?login=test@evilcorp.com",
             json=self.response_json,
         )
 

bbot/test/test_step_2/module_tests/test_module_baddns.py

@@ -31,9 +31,9 @@ class TestBaddns_cname_nxdomain(BaseTestBaddns):
         module_test.monkeypatch.setattr(WhoisManager, "dispatchWHOIS", self.dispatchWHOIS)
 
     def check(self, module_test, events):
-        assert any([e.data == "baddns.azurewebsites.net" for e in events]), "CNAME detection failed"
-        assert any([e.type == "VULNERABILITY" for e in events]), "Failed to emit VULNERABILITY"
-        assert any(["baddns-cname" in e.tags for e in events]), "Failed to add baddns tag"
+        assert any(e.data == "baddns.azurewebsites.net" for e in events), "CNAME detection failed"
+        assert any(e.type == "VULNERABILITY" for e in events), "Failed to emit VULNERABILITY"
+        assert any("baddns-cname" in e.tags for e in events), "Failed to add baddns tag"
 
 
 class TestBaddns_cname_signature(BaseTestBaddns):
@@ -60,8 +60,8 @@ class TestBaddns_cname_signature(BaseTestBaddns):
         module_test.monkeypatch.setattr(WhoisManager, "dispatchWHOIS", self.dispatchWHOIS)
 
     def check(self, module_test, events):
-        assert any([e for e in events])
+        assert any(e for e in events)
         assert any(
-            [e.type == "VULNERABILITY" and "bigcartel.com" in e.data["description"] for e in events]
+            e.type == "VULNERABILITY" and "bigcartel.com" in e.data["description"] for e in events
         ), "Failed to emit VULNERABILITY"
-        assert any(["baddns-cname" in e.tags for e in events]), "Failed to add baddns tag"
+        assert any("baddns-cname" in e.tags for e in events), "Failed to add baddns tag"

bbot/test/test_step_2/module_tests/test_module_baddns_direct.py

@@ -0,0 +1,62 @@
+from .base import ModuleTestBase
+from bbot.modules.base import BaseModule
+
+
+class BaseTestBaddns(ModuleTestBase):
+    modules_overrides = ["baddns_direct"]
+    targets = ["bad.dns"]
+    config_overrides = {"dns": {"minimal": False}, "cloudcheck": True}
+
+
+class TestBaddns_direct_cloudflare(BaseTestBaddns):
+    targets = ["bad.dns:8888"]
+    modules_overrides = ["baddns_direct"]
+
+    async def dispatchWHOIS(self):
+        return None
+
+    class DummyModule(BaseModule):
+        watched_events = ["DNS_NAME"]
+        _name = "dummy_module"
+        events_seen = []
+
+        async def handle_event(self, event):
+            if event.data == "bad.dns":
+                await self.helpers.sleep(0.5)
+                self.events_seen.append(event.data)
+                url = "http://bad.dns:8888/"
+                url_event = self.scan.make_event(
+                    url, "URL", parent=self.scan.root_event, tags=["cdn-cloudflare", "in-scope", "status-401"]
+                )
+                if url_event is not None:
+                    await self.emit_event(url_event)
+
+    async def setup_after_prep(self, module_test):
+        from baddns.base import BadDNS_base
+        from baddns.lib.whoismanager import WhoisManager
+
+        def set_target(self, target):
+            return "127.0.0.1:8888"
+
+        self.module_test = module_test
+
+        self.dummy_module = self.DummyModule(module_test.scan)
+        module_test.scan.modules["dummy_module"] = self.dummy_module
+
+        expect_args = {"method": "GET", "uri": "/"}
+        respond_args = {"response_data": "The specified bucket does not exist", "status": 401}
+        module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
+
+        await module_test.mock_dns({"bad.dns": {"A": ["127.0.0.1"]}})
+
+        module_test.monkeypatch.setattr(BadDNS_base, "set_target", set_target)
+        module_test.monkeypatch.setattr(WhoisManager, "dispatchWHOIS", self.dispatchWHOIS)
+
+    def check(self, module_test, events):
+        assert any(
+            e.type == "FINDING"
+                and "Possible [AWS Bucket Takeover Detection] via direct BadDNS analysis. Indicator: [[Words: The specified bucket does not exist | Condition: and | Part: body] Matchers-Condition: and] Trigger: [self] baddns Module: [CNAME]"
+                in e.data["description"]
+                for e in events
+        ), "Failed to emit FINDING"
+        assert any("baddns-cname" in e.tags for e in events), "Failed to add baddns tag"

bbot/test/test_step_2/module_tests/test_module_bevigil.py

@@ -1,12 +1,16 @@
+import random
+
 from .base import ModuleTestBase
 
 
 class TestBeVigil(ModuleTestBase):
+    module_name = "bevigil"
     config_overrides = {"modules": {"bevigil": {"api_key": "asdf", "urls": True}}}
 
     async def setup_after_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"https://osint.bevigil.com/api/blacklanternsecurity.com/subdomains/",
+            url="https://osint.bevigil.com/api/blacklanternsecurity.com/subdomains/",
+            match_headers={"X-Access-Token": "asdf"},
             json={
                 "domain": "blacklanternsecurity.com",
                 "subdomains": [
@@ -15,10 +19,33 @@ class TestBeVigil(ModuleTestBase):
             },
         )
         module_test.httpx_mock.add_response(
-            url=f"https://osint.bevigil.com/api/blacklanternsecurity.com/urls/",
+            url="https://osint.bevigil.com/api/blacklanternsecurity.com/urls/",
             json={"domain": "blacklanternsecurity.com", "urls": ["https://asdf.blacklanternsecurity.com"]},
         )
 
     def check(self, module_test, events):
         assert any(e.data == "asdf.blacklanternsecurity.com" for e in events), "Failed to detect subdomain"
         assert any(e.data == "https://asdf.blacklanternsecurity.com/" for e in events), "Failed to detect url"
+
+
+class TestBeVigilMultiKey(TestBeVigil):
+    api_keys = ["1234", "4321", "asdf", "fdsa"]
+    random.shuffle(api_keys)
+    config_overrides = {"modules": {"bevigil": {"api_key": api_keys, "urls": True}}}
+
+    async def setup_after_prep(self, module_test):
+        module_test.httpx_mock.add_response(
+            url="https://osint.bevigil.com/api/blacklanternsecurity.com/subdomains/",
+            match_headers={"X-Access-Token": "fdsa"},
+            json={
+                "domain": "blacklanternsecurity.com",
+                "subdomains": [
+                    "asdf.blacklanternsecurity.com",
+                ],
+            },
+        )
+        module_test.httpx_mock.add_response(
+            match_headers={"X-Access-Token": "asdf"},
+            url="https://osint.bevigil.com/api/blacklanternsecurity.com/urls/",
+            json={"domain": "blacklanternsecurity.com", "urls": ["https://asdf.blacklanternsecurity.com"]},
+        )

bbot/test/test_step_2/module_tests/test_module_binaryedge.py

@@ -6,7 +6,8 @@ class TestBinaryEdge(ModuleTestBase):
 
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"https://api.binaryedge.io/v2/query/domains/subdomain/blacklanternsecurity.com",
+            url="https://api.binaryedge.io/v2/query/domains/subdomain/blacklanternsecurity.com",
+            match_headers={"X-Key": "asdf"},
             json={
                 "query": "blacklanternsecurity.com",
                 "page": 1,
@@ -18,7 +19,8 @@ class TestBinaryEdge(ModuleTestBase):
             },
         )
         module_test.httpx_mock.add_response(
-            url=f"https://api.binaryedge.io/v2/user/subscription",
+            url="https://api.binaryedge.io/v2/user/subscription",
+            match_headers={"X-Key": "asdf"},
             json={
                 "subscription": {"name": "Free"},
                 "end_date": "2023-06-17",

bbot/test/test_step_2/module_tests/test_module_bucket_amazon.py

@@ -82,8 +82,8 @@ class Bucket_Amazon_Base(ModuleTestBase):
                 if e.type == "FINDING" and str(e.module) == self.module_name:
                     url = e.data.get("url", "")
                     assert self.random_bucket_2 in url
-                    assert not self.random_bucket_1 in url
-                    assert not self.random_bucket_3 in url
+                    assert self.random_bucket_1 not in url
+                    assert self.random_bucket_3 not in url
         # make sure bucket mutations were found
         assert any(
             e.type == "STORAGE_BUCKET"

bbot/test/test_step_2/module_tests/test_module_bucket_azure.py

@@ -21,7 +21,7 @@ class TestBucket_Azure_NoDup(ModuleTestBase):
 
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"https://tesla.blob.core.windows.net/tesla?restype=container",
+            url="https://tesla.blob.core.windows.net/tesla?restype=container",
             text="",
         )
         await module_test.mock_dns(

bbot/test/test_step_2/module_tests/test_module_bufferoverrun.py

@@ -0,0 +1,35 @@
+from .base import ModuleTestBase
+
+
+class TestBufferOverrun(ModuleTestBase):
+    config_overrides = {"modules": {"bufferoverrun": {"api_key": "asdf", "commercial": False}}}
+
+    async def setup_before_prep(self, module_test):
+        # Mock response for non-commercial API
+        module_test.httpx_mock.add_response(
+            url="https://tls.bufferover.run/dns?q=.blacklanternsecurity.com",
+            match_headers={"x-api-key": "asdf"},
+            json={"Results": ["1.2.3.4,example.com,*,*,sub.blacklanternsecurity.com"]},
+        )
+
+    def check(self, module_test, events):
+        assert any(e.data == "sub.blacklanternsecurity.com" for e in events), "Failed to detect subdomain for free API"
+
+
+class TestBufferOverrunCommercial(ModuleTestBase):
+    modules_overrides = ["bufferoverrun"]
+    module_name = "bufferoverrun"
+    config_overrides = {"modules": {"bufferoverrun": {"api_key": "asdf", "commercial": True}}}
+
+    async def setup_before_prep(self, module_test):
+        # Mock response for commercial API
+        module_test.httpx_mock.add_response(
+            url="https://bufferover-run-tls.p.rapidapi.com/ipv4/dns?q=.blacklanternsecurity.com",
+            match_headers={"x-rapidapi-host": "bufferover-run-tls.p.rapidapi.com", "x-rapidapi-key": "asdf"},
+            json={"Results": ["5.6.7.8,blacklanternsecurity.com,*,*,sub.blacklanternsecurity.com"]},
+        )
+
+    def check(self, module_test, events):
+        assert any(
+            e.data == "sub.blacklanternsecurity.com" for e in events
+        ), "Failed to detect subdomain for commercial API"

bbot/test/test_step_2/module_tests/test_module_builtwith.py

@@ -6,7 +6,7 @@ class TestBuiltWith(ModuleTestBase):
 
     async def setup_after_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"https://api.builtwith.com/v20/api.json?KEY=asdf&LOOKUP=blacklanternsecurity.com&NOMETA=yes&NOATTR=yes&HIDETEXT=yes&HIDEDL=yes",
+            url="https://api.builtwith.com/v20/api.json?KEY=asdf&LOOKUP=blacklanternsecurity.com&NOMETA=yes&NOATTR=yes&HIDETEXT=yes&HIDEDL=yes",
             json={
                 "Results": [
                     {
@@ -91,7 +91,7 @@ class TestBuiltWith(ModuleTestBase):
             },
         )
         module_test.httpx_mock.add_response(
-            url=f"https://api.builtwith.com/redirect1/api.json?KEY=asdf&LOOKUP=blacklanternsecurity.com",
+            url="https://api.builtwith.com/redirect1/api.json?KEY=asdf&LOOKUP=blacklanternsecurity.com",
             json={
                 "Lookup": "blacklanternsecurity.com",
                 "Inbound": [

bbot/test/test_step_2/module_tests/test_module_bypass403.py

@@ -26,7 +26,7 @@ class TestBypass403_collapsethreshold(ModuleTestBase):
     async def setup_after_prep(self, module_test):
         respond_args = {"response_data": "alive"}
 
-        # some of these wont work outside of the module because of the complex logic. This doesn't matter, we just need to get more alerts than the threshold.
+        # some of these won't work outside of the module because of the complex logic. This doesn't matter, we just need to get more alerts than the threshold.
 
         query_payloads = [
             "%09",

bbot/test/test_step_2/module_tests/test_module_c99.py

@@ -1,7 +1,10 @@
+import httpx
+
 from .base import ModuleTestBase
 
 
 class TestC99(ModuleTestBase):
+    module_name = "c99"
     config_overrides = {"modules": {"c99": {"api_key": "asdf"}}}
 
     async def setup_before_prep(self, module_test):
@@ -23,3 +26,126 @@ class TestC99(ModuleTestBase):
 
     def check(self, module_test, events):
         assert any(e.data == "asdf.blacklanternsecurity.com" for e in events), "Failed to detect subdomain"
+
+
+class TestC99AbortThreshold1(TestC99):
+    config_overrides = {"modules": {"c99": {"api_key": ["6789", "fdsa", "1234", "4321"]}}}
+
+    async def setup_before_prep(self, module_test):
+        module_test.httpx_mock.add_response(
+            url="https://api.c99.nl/randomnumber?key=fdsa&between=1,100&json",
+            json={"success": True, "output": 65},
+        )
+
+        self.url_count = {}
+
+        async def custom_callback(request):
+            url = str(request.url)
+            try:
+                self.url_count[url] += 1
+            except KeyError:
+                self.url_count[url] = 1
+            raise httpx.TimeoutException("timeout")
+
+        module_test.httpx_mock.add_callback(custom_callback)
+
+    def check(self, module_test, events):
+        assert module_test.module.api_failure_abort_threshold == 13
+        assert module_test.module.errored is False
+        # assert module_test.module._api_request_failures == 4
+        assert module_test.module.api_retries == 4
+        assert {e.data for e in events if e.type == "DNS_NAME"} == {"blacklanternsecurity.com"}
+        assert self.url_count == {
+            "https://api.c99.nl/randomnumber?key=6789&between=1,100&json": 1,
+            "https://api.c99.nl/randomnumber?key=4321&between=1,100&json": 1,
+            "https://api.c99.nl/randomnumber?key=1234&between=1,100&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=fdsa&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=6789&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=4321&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=1234&domain=blacklanternsecurity.com&json": 1,
+        }
+
+
+class TestC99AbortThreshold2(TestC99AbortThreshold1):
+    targets = ["blacklanternsecurity.com", "evilcorp.com"]
+
+    async def setup_before_prep(self, module_test):
+        await super().setup_before_prep(module_test)
+        await module_test.mock_dns(
+            {
+                "blacklanternsecurity.com": {"A": ["127.0.0.88"]},
+                "evilcorp.com": {"A": ["127.0.0.11"]},
+                "evilcorp.net": {"A": ["127.0.0.22"]},
+                "evilcorp.co.uk": {"A": ["127.0.0.33"]},
+            }
+        )
+
+    def check(self, module_test, events):
+        assert module_test.module.api_failure_abort_threshold == 13
+        assert module_test.module.errored is False
+        assert module_test.module._api_request_failures == 8
+        assert module_test.module.api_retries == 4
+        assert {e.data for e in events if e.type == "DNS_NAME"} == {"blacklanternsecurity.com", "evilcorp.com"}
+        assert self.url_count == {
+            "https://api.c99.nl/randomnumber?key=6789&between=1,100&json": 1,
+            "https://api.c99.nl/randomnumber?key=4321&between=1,100&json": 1,
+            "https://api.c99.nl/randomnumber?key=1234&between=1,100&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=fdsa&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=6789&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=4321&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=1234&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=fdsa&domain=evilcorp.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=6789&domain=evilcorp.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=4321&domain=evilcorp.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=1234&domain=evilcorp.com&json": 1,
+        }
+
+
+class TestC99AbortThreshold3(TestC99AbortThreshold2):
+    targets = ["blacklanternsecurity.com", "evilcorp.com", "evilcorp.net"]
+
+    def check(self, module_test, events):
+        assert module_test.module.api_failure_abort_threshold == 13
+        assert module_test.module.errored is False
+        assert module_test.module._api_request_failures == 12
+        assert module_test.module.api_retries == 4
+        assert {e.data for e in events if e.type == "DNS_NAME"} == {
+            "blacklanternsecurity.com",
+            "evilcorp.com",
+            "evilcorp.net",
+        }
+        assert self.url_count == {
+            "https://api.c99.nl/randomnumber?key=6789&between=1,100&json": 1,
+            "https://api.c99.nl/randomnumber?key=4321&between=1,100&json": 1,
+            "https://api.c99.nl/randomnumber?key=1234&between=1,100&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=fdsa&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=6789&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=4321&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=1234&domain=blacklanternsecurity.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=fdsa&domain=evilcorp.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=6789&domain=evilcorp.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=4321&domain=evilcorp.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=1234&domain=evilcorp.com&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=fdsa&domain=evilcorp.net&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=6789&domain=evilcorp.net&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=4321&domain=evilcorp.net&json": 1,
+            "https://api.c99.nl/subdomainfinder?key=1234&domain=evilcorp.net&json": 1,
+        }
+
+
+class TestC99AbortThreshold4(TestC99AbortThreshold3):
+    targets = ["blacklanternsecurity.com", "evilcorp.com", "evilcorp.net", "evilcorp.co.uk"]
+
+    def check(self, module_test, events):
+        assert module_test.module.api_failure_abort_threshold == 13
+        assert module_test.module.errored is True
+        assert module_test.module._api_request_failures == 13
+        assert module_test.module.api_retries == 4
+        assert {e.data for e in events if e.type == "DNS_NAME"} == {
+            "blacklanternsecurity.com",
+            "evilcorp.com",
+            "evilcorp.net",
+            "evilcorp.co.uk",
+        }
+        assert len(self.url_count) == 16
+        assert all(v == 1 for v in self.url_count.values())