bbot 2.0.1.4720rc0__py3-none-any.whl → 2.3.0.5397rc0__py3-none-any.whl

bbot/test/test_step_2/module_tests/test_module_trufflehog.py

@@ -9,14 +9,16 @@ from .base import ModuleTestBase
 
 
 class TestTrufflehog(ModuleTestBase):
+    config_overrides = {"modules": {"postman_download": {"api_key": "asdf"}}}
     modules_overrides = [
         "github_org",
         "speculate",
         "git_clone",
-        "unstructured",
         "github_workflows",
         "dockerhub",
         "docker_pull",
+        "postman",
+        "postman_download",
         "trufflehog",
     ]
 
@@ -24,6 +26,37 @@ class TestTrufflehog(ModuleTestBase):
 
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(url="https://api.github.com/zen")
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/me",
+            json={
+                "user": {
+                    "id": 000000,
+                    "username": "test_key",
+                    "email": "blacklanternsecurity@test.com",
+                    "fullName": "Test Key",
+                    "avatar": "",
+                    "isPublic": True,
+                    "teamId": 0,
+                    "teamDomain": "",
+                    "roles": ["user"],
+                },
+                "operations": [
+                    {"name": "api_object_usage", "limit": 3, "usage": 0, "overage": 0},
+                    {"name": "collection_run_limit", "limit": 25, "usage": 0, "overage": 0},
+                    {"name": "file_storage_limit", "limit": 20, "usage": 0, "overage": 0},
+                    {"name": "flow_count", "limit": 5, "usage": 0, "overage": 0},
+                    {"name": "flow_requests", "limit": 5000, "usage": 0, "overage": 0},
+                    {"name": "performance_test_limit", "limit": 25, "usage": 0, "overage": 0},
+                    {"name": "postbot_calls", "limit": 50, "usage": 0, "overage": 0},
+                    {"name": "reusable_packages", "limit": 3, "usage": 0, "overage": 0},
+                    {"name": "test_data_retrieval", "limit": 1000, "usage": 0, "overage": 0},
+                    {"name": "test_data_storage", "limit": 10, "usage": 0, "overage": 0},
+                    {"name": "mock_usage", "limit": 1000, "usage": 0, "overage": 0},
+                    {"name": "monitor_request_runs", "limit": 1000, "usage": 0, "overage": 0},
+                    {"name": "api_usage", "limit": 1000, "usage": 0, "overage": 0},
+                ],
+            },
+        )
         module_test.httpx_mock.add_response(
             url="https://api.github.com/orgs/blacklanternsecurity",
             json={
@@ -813,6 +846,248 @@ class TestTrufflehog(ModuleTestBase):
         )
 
     async def setup_after_prep(self, module_test):
+        module_test.httpx_mock.add_response(
+            url="https://www.postman.com/_api/ws/proxy",
+            match_content=b'{"service": "search", "method": "POST", "path": "/search-all", "body": {"queryIndices": ["collaboration.workspace"], "queryText": "blacklanternsecurity", "size": 100, "from": 0, "clientTraceId": "", "requestOrigin": "srp", "mergeEntities": "true", "nonNestedRequests": "true", "domain": "public"}}',
+            json={
+                "data": [
+                    {
+                        "score": 611.41156,
+                        "normalizedScore": 23,
+                        "document": {
+                            "watcherCount": 6,
+                            "apiCount": 0,
+                            "forkCount": 0,
+                            "isblacklisted": "false",
+                            "createdAt": "2021-06-15T14:03:51",
+                            "publishertype": "team",
+                            "publisherHandle": "blacklanternsecurity",
+                            "id": "11498add-357d-4bc5-a008-0a2d44fb8829",
+                            "slug": "bbot-public",
+                            "updatedAt": "2024-07-30T11:00:35",
+                            "entityType": "workspace",
+                            "visibilityStatus": "public",
+                            "forkcount": "0",
+                            "tags": [],
+                            "createdat": "2021-06-15T14:03:51",
+                            "forkLabel": "",
+                            "publisherName": "blacklanternsecurity",
+                            "name": "BlackLanternSecurity BBOT [Public]",
+                            "dependencyCount": 7,
+                            "collectionCount": 6,
+                            "warehouse__updated_at": "2024-07-30 11:00:00",
+                            "privateNetworkFolders": [],
+                            "isPublisherVerified": False,
+                            "publisherType": "team",
+                            "curatedInList": [],
+                            "creatorId": "6900157",
+                            "description": "",
+                            "forklabel": "",
+                            "publisherId": "299401",
+                            "publisherLogo": "",
+                            "popularity": 5,
+                            "isPublic": True,
+                            "categories": [],
+                            "universaltags": "",
+                            "views": 5788,
+                            "summary": "BLS public workspaces.",
+                            "memberCount": 2,
+                            "isBlacklisted": False,
+                            "publisherid": "299401",
+                            "isPrivateNetworkEntity": False,
+                            "isDomainNonTrivial": True,
+                            "privateNetworkMeta": "",
+                            "updatedat": "2021-10-20T16:19:29",
+                            "documentType": "workspace",
+                        },
+                        "highlight": {"summary": "<b>BLS</b> BBOT api test."},
+                    },
+                ],
+                "meta": {
+                    "queryText": "blacklanternsecurity",
+                    "total": {
+                        "collection": 0,
+                        "request": 0,
+                        "workspace": 1,
+                        "api": 0,
+                        "team": 0,
+                        "user": 0,
+                        "flow": 0,
+                        "apiDefinition": 0,
+                        "privateNetworkFolder": 0,
+                    },
+                    "state": "AQ4",
+                    "spellCorrection": {"count": {"all": 1, "workspace": 1}, "correctedQueryText": None},
+                    "featureFlags": {
+                        "enabledPublicResultCuration": True,
+                        "boostByPopularity": True,
+                        "reRankPostNormalization": True,
+                        "enableUrlBarHostNameSearch": True,
+                    },
+                },
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://www.postman.com/_api/ws/proxy",
+            match_content=b'{"service": "workspaces", "method": "GET", "path": "/workspaces?handle=blacklanternsecurity&slug=bbot-public"}',
+            json={
+                "meta": {"model": "workspace", "action": "find", "nextCursor": ""},
+                "data": [
+                    {
+                        "id": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
+                        "name": "BlackLanternSecurity BBOT [Public]",
+                        "description": None,
+                        "summary": "BLS public workspaces.",
+                        "createdBy": "299401",
+                        "updatedBy": "299401",
+                        "team": None,
+                        "createdAt": "2021-10-20T16:19:29",
+                        "updatedAt": "2021-10-20T16:19:29",
+                        "visibilityStatus": "public",
+                        "profileInfo": {
+                            "slug": "bbot-public",
+                            "profileType": "team",
+                            "profileId": "000000",
+                            "publicHandle": "https://www.postman.com/blacklanternsecurity",
+                            "publicImageURL": "",
+                            "publicName": "BlackLanternSecurity",
+                            "isVerified": False,
+                        },
+                    }
+                ],
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/workspaces/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
+            json={
+                "workspace": {
+                    "id": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
+                    "name": "BlackLanternSecurity BBOT [Public]",
+                    "type": "personal",
+                    "description": None,
+                    "visibility": "public",
+                    "createdBy": "00000000",
+                    "updatedBy": "00000000",
+                    "createdAt": "2021-11-17T06:09:01.000Z",
+                    "updatedAt": "2021-11-17T08:57:16.000Z",
+                    "collections": [
+                        {
+                            "id": "2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
+                            "name": "BBOT Public",
+                            "uid": "10197090-2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
+                        },
+                    ],
+                    "environments": [
+                        {
+                            "id": "f770f816-9c6a-40f7-bde3-c0855d2a1089",
+                            "name": "BBOT Test",
+                            "uid": "10197090-f770f816-9c6a-40f7-bde3-c0855d2a1089",
+                        }
+                    ],
+                    "apis": [],
+                }
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://www.postman.com/_api/workspace/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b/globals",
+            json={
+                "model_id": "8be7574b-219f-49e0-8d25-da447a882e4e",
+                "meta": {"model": "globals", "action": "find"},
+                "data": {
+                    "workspace": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
+                    "lastUpdatedBy": "00000000",
+                    "lastRevision": 1637239113000,
+                    "id": "8be7574b-219f-49e0-8d25-da447a882e4e",
+                    "values": [
+                        {
+                            "key": "endpoint_url",
+                            "value": "https://api.blacklanternsecurity.com/",
+                            "enabled": True,
+                        },
+                    ],
+                    "createdAt": "2021-11-17T06:09:01.000Z",
+                    "updatedAt": "2021-11-18T12:38:33.000Z",
+                },
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/environments/10197090-f770f816-9c6a-40f7-bde3-c0855d2a1089",
+            json={
+                "environment": {
+                    "id": "f770f816-9c6a-40f7-bde3-c0855d2a1089",
+                    "name": "BBOT Test",
+                    "owner": "00000000",
+                    "createdAt": "2021-11-17T06:29:54.000Z",
+                    "updatedAt": "2021-11-23T07:06:53.000Z",
+                    "values": [
+                        {
+                            "key": "temp_session_endpoint",
+                            "value": "https://api.blacklanternsecurity.com/",
+                            "enabled": True,
+                        },
+                    ],
+                    "isPublic": True,
+                }
+            },
+        )
+        module_test.httpx_mock.add_response(
+            url="https://api.getpostman.com/collections/10197090-2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
+            json={
+                "collection": {
+                    "info": {
+                        "_postman_id": "62b91565-d2e2-4bcd-8248-4dba2e3452f0",
+                        "name": "BBOT Public",
+                        "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+                        "updatedAt": "2021-11-17T07:13:16.000Z",
+                        "createdAt": "2021-11-17T07:13:15.000Z",
+                        "lastUpdatedBy": "00000000",
+                        "uid": "172983-62b91565-d2e2-4bcd-8248-4dba2e3452f0",
+                    },
+                    "item": [
+                        {
+                            "name": "Generate API Session",
+                            "id": "c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
+                            "protocolProfileBehavior": {"disableBodyPruning": True},
+                            "request": {
+                                "method": "POST",
+                                "header": [{"key": "Content-Type", "value": "application/json"}],
+                                "body": {
+                                    "mode": "raw",
+                                    "raw": '{"username": "test", "password": "Test"}',
+                                },
+                                "url": {
+                                    "raw": "https://admin:admin@the-internet.herokuapp.com/basic_auth",
+                                    "host": ["https://admin:admin@the-internet.herokuapp.com/basic_auth"],
+                                },
+                                "description": "",
+                            },
+                            "response": [],
+                            "uid": "10197090-c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
+                        },
+                        {
+                            "name": "Generate API Session",
+                            "id": "c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
+                            "protocolProfileBehavior": {"disableBodyPruning": True},
+                            "request": {
+                                "method": "POST",
+                                "header": [{"key": "Content-Type", "value": "application/json"}],
+                                "body": {
+                                    "mode": "raw",
+                                    "raw": '{"username": "test", "password": "Test"}',
+                                },
+                                "url": {
+                                    "raw": "https://admin:admin@internal.host.com",
+                                    "host": ["https://admin:admin@internal.host.com"],
+                                },
+                                "description": "",
+                            },
+                            "response": [],
+                            "uid": "10197090-c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
+                        },
+                    ],
+                }
+            },
+        )
         temp_path = Path("/tmp/.bbot_test")
         temp_repo_path = temp_path / "test_keys"
         shutil.rmtree(temp_repo_path, ignore_errors=True)
@@ -850,22 +1125,26 @@ class TestTrufflehog(ModuleTestBase):
             e
             for e in events
             if e.type == "VULNERABILITY"
-            and (e.data["host"] == "hub.docker.com" or e.data["host"] == "github.com")
+            and (
+                e.data["host"] == "hub.docker.com"
+                or e.data["host"] == "github.com"
+                or e.data["host"] == "www.postman.com"
+            )
             and "Verified Secret Found." in e.data["description"]
             and "Raw result: [https://admin:admin@the-internet.herokuapp.com]" in e.data["description"]
             and "RawV2 result: [https://admin:admin@the-internet.herokuapp.com/basic_auth]" in e.data["description"]
         ]
-        # Trufflehog should find 3 verifiable secrets, 1 from the github, 1 from the workflow log and 1 from the docker image. Unstructured will extract the text file but trufflehog should reject it as its already scanned the containing folder
-        assert 3 == len(vuln_events), "Failed to find secret in events"
+        # Trufflehog should find 4 verifiable secrets, 1 from the github, 1 from the workflow log, 1 from the docker image and 1 from the postman.
+        assert 4 == len(vuln_events), "Failed to find secret in events"
         github_repo_event = [e for e in vuln_events if "test_keys" in e.data["description"]][0].parent
         folder = Path(github_repo_event.data["path"])
         assert folder.is_dir(), "Destination folder doesn't exist"
         with open(folder / "keys.txt") as f:
             content = f.read()
             assert content == self.file_content, "File content doesn't match"
-        filesystem_events = [e.parent for e in vuln_events if "bbot" in e.data["description"]]
-        assert len(filesystem_events) == 3
-        assert all([e.type == "FILESYSTEM" for e in filesystem_events])
+        filesystem_events = [e.parent for e in vuln_events]
+        assert len(filesystem_events) == 4
+        assert all(e.type == "FILESYSTEM" for e in filesystem_events)
         assert 1 == len(
             [
                 e
@@ -889,31 +1168,45 @@ class TestTrufflehog(ModuleTestBase):
                 and Path(e.data["path"]).is_file()
             ]
         ), "Docker image file does not exist"
+        assert 1 == len(
+            [
+                e
+                for e in filesystem_events
+                if e.data["path"].endswith(
+                    "/postman_workspaces/BlackLanternSecurity BBOT [Public]/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b.zip"
+                )
+                and Path(e.data["path"]).is_file()
+            ]
+        ), "Failed to find blacklanternsecurity postman workspace"
 
 
 class TestTrufflehog_NonVerified(TestTrufflehog):
-    config_overrides = {"modules": {"trufflehog": {"only_verified": False}}}
+    config_overrides = {"modules": {"trufflehog": {"only_verified": False}, "postman_download": {"api_key": "asdf"}}}
 
     def check(self, module_test, events):
         finding_events = [
             e
             for e in events
             if e.type == e.type == "FINDING"
-            and (e.data["host"] == "hub.docker.com" or e.data["host"] == "github.com")
+            and (
+                e.data["host"] == "hub.docker.com"
+                or e.data["host"] == "github.com"
+                or e.data["host"] == "www.postman.com"
+            )
             and "Potential Secret Found." in e.data["description"]
             and "Raw result: [https://admin:admin@internal.host.com]" in e.data["description"]
         ]
-        # Trufflehog should find 3 unverifiable secrets, 1 from the github, 1 from the workflow log and 1 from the docker image. Unstructured will extract the text file but trufflehog should reject it as its already scanned the containing folder
-        assert 3 == len(finding_events), "Failed to find secret in events"
+        # Trufflehog should find 4 unverifiable secrets, 1 from the github, 1 from the workflow log, 1 from the docker image and 1 from the postman.
+        assert 4 == len(finding_events), "Failed to find secret in events"
         github_repo_event = [e for e in finding_events if "test_keys" in e.data["description"]][0].parent
         folder = Path(github_repo_event.data["path"])
         assert folder.is_dir(), "Destination folder doesn't exist"
         with open(folder / "keys.txt") as f:
             content = f.read()
             assert content == self.file_content, "File content doesn't match"
-        filesystem_events = [e.parent for e in finding_events if "bbot" in e.data["description"]]
-        assert len(filesystem_events) == 3
-        assert all([e.type == "FILESYSTEM" for e in filesystem_events])
+        filesystem_events = [e.parent for e in finding_events]
+        assert len(filesystem_events) == 4
+        assert all(e.type == "FILESYSTEM" for e in filesystem_events)
         assert 1 == len(
             [
                 e
@@ -937,3 +1230,13 @@ class TestTrufflehog_NonVerified(TestTrufflehog):
                 and Path(e.data["path"]).is_file()
             ]
         ), "Docker image file does not exist"
+        assert 1 == len(
+            [
+                e
+                for e in filesystem_events
+                if e.data["path"].endswith(
+                    "/postman_workspaces/BlackLanternSecurity BBOT [Public]/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b.zip"
+                )
+                and Path(e.data["path"]).is_file()
+            ]
+        ), "Failed to find blacklanternsecurity postman workspace"

bbot/test/test_step_2/module_tests/test_module_wayback.py

@@ -4,7 +4,7 @@ from .base import ModuleTestBase
 class TestWayback(ModuleTestBase):
     async def setup_after_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"http://web.archive.org/cdx/search/cdx?url=blacklanternsecurity.com&matchType=domain&output=json&fl=original&collapse=original",
+            url="http://web.archive.org/cdx/search/cdx?url=blacklanternsecurity.com&matchType=domain&output=json&fl=original&collapse=original",
             json=[["original"], ["http://asdf.blacklanternsecurity.com"]],
         )
 

bbot/test/test_step_2/template_tests/test_template_subdomain_enum.py

@@ -120,7 +120,7 @@ class TestSubdomainEnumWildcardBaseline(ModuleTestBase):
 
     def check(self, module_test, events):
         assert self.queries == ["walmart.cn"]
-        assert len(events) == 6
+        assert len(events) == 7
         assert 2 == len(
             [
                 e
@@ -185,7 +185,7 @@ def custom_lookup(query, rdtype):
     def check(self, module_test, events):
         # no subdomain enum should happen on this domain!
         assert self.queries == []
-        assert len(events) == 6
+        assert len(events) == 7
         assert 2 == len(
             [e for e in events if e.type == "IP_ADDRESS" and str(e.module) == "A" and e.scope_distance == 1]
         )

{bbot-2.0.1.4720rc0.dist-info → bbot-2.3.0.5397rc0.dist-info}/METADATA

@@ -1,10 +1,10 @@
 Metadata-Version: 2.1
 Name: bbot
-Version: 2.0.1.4720rc0
+Version: 2.3.0.5397rc0
 Summary: OSINT automation for hackers.
 Home-page: https://github.com/blacklanternsecurity/bbot
 License: GPL-3.0
-Keywords: python,cli,automation,osint,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool
+Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool
 Author: TheTechromancer
 Requires-Python: >=3.9,<4.0
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -14,26 +14,28 @@ Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Topic :: Security
 Requires-Dist: ansible (>=7.3,<9.0)
 Requires-Dist: ansible-runner (>=2.3.2,<3.0.0)
 Requires-Dist: beautifulsoup4 (>=4.12.2,<5.0.0)
 Requires-Dist: cachetools (>=5.3.2,<6.0.0)
-Requires-Dist: cloudcheck (>=5.0.0.350,<6.0.0.0)
+Requires-Dist: cloudcheck (>=6.0.0.602,<7.0.0.0)
 Requires-Dist: deepdiff (>=6.2.3,<8.0.0)
 Requires-Dist: dnspython (>=2.4.2,<3.0.0)
 Requires-Dist: httpx (>=0.27.0,<0.28.0)
 Requires-Dist: idna (>=3.4,<4.0)
 Requires-Dist: jinja2 (>=3.1.3,<4.0.0)
 Requires-Dist: lxml (>=4.9.2,<6.0.0)
-Requires-Dist: mmh3 (>=4.1.0,<5.0.0)
+Requires-Dist: mmh3 (>=4.1,<6.0)
 Requires-Dist: omegaconf (>=2.3.0,<3.0.0)
-Requires-Dist: psutil (>=5.9.4,<6.0.0)
+Requires-Dist: psutil (>=5.9.4,<7.0.0)
+Requires-Dist: puremagic (>=1.28,<2.0)
 Requires-Dist: pycryptodome (>=3.17,<4.0)
 Requires-Dist: pydantic (>=2.4.2,<3.0.0)
 Requires-Dist: pyjwt (>=2.7.0,<3.0.0)
 Requires-Dist: pyzmq (>=26.0.3,<27.0.0)
-Requires-Dist: radixtarget (>=1.0.0.15,<2.0.0.0)
+Requires-Dist: radixtarget (>=2.0.0.50,<3.0.0.0)
 Requires-Dist: regex (>=2024.4.16,<2025.0.0)
 Requires-Dist: setproctitle (>=1.3.3,<2.0.0)
 Requires-Dist: socksio (>=1.0.0,<2.0.0)
@@ -52,7 +54,7 @@ Description-Content-Type: text/markdown
 
 [![bbot_banner](https://github.com/user-attachments/assets/f02804ce-9478-4f1e-ac4d-9cf5620a3214)](https://github.com/blacklanternsecurity/bbot)
 
-[![Python Version](https://img.shields.io/badge/python-3.9+-FF8400)](https://www.python.org) [![License](https://img.shields.io/badge/license-GPLv3-FF8400.svg)](https://github.com/blacklanternsecurity/bbot/blob/dev/LICENSE) [![DEF CON Recon Village 2024](https://img.shields.io/badge/DEF%20CON%20Demo%20Labs-2023-FF8400.svg)](https://www.reconvillage.org/talks) [![PyPi Downloads](https://static.pepy.tech/personalized-badge/bbot?right_color=orange&left_color=grey)](https://pepy.tech/project/bbot) [![Black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) [![Tests](https://github.com/blacklanternsecurity/bbot/actions/workflows/tests.yml/badge.svg?branch=stable)](https://github.com/blacklanternsecurity/bbot/actions?query=workflow%3A"tests") [![Codecov](https://codecov.io/gh/blacklanternsecurity/bbot/branch/dev/graph/badge.svg?token=IR5AZBDM5K)](https://codecov.io/gh/blacklanternsecurity/bbot) [![Discord](https://img.shields.io/discord/859164869970362439)](https://discord.com/invite/PZqkgxu5SA)
+[![Python Version](https://img.shields.io/badge/python-3.9+-FF8400)](https://www.python.org) [![License](https://img.shields.io/badge/license-GPLv3-FF8400.svg)](https://github.com/blacklanternsecurity/bbot/blob/dev/LICENSE) [![DEF CON Recon Village 2024](https://img.shields.io/badge/DEF%20CON%20Demo%20Labs-2023-FF8400.svg)](https://www.reconvillage.org/talks) [![PyPi Downloads](https://static.pepy.tech/personalized-badge/bbot?right_color=orange&left_color=grey)](https://pepy.tech/project/bbot) [![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff) [![Tests](https://github.com/blacklanternsecurity/bbot/actions/workflows/tests.yml/badge.svg?branch=stable)](https://github.com/blacklanternsecurity/bbot/actions?query=workflow%3A"tests") [![Codecov](https://codecov.io/gh/blacklanternsecurity/bbot/branch/dev/graph/badge.svg?token=IR5AZBDM5K)](https://codecov.io/gh/blacklanternsecurity/bbot) [![Discord](https://img.shields.io/discord/859164869970362439)](https://discord.com/invite/PZqkgxu5SA)
 
 ### **BEE·bot** is a multipurpose scanner inspired by [Spiderfoot](https://github.com/smicallef/spiderfoot), built to automate your **Recon**, **Bug Bounties**, and **ASM**!
 
@@ -107,13 +109,13 @@ config:
     threads: 25
     brute_threads: 1000
   # put your API keys here
-  modules:
-    github:
-      api_key: ""
-    chaos:
-      api_key: ""
-    securitytrails:
-      api_key: ""
+  # modules:
+  #   github:
+  #     api_key: ""
+  #   chaos:
+  #     api_key: ""
+  #   securitytrails:
+  #     api_key: ""
 
 ```
 
@@ -143,6 +145,10 @@ description: Recursive web spider
 modules:
   - httpx
 
+blacklist:
+  # Prevent spider from invalidating sessions by logging out
+  - "RE:/.*(sign|log)[_-]?out"
+
 config:
   web:
     # how many links to follow in a row
@@ -243,10 +249,10 @@ flags:
 
 ```bash
 # everything everywhere all at once
-bbot -t evilcorp.com -p kitchen-sink
+bbot -t evilcorp.com -p kitchen-sink --allow-deadly
 
 # roughly equivalent to:
-bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots
+bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots --allow-deadly
 ```
 
 <!-- BBOT KITCHEN-SINK PRESET EXPANDABLE -->
@@ -267,6 +273,7 @@ include:
   - paramminer
   - dirbust-light
   - web-screenshots
+  - baddns-thorough
 
 config:
   modules:
@@ -287,6 +294,24 @@ Click the graph below to explore the [inner workings](https://www.blacklanternse
 
 [![image](https://github.com/blacklanternsecurity/bbot/assets/20261699/e55ba6bd-6d97-48a6-96f0-e122acc23513)](https://www.blacklanternsecurity.com/bbot/Stable/how_it_works/)
 
+## Output Modules
+
+- [Neo4j](docs/scanning/output.md#neo4j)
+- [Teams](docs/scanning/output.md#teams)
+- [Discord](docs/scanning/output.md#discord)
+- [Slack](docs/scanning/output.md#slack)
+- [Postgres](docs/scanning/output.md#postgres)
+- [MySQL](docs/scanning/output.md#mysql)
+- [SQLite](docs/scanning/output.md#sqlite)
+- [Splunk](docs/scanning/output.md#splunk)
+- [Elasticsearch](docs/scanning/output.md#elasticsearch)
+- [CSV](docs/scanning/output.md#csv)
+- [JSON](docs/scanning/output.md#json)
+- [HTTP](docs/scanning/output.md#http)
+- [Websocket](docs/scanning/output.md#websocket)
+
+...and [more](docs/scanning/output.md)!
+
 ## BBOT as a Python Library
 
 #### Synchronous
@@ -355,13 +380,17 @@ For more information, see [Targets](https://www.blacklanternsecurity.com/bbot/St
 
 Similar to Amass or Subfinder, BBOT supports API keys for various third-party services such as SecurityTrails, etc.
 
-The standard way to do this is to enter your API keys in **`~/.config/bbot/bbot.yml`**:
+The standard way to do this is to enter your API keys in **`~/.config/bbot/bbot.yml`**. Note that multiple API keys are allowed:
 ```yaml
 modules:
   shodan_dns:
     api_key: 4f41243847da693a4f356c0486114bc6
   c99:
-    api_key: 21a270d5f59c9b05813a72bb41707266
+    # multiple API keys
+    api_key:
+      - 21a270d5f59c9b05813a72bb41707266
+      - ea8f243d9885cf8ce9876a580224fd3c
+      - 5bc6ed268ab6488270e496d3183a1a27
   virustotal:
     api_key: dd5f0eee2e4a99b71a939bded450b246
   securitytrails:
@@ -404,6 +433,7 @@ For details, see [Configuration](https://www.blacklanternsecurity.com/bbot/Stabl
     - **Modules**
         - [List of Modules](https://www.blacklanternsecurity.com/bbot/Stable/modules/list_of_modules)
         - [Nuclei](https://www.blacklanternsecurity.com/bbot/Stable/modules/nuclei)
+        - [Custom YARA Rules](https://www.blacklanternsecurity.com/bbot/Stable/modules/custom_yara_rules)
     - **Misc**
         - [Contribution](https://www.blacklanternsecurity.com/bbot/Stable/contribution)
         - [Release History](https://www.blacklanternsecurity.com/bbot/Stable/release_history)