PyPI - bbot - Versions diffs - 2.0.1.4720rc0__py3-none-any.whl → 2.3.0.5401rc0__py3-none-any.whl - Mend

bbot 2.0.1.4720rc0py3-none-any.whl → 2.3.0.5401rc0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of bbot might be problematic. Click here for more details.

Files changed (278) hide show

bbot/__init__.py +1 -1
bbot/cli.py +3 -7
bbot/core/config/files.py +0 -1
bbot/core/config/logger.py +34 -4
bbot/core/core.py +21 -4
bbot/core/engine.py +9 -8
bbot/core/event/base.py +131 -52
bbot/core/helpers/bloom.py +10 -3
bbot/core/helpers/command.py +8 -7
bbot/core/helpers/depsinstaller/installer.py +31 -13
bbot/core/helpers/diff.py +10 -10
bbot/core/helpers/dns/brute.py +7 -4
bbot/core/helpers/dns/dns.py +1 -2
bbot/core/helpers/dns/engine.py +4 -6
bbot/core/helpers/dns/helpers.py +2 -2
bbot/core/helpers/dns/mock.py +0 -1
bbot/core/helpers/files.py +1 -1
bbot/core/helpers/helper.py +7 -4
bbot/core/helpers/interactsh.py +3 -3
bbot/core/helpers/libmagic.py +65 -0
bbot/core/helpers/misc.py +65 -22
bbot/core/helpers/names_generator.py +17 -3
bbot/core/helpers/process.py +0 -20
bbot/core/helpers/regex.py +1 -1
bbot/core/helpers/regexes.py +12 -6
bbot/core/helpers/validators.py +1 -2
bbot/core/helpers/web/client.py +1 -1
bbot/core/helpers/web/engine.py +1 -2
bbot/core/helpers/web/web.py +4 -114
bbot/core/helpers/wordcloud.py +5 -5
bbot/core/modules.py +36 -27
bbot/core/multiprocess.py +58 -0
bbot/core/shared_deps.py +46 -3
bbot/db/sql/models.py +147 -0
bbot/defaults.yml +12 -10
bbot/modules/anubisdb.py +2 -2
bbot/modules/apkpure.py +63 -0
bbot/modules/azure_tenant.py +2 -2
bbot/modules/baddns.py +35 -19
bbot/modules/baddns_direct.py +92 -0
bbot/modules/baddns_zone.py +3 -8
bbot/modules/badsecrets.py +4 -3
bbot/modules/base.py +195 -51
bbot/modules/bevigil.py +7 -7
bbot/modules/binaryedge.py +7 -4
bbot/modules/bufferoverrun.py +47 -0
bbot/modules/builtwith.py +6 -10
bbot/modules/bypass403.py +5 -5
bbot/modules/c99.py +10 -7
bbot/modules/censys.py +9 -13
bbot/modules/certspotter.py +5 -3
bbot/modules/chaos.py +9 -7
bbot/modules/code_repository.py +1 -0
bbot/modules/columbus.py +3 -3
bbot/modules/crt.py +5 -3
bbot/modules/deadly/dastardly.py +1 -1
bbot/modules/deadly/ffuf.py +9 -9
bbot/modules/deadly/nuclei.py +3 -3
bbot/modules/deadly/vhost.py +4 -3
bbot/modules/dehashed.py +1 -1
bbot/modules/digitorus.py +1 -1
bbot/modules/dnsbimi.py +145 -0
bbot/modules/dnscaa.py +3 -3
bbot/modules/dnsdumpster.py +4 -4
bbot/modules/dnstlsrpt.py +144 -0
bbot/modules/docker_pull.py +7 -5
bbot/modules/dockerhub.py +2 -2
bbot/modules/dotnetnuke.py +20 -21
bbot/modules/emailformat.py +1 -1
bbot/modules/extractous.py +122 -0
bbot/modules/filedownload.py +9 -7
bbot/modules/fullhunt.py +7 -4
bbot/modules/generic_ssrf.py +5 -5
bbot/modules/github_codesearch.py +3 -2
bbot/modules/github_org.py +4 -4
bbot/modules/github_workflows.py +4 -4
bbot/modules/gitlab.py +2 -5
bbot/modules/google_playstore.py +93 -0
bbot/modules/gowitness.py +48 -50
bbot/modules/hackertarget.py +5 -3
bbot/modules/host_header.py +5 -5
bbot/modules/httpx.py +1 -4
bbot/modules/hunterio.py +3 -9
bbot/modules/iis_shortnames.py +19 -30
bbot/modules/internal/cloudcheck.py +29 -12
bbot/modules/internal/dnsresolve.py +22 -22
bbot/modules/internal/excavate.py +97 -59
bbot/modules/internal/speculate.py +41 -32
bbot/modules/internetdb.py +4 -2
bbot/modules/ip2location.py +3 -5
bbot/modules/ipneighbor.py +1 -1
bbot/modules/ipstack.py +3 -8
bbot/modules/jadx.py +87 -0
bbot/modules/leakix.py +11 -10
bbot/modules/myssl.py +2 -2
bbot/modules/newsletters.py +2 -2
bbot/modules/otx.py +5 -3
bbot/modules/output/asset_inventory.py +7 -7
bbot/modules/output/base.py +1 -1
bbot/modules/output/csv.py +1 -1
bbot/modules/output/http.py +20 -14
bbot/modules/output/mysql.py +51 -0
bbot/modules/output/neo4j.py +7 -2
bbot/modules/output/postgres.py +49 -0
bbot/modules/output/slack.py +0 -1
bbot/modules/output/sqlite.py +29 -0
bbot/modules/output/stdout.py +2 -2
bbot/modules/output/teams.py +107 -6
bbot/modules/paramminer_headers.py +8 -11
bbot/modules/passivetotal.py +13 -13
bbot/modules/portscan.py +32 -6
bbot/modules/postman.py +50 -126
bbot/modules/postman_download.py +220 -0
bbot/modules/rapiddns.py +3 -8
bbot/modules/report/asn.py +18 -11
bbot/modules/robots.py +3 -3
bbot/modules/securitytrails.py +7 -10
bbot/modules/securitytxt.py +1 -1
bbot/modules/shodan_dns.py +7 -9
bbot/modules/sitedossier.py +1 -1
bbot/modules/skymem.py +2 -2
bbot/modules/social.py +2 -1
bbot/modules/subdomaincenter.py +1 -1
bbot/modules/subdomainradar.py +160 -0
bbot/modules/telerik.py +8 -8
bbot/modules/templates/bucket.py +1 -1
bbot/modules/templates/github.py +22 -14
bbot/modules/templates/postman.py +21 -0
bbot/modules/templates/shodan.py +14 -13
bbot/modules/templates/sql.py +95 -0
bbot/modules/templates/subdomain_enum.py +51 -16
bbot/modules/templates/webhook.py +2 -4
bbot/modules/trickest.py +8 -37
bbot/modules/trufflehog.py +10 -12
bbot/modules/url_manipulation.py +3 -3
bbot/modules/urlscan.py +1 -1
bbot/modules/viewdns.py +1 -1
bbot/modules/virustotal.py +8 -30
bbot/modules/wafw00f.py +1 -1
bbot/modules/wayback.py +1 -1
bbot/modules/wpscan.py +17 -11
bbot/modules/zoomeye.py +11 -6
bbot/presets/baddns-thorough.yml +12 -0
bbot/presets/fast.yml +16 -0
bbot/presets/kitchen-sink.yml +1 -2
bbot/presets/spider.yml +4 -0
bbot/presets/subdomain-enum.yml +7 -7
bbot/presets/web/dotnet-audit.yml +0 -1
bbot/scanner/manager.py +5 -16
bbot/scanner/preset/args.py +46 -26
bbot/scanner/preset/environ.py +7 -2
bbot/scanner/preset/path.py +7 -4
bbot/scanner/preset/preset.py +36 -23
bbot/scanner/scanner.py +172 -62
bbot/scanner/target.py +236 -434
bbot/scripts/docs.py +1 -1
bbot/test/bbot_fixtures.py +13 -3
bbot/test/conftest.py +132 -100
bbot/test/fastapi_test.py +17 -0
bbot/test/owasp_mastg.apk +0 -0
bbot/test/run_tests.sh +4 -4
bbot/test/test.conf +2 -0
bbot/test/test_step_1/test__module__tests.py +0 -1
bbot/test/test_step_1/test_bbot_fastapi.py +79 -0
bbot/test/test_step_1/test_bloom_filter.py +2 -1
bbot/test/test_step_1/test_cli.py +138 -64
bbot/test/test_step_1/test_dns.py +61 -27
bbot/test/test_step_1/test_engine.py +17 -19
bbot/test/test_step_1/test_events.py +183 -30
bbot/test/test_step_1/test_helpers.py +64 -29
bbot/test/test_step_1/test_manager_deduplication.py +1 -1
bbot/test/test_step_1/test_manager_scope_accuracy.py +333 -330
bbot/test/test_step_1/test_modules_basic.py +68 -70
bbot/test/test_step_1/test_presets.py +183 -100
bbot/test/test_step_1/test_python_api.py +7 -2
bbot/test/test_step_1/test_regexes.py +35 -5
bbot/test/test_step_1/test_scan.py +39 -5
bbot/test/test_step_1/test_scope.py +4 -3
bbot/test/test_step_1/test_target.py +242 -145
bbot/test/test_step_1/test_web.py +14 -10
bbot/test/test_step_2/module_tests/base.py +15 -7
bbot/test/test_step_2/module_tests/test_module_anubisdb.py +1 -1
bbot/test/test_step_2/module_tests/test_module_apkpure.py +71 -0
bbot/test/test_step_2/module_tests/test_module_asset_inventory.py +0 -1
bbot/test/test_step_2/module_tests/test_module_azure_realm.py +1 -1
bbot/test/test_step_2/module_tests/test_module_baddns.py +6 -6
bbot/test/test_step_2/module_tests/test_module_baddns_direct.py +62 -0
bbot/test/test_step_2/module_tests/test_module_bevigil.py +29 -2
bbot/test/test_step_2/module_tests/test_module_binaryedge.py +4 -2
bbot/test/test_step_2/module_tests/test_module_bucket_amazon.py +2 -2
bbot/test/test_step_2/module_tests/test_module_bucket_azure.py +1 -1
bbot/test/test_step_2/module_tests/test_module_bufferoverrun.py +35 -0
bbot/test/test_step_2/module_tests/test_module_builtwith.py +2 -2
bbot/test/test_step_2/module_tests/test_module_bypass403.py +1 -1
bbot/test/test_step_2/module_tests/test_module_c99.py +126 -0
bbot/test/test_step_2/module_tests/test_module_censys.py +4 -1
bbot/test/test_step_2/module_tests/test_module_cloudcheck.py +4 -0
bbot/test/test_step_2/module_tests/test_module_code_repository.py +11 -1
bbot/test/test_step_2/module_tests/test_module_columbus.py +1 -1
bbot/test/test_step_2/module_tests/test_module_credshed.py +3 -3
bbot/test/test_step_2/module_tests/test_module_dastardly.py +2 -1
bbot/test/test_step_2/module_tests/test_module_dehashed.py +2 -2
bbot/test/test_step_2/module_tests/test_module_digitorus.py +1 -1
bbot/test/test_step_2/module_tests/test_module_discord.py +1 -1
bbot/test/test_step_2/module_tests/test_module_dnsbimi.py +103 -0
bbot/test/test_step_2/module_tests/test_module_dnsbrute.py +9 -10
bbot/test/test_step_2/module_tests/test_module_dnsbrute_mutations.py +1 -2
bbot/test/test_step_2/module_tests/test_module_dnscommonsrv.py +1 -2
bbot/test/test_step_2/module_tests/test_module_dnsdumpster.py +4 -4
bbot/test/test_step_2/module_tests/test_module_dnstlsrpt.py +64 -0
bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py +0 -8
bbot/test/test_step_2/module_tests/test_module_excavate.py +28 -48
bbot/test/test_step_2/module_tests/test_module_extractous.py +54 -0
bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py +1 -1
bbot/test/test_step_2/module_tests/test_module_filedownload.py +14 -14
bbot/test/test_step_2/module_tests/test_module_git_clone.py +2 -2
bbot/test/test_step_2/module_tests/test_module_github_org.py +19 -8
bbot/test/test_step_2/module_tests/test_module_github_workflows.py +1 -1
bbot/test/test_step_2/module_tests/test_module_gitlab.py +9 -4
bbot/test/test_step_2/module_tests/test_module_google_playstore.py +83 -0
bbot/test/test_step_2/module_tests/test_module_gowitness.py +4 -6
bbot/test/test_step_2/module_tests/test_module_host_header.py +1 -1
bbot/test/test_step_2/module_tests/test_module_http.py +4 -4
bbot/test/test_step_2/module_tests/test_module_httpx.py +10 -8
bbot/test/test_step_2/module_tests/test_module_hunterio.py +68 -4
bbot/test/test_step_2/module_tests/test_module_jadx.py +55 -0
bbot/test/test_step_2/module_tests/test_module_json.py +22 -9
bbot/test/test_step_2/module_tests/test_module_leakix.py +7 -3
bbot/test/test_step_2/module_tests/test_module_mysql.py +76 -0
bbot/test/test_step_2/module_tests/test_module_myssl.py +1 -1
bbot/test/test_step_2/module_tests/test_module_neo4j.py +1 -1
bbot/test/test_step_2/module_tests/test_module_newsletters.py +16 -16
bbot/test/test_step_2/module_tests/test_module_ntlm.py +8 -7
bbot/test/test_step_2/module_tests/test_module_oauth.py +1 -1
bbot/test/test_step_2/module_tests/test_module_otx.py +1 -1
bbot/test/test_step_2/module_tests/test_module_paramminer_cookies.py +1 -2
bbot/test/test_step_2/module_tests/test_module_paramminer_getparams.py +0 -6
bbot/test/test_step_2/module_tests/test_module_paramminer_headers.py +2 -9
bbot/test/test_step_2/module_tests/test_module_passivetotal.py +3 -1
bbot/test/test_step_2/module_tests/test_module_pgp.py +2 -2
bbot/test/test_step_2/module_tests/test_module_portscan.py +9 -8
bbot/test/test_step_2/module_tests/test_module_postgres.py +74 -0
bbot/test/test_step_2/module_tests/test_module_postman.py +84 -253
bbot/test/test_step_2/module_tests/test_module_postman_download.py +439 -0
bbot/test/test_step_2/module_tests/test_module_rapiddns.py +93 -1
bbot/test/test_step_2/module_tests/test_module_shodan_dns.py +20 -1
bbot/test/test_step_2/module_tests/test_module_sitedossier.py +2 -2
bbot/test/test_step_2/module_tests/test_module_smuggler.py +14 -14
bbot/test/test_step_2/module_tests/test_module_social.py +11 -1
bbot/test/test_step_2/module_tests/test_module_speculate.py +4 -8
bbot/test/test_step_2/module_tests/test_module_splunk.py +4 -4
bbot/test/test_step_2/module_tests/test_module_sqlite.py +18 -0
bbot/test/test_step_2/module_tests/test_module_sslcert.py +1 -1
bbot/test/test_step_2/module_tests/test_module_stdout.py +5 -3
bbot/test/test_step_2/module_tests/test_module_subdomaincenter.py +1 -1
bbot/test/test_step_2/module_tests/test_module_subdomainradar.py +208 -0
bbot/test/test_step_2/module_tests/test_module_subdomains.py +1 -1
bbot/test/test_step_2/module_tests/test_module_teams.py +8 -6
bbot/test/test_step_2/module_tests/test_module_telerik.py +1 -1
bbot/test/test_step_2/module_tests/test_module_trufflehog.py +317 -14
bbot/test/test_step_2/module_tests/test_module_viewdns.py +1 -1
bbot/test/test_step_2/module_tests/test_module_wayback.py +1 -1
bbot/test/test_step_2/template_tests/test_template_subdomain_enum.py +2 -2
bbot/wordlists/devops_mutations.txt +1 -1
bbot/wordlists/ffuf_shortname_candidates.txt +1 -1
bbot/wordlists/nameservers.txt +1 -1
bbot/wordlists/paramminer_headers.txt +1 -1
bbot/wordlists/paramminer_parameters.txt +1 -1
bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt +1 -1
bbot/wordlists/valid_url_schemes.txt +1 -1
{bbot-2.0.1.4720rc0.dist-info → bbot-2.3.0.5401rc0.dist-info}/METADATA +48 -18
bbot-2.3.0.5401rc0.dist-info/RECORD +421 -0
{bbot-2.0.1.4720rc0.dist-info → bbot-2.3.0.5401rc0.dist-info}/WHEEL +1 -1
bbot/modules/unstructured.py +0 -163
bbot/test/test_step_2/module_tests/test_module_unstructured.py +0 -102
bbot-2.0.1.4720rc0.dist-info/RECORD +0 -387
{bbot-2.0.1.4720rc0.dist-info → bbot-2.3.0.5401rc0.dist-info}/LICENSE +0 -0
{bbot-2.0.1.4720rc0.dist-info → bbot-2.3.0.5401rc0.dist-info}/entry_points.txt +0 -0

bbot/modules/virustotal.py CHANGED Viewed

@@ -15,37 +15,15 @@ class virustotal(subdomain_enum_apikey):
     options_desc = {"api_key": "VirusTotal API Key"}
     base_url = "https://www.virustotal.com/api/v3"
+    api_page_iter_kwargs = {"json": False, "next_key": lambda r: r.json().get("links", {}).get("next", "")}
-    async def setup(self):
-        self.api_key = self.config.get("api_key", "")
-        self.headers = {"x-apikey": self.api_key}
-        return await super().setup()
+    def make_url(self, query):
+        return f"{self.base_url}/domains/{self.helpers.quote(query)}/subdomains"
-    async def ping(self):
-        # virustotal does not have a ping function
-        return
+    def prepare_api_request(self, url, kwargs):
+        kwargs["headers"]["x-apikey"] = self.api_key
+        return url, kwargs
-    def parse_results(self, r, query):
-        results = set()
+    async def parse_results(self, r, query):
         text = getattr(r, "text", "")
-        for match in self.helpers.regexes.dns_name_regex.findall(text):
-            match = match.lower()
-            if match.endswith(query):
-                results.add(match)
-        return results
-    async def query(self, query):
-        results = set()
-        url = f"{self.base_url}/domains/{self.helpers.quote(query)}/subdomains"
-        agen = self.helpers.api_page_iter(
-            url, json=False, headers=self.headers, next_key=lambda r: r.json().get("links", {}).get("next", "")
-        )
-        try:
-            async for response in agen:
-                r = self.parse_results(response, query)
-                if not r:
-                    break
-                results.update(r)
-        finally:
-            agen.aclose()
-        return results
+        return await self.scan.extract_in_scope_hostnames(text)

bbot/modules/wafw00f.py CHANGED Viewed

@@ -52,7 +52,7 @@ class wafw00f(BaseModule):
                     context=f"{{module}} scanned {url} and identified {{event.type}}: {waf}",
                 )
         else:
-            if self.config.get("generic_detect") == True:
+            if self.config.get("generic_detect") is True:
                 generic = await self.helpers.run_in_executor(WW.genericdetect)
                 if generic:
                     waf = "generic detection"

bbot/modules/wayback.py CHANGED Viewed

@@ -10,7 +10,7 @@ class wayback(subdomain_enum):
     meta = {
         "description": "Query archive.org's API for subdomains",
         "created_date": "2022-04-01",
-        "author": "@pmueller",
+        "author": "@liquidsec",
     }
     options = {"urls": False, "garbage_threshold": 10}
     options_desc = {

bbot/modules/wpscan.py CHANGED Viewed

@@ -14,26 +14,26 @@ class wpscan(BaseModule):
     options = {
         "api_key": "",
-        "enumerate": "vp,vt,tt,cb,dbe,u,m",
+        "enumerate": "vp,vt,cb,dbe",
         "threads": 5,
-        "request_timeout": 60,
-        "connection_timeout": 30,
+        "request_timeout": 5,
+        "connection_timeout": 2,
         "disable_tls_checks": True,
         "force": False,
     }
     options_desc = {
         "api_key": "WPScan API Key",
-        "enumerate": "Enumeration Process see wpscan help documentation (default: vp,vt,tt,cb,dbe,u,m)",
+        "enumerate": "Enumeration Process see wpscan help documentation (default: vp,vt,cb,dbe)",
         "threads": "How many wpscan threads to spawn (default is 5)",
-        "request_timeout": "The request timeout in seconds (default 60)",
-        "connection_timeout": "The connection timeout in seconds (default 30)",
+        "request_timeout": "The request timeout in seconds (default 5)",
+        "connection_timeout": "The connection timeout in seconds (default 2)",
         "disable_tls_checks": "Disables the SSL/TLS certificate verification (Default True)",
         "force": "Do not check if the target is running WordPress or returns a 403",
     }
     deps_apt = ["curl", "make", "gcc"]
     deps_ansible = [
         {
-            "name": "Install Ruby Deps (Debian/Ubuntu)",
+            "name": "Install Ruby Deps (Debian)",
             "package": {"name": ["ruby-rubygems", "ruby-dev"], "state": "present"},
             "become": True,
             "when": "ansible_facts['os_family'] == 'Debian'",
@@ -48,7 +48,13 @@ class wpscan(BaseModule):
             "name": "Install Ruby Deps (Fedora)",
             "package": {"name": ["rubygems", "ruby-devel"], "state": "present"},
             "become": True,
-            "when": "ansible_facts['os_family'] == 'Fedora'",
+            "when": "ansible_facts['os_family'] == 'RedHat'",
+        },
+        {
+            "name": "Install Ruby Deps (Alpine)",
+            "package": {"name": ["ruby-dev", "ruby-bundler"], "state": "present"},
+            "become": True,
+            "when": "ansible_facts['os_family'] == 'Alpine'",
         },
         {
             "name": "Install wpscan gem",
@@ -61,11 +67,11 @@ class wpscan(BaseModule):
         self.processed = set()
         self.ignore_events = ["xmlrpc", "readme"]
         self.api_key = self.config.get("api_key", "")
-        self.enumerate = self.config.get("enumerate", "vp,vt,tt,cb,dbe,u,m")
+        self.enumerate = self.config.get("enumerate", "vp,vt,cb,dbe")
         self.proxy = self.scan.web_config.get("http_proxy", "")
         self.threads = self.config.get("threads", 5)
-        self.request_timeout = self.config.get("request_timeout", 60)
-        self.connection_timeout = self.config.get("connection_timeout", 30)
+        self.request_timeout = self.config.get("request_timeout", 5)
+        self.connection_timeout = self.config.get("connection_timeout", 2)
         self.disable_tls_checks = self.config.get("disable_tls_checks", True)
         self.force = self.config.get("force", False)
         return True

bbot/modules/zoomeye.py CHANGED Viewed

@@ -22,13 +22,16 @@ class zoomeye(subdomain_enum_apikey):
     async def setup(self):
         self.max_pages = self.config.get("max_pages", 20)
-        self.headers = {"API-KEY": self.config.get("api_key", "")}
         self.include_related = self.config.get("include_related", False)
         return await super().setup()
+    def prepare_api_request(self, url, kwargs):
+        kwargs["headers"]["API-KEY"] = self.api_key
+        return url, kwargs
     async def ping(self):
         url = f"{self.base_url}/resources-info"
-        r = await self.helpers.request(url, headers=self.headers)
+        r = await self.api_request(url)
         assert int(r.json()["quota_info"]["remain_total_quota"]) > 0, "No quota remaining"
     async def handle_event(self, event):
@@ -54,10 +57,10 @@ class zoomeye(subdomain_enum_apikey):
         query_type = 0 if self.include_related else 1
         url = f"{self.base_url}/domain/search?q={self.helpers.quote(query)}&type={query_type}&page=" + "{page}"
         i = 0
-        agen = self.helpers.api_page_iter(url, headers=self.headers)
+        agen = self.api_page_iter(url)
         try:
             async for j in agen:
-                r = list(self.parse_results(j))
+                r = list(await self.parse_results(j))
                 if r:
                     results.update(set(r))
                 if not r or i >= (self.max_pages - 1):
@@ -67,6 +70,8 @@ class zoomeye(subdomain_enum_apikey):
             agen.aclose()
         return results
-    def parse_results(self, r):
+    async def parse_results(self, r):
+        results = set()
         for entry in r.get("list", []):
-            yield entry["name"]
+            results.add(entry["name"])
+        return results

bbot/presets/baddns-thorough.yml ADDED Viewed

@@ -0,0 +1,12 @@
+description: Run all baddns modules and submodules.
+modules:
+  - baddns
+  - baddns_zone
+  - baddns_direct
+config:
+  modules:
+    baddns:
+      enabled_submodules: [CNAME,references,MX,NS,TXT]

bbot/presets/fast.yml ADDED Viewed

@@ -0,0 +1,16 @@
+description: Scan only the provided targets as fast as possible - no extra discovery
+exclude_modules:
+  - excavate
+config:
+  # only scan the exact targets specified
+  scope:
+    strict: true
+  # speed up dns resolution by doing A/AAAA only - not MX/NS/SRV/etc
+  dns:
+    minimal: true
+  # essential speculation only
+  modules:
+    speculate:
+      essential_only: true

bbot/presets/kitchen-sink.yml CHANGED Viewed

@@ -10,10 +10,9 @@ include:
   - paramminer
   - dirbust-light
   - web-screenshots
+  - baddns-thorough
 config:
   modules:
     baddns:
       enable_references: True

bbot/presets/spider.yml CHANGED Viewed

@@ -3,6 +3,10 @@ description: Recursive web spider
 modules:
   - httpx
+blacklist:
+  # Prevent spider from invalidating sessions by logging out
+  - "RE:/.*(sign|log)[_-]?out"
 config:
   web:
     # how many links to follow in a row

bbot/presets/subdomain-enum.yml CHANGED Viewed

@@ -13,10 +13,10 @@ config:
     threads: 25
     brute_threads: 1000
   # put your API keys here
-  modules:
-    github:
-      api_key: ""
-    chaos:
-      api_key: ""
-    securitytrails:
-      api_key: ""
+  # modules:
+  #   github:
+  #     api_key: ""
+  #   chaos:
+  #     api_key: ""
+  #   securitytrails:
+  #     api_key: ""

bbot/presets/web/dotnet-audit.yml CHANGED Viewed

@@ -19,4 +19,3 @@ config:
       extensions: asp,aspx,ashx,asmx,ascx
     telerik:
       exploit_RAU_crypto: True

bbot/scanner/manager.py CHANGED Viewed

@@ -1,10 +1,10 @@
 import asyncio
 from contextlib import suppress
-from bbot.modules.base import InterceptModule
+from bbot.modules.base import BaseInterceptModule
-class ScanIngress(InterceptModule):
+class ScanIngress(BaseInterceptModule):
     """
     This is always the first intercept module in the chain, responsible for basic scope checks
@@ -15,9 +15,7 @@ class ScanIngress(InterceptModule):
     # accept all events regardless of scope distance
     scope_distance_modifier = None
     _name = "_scan_ingress"
-    # small queue size so we don't drain modules' outgoing queues
-    _qsize = 10
+    _qsize = -1
     @property
     def priority(self):
@@ -40,7 +38,7 @@ class ScanIngress(InterceptModule):
             - It also marks the Scan object as finished with initialization by setting `_finished_init` to True.
         """
         if events is None:
-            events = self.scan.target.events
+            events = self.scan.target.seeds.events
         async with self.scan._acatch(self.init_events), self._task_counter.count(self.init_events):
             sorted_events = sorted(events, key=lambda e: len(e.data))
             for event in [self.scan.root_event] + sorted_events:
@@ -51,7 +49,6 @@ class ScanIngress(InterceptModule):
                     event.parent = self.scan.root_event
                 if event.module is None:
                     event.module = self.scan._make_dummy_module(name="TARGET", _type="TARGET")
-                event.add_tag("target")
                 if event != self.scan.root_event:
                     event.discovery_context = f"Scan {self.scan.name} seeded with " + "{event.type}: {event.data}"
                 self.verbose(f"Target: {event}")
@@ -115,14 +112,6 @@ class ScanIngress(InterceptModule):
         # nerf event's priority if it's not in scope
         event.module_priority += event.scope_distance
-    async def forward_event(self, event, kwargs):
-        # if a module qualifies for "quick-emit", we skip all the intermediate modules like dns and cloud
-        # and forward it straight to the egress module
-        if event.quick_emit:
-            await self.scan.egress_module.queue_event(event, kwargs)
-        else:
-            await super().forward_event(event, kwargs)
     @property
     def non_intercept_modules(self):
         if self._non_intercept_modules is None:
@@ -169,7 +158,7 @@ class ScanIngress(InterceptModule):
         return False
-class ScanEgress(InterceptModule):
+class ScanEgress(BaseInterceptModule):
     """
     This is always the last intercept module in the chain, responsible for executing and acting on the
     `abort_if` and `on_success_callback` functions.

bbot/scanner/preset/args.py CHANGED Viewed

@@ -10,7 +10,6 @@ log = logging.getLogger("bbot.presets.args")
 class BBOTArgs:
     # module config options to exclude from validation
     exclude_from_validation = re.compile(r".*modules\.[a-z0-9_]+\.(?:batch_size|module_threads)$")
@@ -91,18 +90,9 @@ class BBOTArgs:
             *self.parsed.targets,
             whitelist=self.parsed.whitelist,
             blacklist=self.parsed.blacklist,
-            strict_scope=self.parsed.strict_scope,
             name="args_preset",
         )
-        # then we set verbosity levels (so if the user enables -d they can see debug output)
-        if self.parsed.silent:
-            args_preset.silent = True
-        if self.parsed.verbose:
-            args_preset.verbose = True
-        if self.parsed.debug:
-            args_preset.debug = True
         # then we load requested preset
         # this is important so we can load custom module directories, pull in custom flags, module config options, etc.
         for preset_arg in self.parsed.preset:
@@ -113,6 +103,14 @@ class BBOTArgs:
             except Exception as e:
                 raise BBOTArgumentError(f'Error parsing preset "{preset_arg}": {e}')
+        # then we set verbosity levels (so if the user enables -d they can see debug output)
+        if self.parsed.silent:
+            args_preset.silent = True
+        if self.parsed.verbose:
+            args_preset.verbose = True
+        if self.parsed.debug:
+            args_preset.debug = True
         # modules + flags
         args_preset.exclude_modules.update(set(self.parsed.exclude_modules))
         args_preset.exclude_flags.update(set(self.parsed.exclude_flags))
@@ -142,9 +140,15 @@ class BBOTArgs:
             args_preset.core.custom_config["deps_behavior"] = "ignore_failed"
         # other scan options
-        args_preset.scan_name = self.parsed.name
-        args_preset.output_dir = self.parsed.output_dir
-        args_preset.force_start = self.parsed.force
+        if self.parsed.name is not None:
+            args_preset.scan_name = self.parsed.name
+        if self.parsed.output_dir is not None:
+            args_preset.output_dir = self.parsed.output_dir
+        if self.parsed.force:
+            args_preset.force_start = self.parsed.force
+        if self.parsed.proxy:
+            args_preset.core.merge_custom({"web": {"http_proxy": self.parsed.proxy}})
         if self.parsed.custom_headers:
             args_preset.core.merge_custom({"web": {"http_headers": self.parsed.custom_headers}})
@@ -162,13 +166,19 @@ class BBOTArgs:
             except Exception as e:
                 raise BBOTArgumentError(f'Error parsing command-line config option: "{config_arg}": {e}')
+        # strict scope
+        if self.parsed.strict_scope:
+            args_preset.core.merge_custom({"scope": {"strict": True}})
         return args_preset
     def create_parser(self, *args, **kwargs):
         kwargs.update(
-            dict(
-                description="Bighuge BLS OSINT Tool", formatter_class=argparse.RawTextHelpFormatter, epilog=self.epilog
-            )
+            {
+                "description": "Bighuge BLS OSINT Tool",
+                "formatter_class": argparse.RawTextHelpFormatter,
+                "epilog": self.epilog,
+            }
         )
         p = argparse.ArgumentParser(*args, **kwargs)
@@ -206,7 +216,7 @@ class BBOTArgs:
             metavar="CONFIG",
             default=[],
         )
-        presets.add_argument("-lp", "--list-presets", action="store_true", help=f"List available presets.")
+        presets.add_argument("-lp", "--list-presets", action="store_true", help="List available presets.")
         modules = p.add_argument_group(title="Modules")
         modules.add_argument(
@@ -214,31 +224,31 @@ class BBOTArgs:
             "--modules",
             nargs="+",
             default=[],
-            help=f'Modules to enable. Choices: {",".join(self.preset.module_loader.scan_module_choices)}',
+            help=f'Modules to enable. Choices: {",".join(sorted(self.preset.module_loader.scan_module_choices))}',
             metavar="MODULE",
         )
-        modules.add_argument("-l", "--list-modules", action="store_true", help=f"List available modules.")
+        modules.add_argument("-l", "--list-modules", action="store_true", help="List available modules.")
         modules.add_argument(
             "-lmo", "--list-module-options", action="store_true", help="Show all module config options"
         )
         modules.add_argument(
-            "-em", "--exclude-modules", nargs="+", default=[], help=f"Exclude these modules.", metavar="MODULE"
+            "-em", "--exclude-modules", nargs="+", default=[], help="Exclude these modules.", metavar="MODULE"
         )
         modules.add_argument(
             "-f",
             "--flags",
             nargs="+",
             default=[],
-            help=f'Enable modules by flag. Choices: {",".join(self.preset.module_loader.flag_choices)}',
+            help=f'Enable modules by flag. Choices: {",".join(sorted(self.preset.module_loader.flag_choices))}',
             metavar="FLAG",
         )
-        modules.add_argument("-lf", "--list-flags", action="store_true", help=f"List available flags.")
+        modules.add_argument("-lf", "--list-flags", action="store_true", help="List available flags.")
         modules.add_argument(
             "-rf",
             "--require-flags",
             nargs="+",
             default=[],
-            help=f"Only enable modules with these flags (e.g. -rf passive)",
+            help="Only enable modules with these flags (e.g. -rf passive)",
             metavar="FLAG",
         )
         modules.add_argument(
@@ -246,7 +256,7 @@ class BBOTArgs:
             "--exclude-flags",
             nargs="+",
             default=[],
-            help=f"Disable modules with these flags. (e.g. -ef aggressive)",
+            help="Disable modules with these flags. (e.g. -ef aggressive)",
             metavar="FLAG",
         )
         modules.add_argument("--allow-deadly", action="store_true", help="Enable the use of highly aggressive modules")
@@ -262,7 +272,12 @@ class BBOTArgs:
             help="Run scan even in the case of condition violations or failed module setups",
         )
         scan.add_argument("-y", "--yes", action="store_true", help="Skip scan confirmation prompt")
-        scan.add_argument("--dry-run", action="store_true", help=f"Abort before executing scan")
+        scan.add_argument(
+            "--fast-mode",
+            action="store_true",
+            help="Scan only the provided targets as fast as possible, with no extra discovery",
+        )
+        scan.add_argument("--dry-run", action="store_true", help="Abort before executing scan")
         scan.add_argument(
             "--current-preset",
             action="store_true",
@@ -286,7 +301,7 @@ class BBOTArgs:
             "--output-modules",
             nargs="+",
             default=[],
-            help=f'Output module(s). Choices: {",".join(self.preset.module_loader.output_module_choices)}',
+            help=f'Output module(s). Choices: {",".join(sorted(self.preset.module_loader.output_module_choices))}',
             metavar="MODULE",
         )
         output.add_argument("--json", "-j", action="store_true", help="Output scan data in JSON format")
@@ -307,6 +322,7 @@ class BBOTArgs:
         misc = p.add_argument_group(title="Misc")
         misc.add_argument("--version", action="store_true", help="show BBOT version and exit")
+        misc.add_argument("--proxy", help="Use this proxy for all HTTP requests", metavar="HTTP_PROXY")
         misc.add_argument(
             "-H",
             "--custom-headers",
@@ -356,6 +372,10 @@ class BBOTArgs:
             custom_headers_dict[k] = v
         self.parsed.custom_headers = custom_headers_dict
+        # --fast-mode
+        if self.parsed.fast_mode:
+            self.parsed.preset += ["fast"]
     def validate(self):
         # validate config options
         sentinel = object()

bbot/scanner/preset/environ.py CHANGED Viewed

@@ -6,6 +6,9 @@ from pathlib import Path
 from bbot.core.helpers.misc import cpu_architecture, os_platform, os_platform_friendly
+REQUESTS_PATCHED = False
 def increase_limit(new_limit):
     try:
         import resource
@@ -62,7 +65,6 @@ omegaconf.OmegaConf.register_new_resolver("env", env_resolver)
 class BBOTEnviron:
     def __init__(self, preset):
         self.preset = preset
@@ -120,7 +122,10 @@ class BBOTEnviron:
         urllib3.disable_warnings()
         ssl_verify = self.preset.config.get("ssl_verify", False)
-        if not ssl_verify:
+        global REQUESTS_PATCHED
+        if not ssl_verify and not REQUESTS_PATCHED:
+            REQUESTS_PATCHED = True
             import requests
             import functools

bbot/scanner/preset/path.py CHANGED Viewed

@@ -33,13 +33,16 @@ class PresetPath:
         if "/" in str(filename):
             if filename_path.parent not in paths_to_search:
                 paths_to_search.append(filename_path.parent)
-        log.debug(f"Searching for preset in {paths_to_search}, file candidates: {file_candidates_str}")
+        log.debug(
+            f"Searching for preset in {[str(p) for p in paths_to_search]}, file candidates: {file_candidates_str}"
+        )
         for path in paths_to_search:
             for candidate in file_candidates:
                 for file in path.rglob(candidate):
-                    log.verbose(f'Found preset matching "{filename}" at {file}')
-                    self.add_path(file.parent)
-                    return file.resolve()
+                    if file.is_file():
+                        log.verbose(f'Found preset matching "{filename}" at {file}')
+                        self.add_path(file.parent)
+                        return file.resolve()
         raise ValidationError(
             f'Could not find preset at "{filename}" - file does not exist. Use -lp to list available presets'
         )

bbot 2.0.1.4720rc0__py3-none-any.whl → 2.3.0.5401rc0__py3-none-any.whl

Potentially problematic release.

bbot 2.0.1.4720rc0py3-none-any.whl → 2.3.0.5401rc0py3-none-any.whl