bbot 2.0.1.4720rc0__py3-none-any.whl → 2.3.0.5401rc0__py3-none-any.whl

bbot/test/test_step_2/module_tests/test_module_censys.py

@@ -2,11 +2,12 @@ from .base import ModuleTestBase
 
 
 class TestCensys(ModuleTestBase):
-    config_overrides = {"modules": {"censys": {"api_id": "api_id", "api_secret": "api_secret"}}}
+    config_overrides = {"modules": {"censys": {"api_key": "api_id:api_secret"}}}
 
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(
             url="https://search.censys.io/api/v1/account",
+            match_headers={"Authorization": "Basic YXBpX2lkOmFwaV9zZWNyZXQ="},
             json={
                 "email": "info@blacklanternsecurity.com",
                 "login": "nope",
@@ -17,6 +18,7 @@ class TestCensys(ModuleTestBase):
         )
         module_test.httpx_mock.add_response(
             url="https://search.censys.io/api/v2/certificates/search",
+            match_headers={"Authorization": "Basic YXBpX2lkOmFwaV9zZWNyZXQ="},
             match_content=b'{"q": "names: blacklanternsecurity.com", "per_page": 100}',
             json={
                 "code": 200,
@@ -45,6 +47,7 @@ class TestCensys(ModuleTestBase):
         )
         module_test.httpx_mock.add_response(
             url="https://search.censys.io/api/v2/certificates/search",
+            match_headers={"Authorization": "Basic YXBpX2lkOmFwaV9zZWNyZXQ="},
             match_content=b'{"q": "names: blacklanternsecurity.com", "per_page": 100, "cursor": "NextToken"}',
             json={
                 "code": 200,

bbot/test/test_step_2/module_tests/test_module_cloudcheck.py

@@ -51,6 +51,10 @@ class TestCloudCheck(ModuleTestBase):
             await module.handle_event(event)
             assert "cloud-amazon" in event.tags, f"{event} was not properly cloud-tagged"
 
+        assert "cloud-domain" in aws_event1.tags
+        assert "cloud-ip" in other_event2.tags
+        assert "cloud-cname" in other_event3.tags
+
         for event in (aws_event3, other_event1):
             await module.handle_event(event)
             assert "cloud-amazon" not in event.tags, f"{event} was improperly cloud-tagged"

bbot/test/test_step_2/module_tests/test_module_code_repository.py

@@ -14,13 +14,14 @@ class TestCodeRepository(ModuleTestBase):
                 <a href="https://gitlab.com/blacklanternsecurity/bbot"/>
                 <a href="https://gitlab.org/blacklanternsecurity/bbot"/>
                 <a href="https://hub.docker.com/r/blacklanternsecurity/bbot"/>
+                <a href="https://www.postman.com/blacklanternsecurity/bbot"/>
             </html>
             """
         }
         module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
 
     def check(self, module_test, events):
-        assert 4 == len([e for e in events if e.type == "CODE_REPOSITORY"])
+        assert 5 == len([e for e in events if e.type == "CODE_REPOSITORY"])
         assert 1 == len(
             [
                 e
@@ -57,3 +58,12 @@ class TestCodeRepository(ModuleTestBase):
                 and e.data["url"] == "https://hub.docker.com/r/blacklanternsecurity/bbot"
             ]
         )
+        assert 1 == len(
+            [
+                e
+                for e in events
+                if e.type == "CODE_REPOSITORY"
+                and "postman" in e.tags
+                and e.data["url"] == "https://www.postman.com/blacklanternsecurity/bbot"
+            ]
+        )

bbot/test/test_step_2/module_tests/test_module_columbus.py

@@ -4,7 +4,7 @@ from .base import ModuleTestBase
 class TestColumbus(ModuleTestBase):
     async def setup_after_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"https://columbus.elmasy.com/api/lookup/blacklanternsecurity.com?days=365",
+            url="https://columbus.elmasy.com/api/lookup/blacklanternsecurity.com?days=365",
             json=["asdf", "zzzz"],
         )
 

bbot/test/test_step_2/module_tests/test_module_credshed.py

@@ -58,18 +58,18 @@ class TestCredshed(ModuleTestBase):
 
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"https://credshed.com/api/auth",
+            url="https://credshed.com/api/auth",
             json=credshed_auth_response,
             method="POST",
         )
         module_test.httpx_mock.add_response(
-            url=f"https://credshed.com/api/search",
+            url="https://credshed.com/api/search",
             json=credshed_response,
             method="POST",
         )
 
     def check(self, module_test, events):
-        assert len(events) == 10
+        assert len(events) == 11
         assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "bob@blacklanternsecurity.com"])
         assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "judy@blacklanternsecurity.com"])
         assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "tim@blacklanternsecurity.com"])

bbot/test/test_step_2/module_tests/test_module_dastardly.py

@@ -7,6 +7,7 @@ from .base import ModuleTestBase
 class TestDastardly(ModuleTestBase):
     targets = ["http://127.0.0.1:5556/"]
     modules_overrides = ["httpx", "dastardly"]
+    skip_distro_tests = True
 
     web_response = """<!DOCTYPE html>
     <html>
@@ -44,7 +45,7 @@ class TestDastardly(ModuleTestBase):
 
         # get docker IP
         docker_ip = await self.get_docker_ip(module_test)
-        module_test.scan.target.add(docker_ip)
+        module_test.scan.target.seeds.add(docker_ip)
 
         # replace 127.0.0.1 with docker host IP to allow dastardly access to local http server
         old_filter_event = module_test.module.filter_event

bbot/test/test_step_2/module_tests/test_module_dehashed.py

@@ -45,7 +45,7 @@ class TestDehashed(ModuleTestBase):
 
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"https://api.dehashed.com/search?query=domain:blacklanternsecurity.com&size=10000&page=1",
+            url="https://api.dehashed.com/search?query=domain:blacklanternsecurity.com&size=10000&page=1",
             json=dehashed_domain_response,
         )
         await module_test.mock_dns(
@@ -56,7 +56,7 @@ class TestDehashed(ModuleTestBase):
         )
 
     def check(self, module_test, events):
-        assert len(events) == 11
+        assert len(events) == 12
         assert 1 == len([e for e in events if e.type == "DNS_NAME" and e.data == "blacklanternsecurity.com"])
         assert 1 == len([e for e in events if e.type == "ORG_STUB" and e.data == "blacklanternsecurity"])
         assert 1 == len(

bbot/test/test_step_2/module_tests/test_module_digitorus.py

@@ -11,7 +11,7 @@ class TestDigitorus(ModuleTestBase):
 
     async def setup_after_prep(self, module_test):
         module_test.httpx_mock.add_response(
-            url=f"https://certificatedetails.com/blacklanternsecurity.com",
+            url="https://certificatedetails.com/blacklanternsecurity.com",
             text=self.web_response,
         )
 

bbot/test/test_step_2/module_tests/test_module_discord.py

@@ -29,7 +29,7 @@ class TestDiscord(ModuleTestBase):
             if module_test.request_count == 2:
                 return httpx.Response(status_code=429, json={"retry_after": 0.01})
             else:
-                return httpx.Response(status_code=module_test.module.good_status_code)
+                return httpx.Response(status_code=200)
 
         module_test.httpx_mock.add_callback(custom_response, url=self.webhook_url)
 

bbot/test/test_step_2/module_tests/test_module_dnsbimi.py

@@ -0,0 +1,103 @@
+from .base import ModuleTestBase
+
+raw_bimi_txt_default = (
+    '"v=BIMI1;l=https://bimi.test.localdomain/logo.svg; a=https://bimi.test.localdomain/certificate.pem"'
+)
+raw_bimi_txt_nondefault = '"v=BIMI1; l=https://nondefault.thirdparty.tld/brand/logo.svg;a=https://nondefault.thirdparty.tld/brand/certificate.pem;"'
+
+
+class TestBIMI(ModuleTestBase):
+    targets = ["test.localdomain"]
+    modules_overrides = ["dnsbimi", "speculate"]
+    config_overrides = {
+        "modules": {"dnsbimi": {"emit_raw_dns_records": True, "selectors": "default,nondefault"}},
+    }
+
+    async def setup_after_prep(self, module_test):
+        await module_test.mock_dns(
+            {
+                "test.localdomain": {
+                    "A": ["127.0.0.11"],
+                },
+                "bimi.test.localdomain": {
+                    "A": ["127.0.0.22"],
+                },
+                "_bimi.test.localdomain": {
+                    "A": ["127.0.0.33"],
+                },
+                "default._bimi.test.localdomain": {
+                    "A": ["127.0.0.44"],
+                    "TXT": [raw_bimi_txt_default],
+                },
+                "nondefault._bimi.test.localdomain": {
+                    "A": ["127.0.0.44"],
+                    "TXT": [raw_bimi_txt_nondefault],
+                },
+                "_bimi.default._bimi.test.localdomain": {
+                    "A": ["127.0.0.44"],
+                    "TXT": [raw_bimi_txt_default],
+                },
+                "_bimi.nondefault._bimi.test.localdomain": {
+                    "A": ["127.0.0.44"],
+                    "TXT": [raw_bimi_txt_default],
+                },
+                "default._bimi.default._bimi.test.localdomain": {
+                    "A": ["127.0.0.44"],
+                    "TXT": [raw_bimi_txt_default],
+                },
+                "nondefault._bimi.nondefault._bimi.test.localdomain": {
+                    "A": ["127.0.0.44"],
+                    "TXT": [raw_bimi_txt_nondefault],
+                },
+            }
+        )
+
+    def check(self, module_test, events):
+        assert any(
+            e.type == "RAW_DNS_RECORD"
+            and e.data["host"] == "default._bimi.test.localdomain"
+            and e.data["type"] == "TXT"
+            and e.data["answer"] == raw_bimi_txt_default
+            for e in events
+        ), "Failed to emit RAW_DNS_RECORD"
+        assert any(
+            e.type == "RAW_DNS_RECORD"
+            and e.data["host"] == "nondefault._bimi.test.localdomain"
+            and e.data["type"] == "TXT"
+            and e.data["answer"] == raw_bimi_txt_nondefault
+            for e in events
+        ), "Failed to emit RAW_DNS_RECORD"
+
+        assert any(
+            e.type == "DNS_NAME" and e.data == "bimi.test.localdomain" for e in events
+        ), "Failed to emit DNS_NAME"
+
+        # This should be filtered by a default BBOT configuration
+        assert not any(str(e.data) == "https://nondefault.thirdparty.tld/brand/logo.svg" for e in events)
+
+        # This should not be filtered by a default BBOT configuration
+        assert any(
+            e.type == "URL_UNVERIFIED" and e.data == "https://bimi.test.localdomain/certificate.pem" for e in events
+        ), "Failed to emit URL_UNVERIFIED"
+
+        # These should be filtered simply due to distance
+        assert not any(str(e.data) == "https://nondefault.thirdparty.tld/brand/logo.svg" for e in events)
+        assert not any(str(e.data) == "https://nondefault.thirdparty.tld/certificate.pem" for e in events)
+
+        # These should have been filtered via filter_event()
+        assert not any(
+            e.type == "RAW_DNS_RECORD" and e.data["host"] == "default._bimi.default._bimi.test.localdomain"
+            for e in events
+        ), "Unwanted recursion occurring"
+        assert not any(
+            e.type == "RAW_DNS_RECORD" and e.data["host"] == "nondefault._bimi.nondefault._bimi.test.localdomain"
+            for e in events
+        ), "Unwanted recursion occurring"
+        assert not any(
+            e.type == "RAW_DNS_RECORD" and e.data["host"] == "nondefault._bimi.default._bimi.test.localdomain"
+            for e in events
+        ), "Unwanted recursion occurring"
+        assert not any(
+            e.type == "RAW_DNS_RECORD" and e.data["host"] == "default._bimi.nondefault._bimi.test.localdomain"
+            for e in events
+        ), "Unwanted recursion occurring"

bbot/test/test_step_2/module_tests/test_module_dnsbrute.py

@@ -7,7 +7,6 @@ class TestDnsbrute(ModuleTestBase):
     config_overrides = {"modules": {"dnsbrute": {"wordlist": str(subdomain_wordlist), "max_depth": 3}}}
 
     async def setup_after_prep(self, module_test):
-
         old_run_live = module_test.scan.helpers.run_live
 
         async def new_run_live(*command, check=False, text=True, **kwargs):
@@ -57,42 +56,42 @@ class TestDnsbrute(ModuleTestBase):
         event = module_test.scan.make_event("blacklanternsecurity.com", "DNS_NAME", parent=module_test.scan.root_event)
         event.scope_distance = 0
         result, reason = await module_test.module.filter_event(event)
-        assert result == True
+        assert result is True
         event = module_test.scan.make_event(
             "www.blacklanternsecurity.com", "DNS_NAME", parent=module_test.scan.root_event
         )
         event.scope_distance = 0
         result, reason = await module_test.module.filter_event(event)
-        assert result == True
+        assert result is True
         event = module_test.scan.make_event(
             "test.www.blacklanternsecurity.com", "DNS_NAME", parent=module_test.scan.root_event
         )
         event.scope_distance = 0
         result, reason = await module_test.module.filter_event(event)
-        assert result == True
+        assert result is True
         event = module_test.scan.make_event(
             "asdf.test.www.blacklanternsecurity.com", "DNS_NAME", parent=module_test.scan.root_event
         )
         event.scope_distance = 0
         result, reason = await module_test.module.filter_event(event)
-        assert result == True
+        assert result is True
         event = module_test.scan.make_event(
             "wat.asdf.test.www.blacklanternsecurity.com", "DNS_NAME", parent=module_test.scan.root_event
         )
         event.scope_distance = 0
         result, reason = await module_test.module.filter_event(event)
-        assert result == False
-        assert reason == f"subdomain depth of *.asdf.test.www.blacklanternsecurity.com (4) > max_depth (3)"
+        assert result is False
+        assert reason == "subdomain depth of *.asdf.test.www.blacklanternsecurity.com (4) > max_depth (3)"
         event = module_test.scan.make_event(
             "hmmm.ptr1234.blacklanternsecurity.com", "DNS_NAME", parent=module_test.scan.root_event
         )
         event.scope_distance = 0
         result, reason = await module_test.module.filter_event(event)
-        assert result == False
-        assert reason == f'"ptr1234.blacklanternsecurity.com" looks like an autogenerated PTR'
+        assert result is False
+        assert reason == '"ptr1234.blacklanternsecurity.com" looks like an autogenerated PTR'
 
     def check(self, module_test, events):
-        assert len(events) == 3
+        assert len(events) == 4
         assert 1 == len(
             [e for e in events if e.data == "asdf.blacklanternsecurity.com" and str(e.module) == "dnsbrute"]
         )

bbot/test/test_step_2/module_tests/test_module_dnsbrute_mutations.py

@@ -11,7 +11,6 @@ class TestDnsbrute_mutations(ModuleTestBase):
     ]
 
     async def setup_after_prep(self, module_test):
-
         old_run_live = module_test.scan.helpers.run_live
 
         async def new_run_live(*command, check=False, text=True, **kwargs):
@@ -47,7 +46,7 @@ class TestDnsbrute_mutations(ModuleTestBase):
         )
 
     def check(self, module_test, events):
-        assert len(events) == 9
+        assert len(events) == 10
         assert 1 == len(
             [
                 e

bbot/test/test_step_2/module_tests/test_module_dnscommonsrv.py

@@ -8,7 +8,6 @@ class TestDNSCommonSRV(ModuleTestBase):
     config_overrides = {"dns": {"minimal": False}}
 
     async def setup_after_prep(self, module_test):
-
         old_run_live = module_test.scan.helpers.run_live
 
         async def new_run_live(*command, check=False, text=True, **kwargs):
@@ -56,7 +55,7 @@ class TestDNSCommonSRV(ModuleTestBase):
         )
 
     def check(self, module_test, events):
-        assert len(events) == 19
+        assert len(events) == 20
         assert 1 == len([e for e in events if e.type == "DNS_NAME" and e.data == "blacklanternsecurity.com"])
         assert 1 == len(
             [