bbot 2.1.0.5078rc0__py3-none-any.whl → 2.1.0.5082rc0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- bbot/__init__.py +1 -1
- bbot/modules/bufferoverrun.py +48 -0
- bbot/test/test_step_2/module_tests/test_module_bufferoverrun.py +35 -0
- {bbot-2.1.0.5078rc0.dist-info → bbot-2.1.0.5082rc0.dist-info}/METADATA +1 -1
- {bbot-2.1.0.5078rc0.dist-info → bbot-2.1.0.5082rc0.dist-info}/RECORD +8 -6
- {bbot-2.1.0.5078rc0.dist-info → bbot-2.1.0.5082rc0.dist-info}/LICENSE +0 -0
- {bbot-2.1.0.5078rc0.dist-info → bbot-2.1.0.5082rc0.dist-info}/WHEEL +0 -0
- {bbot-2.1.0.5078rc0.dist-info → bbot-2.1.0.5082rc0.dist-info}/entry_points.txt +0 -0
bbot/__init__.py
CHANGED
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
from bbot.modules.templates.subdomain_enum import subdomain_enum_apikey
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
class BufferOverrun(subdomain_enum_apikey):
|
|
5
|
+
watched_events = ["DNS_NAME"]
|
|
6
|
+
produced_events = ["DNS_NAME"]
|
|
7
|
+
flags = ["subdomain-enum", "passive", "safe"]
|
|
8
|
+
meta = {
|
|
9
|
+
"description": "Query BufferOverrun's TLS API for subdomains",
|
|
10
|
+
"created_date": "2024-10-23",
|
|
11
|
+
"author": "@TheTechromancer",
|
|
12
|
+
"auth_required": True,
|
|
13
|
+
}
|
|
14
|
+
options = {"api_key": "", "commercial": False}
|
|
15
|
+
options_desc = {"api_key": "BufferOverrun API key", "commercial": "Use commercial API"}
|
|
16
|
+
|
|
17
|
+
base_url = "https://tls.bufferover.run/dns"
|
|
18
|
+
commercial_base_url = "https://bufferover-run-tls.p.rapidapi.com/ipv4/dns"
|
|
19
|
+
|
|
20
|
+
async def setup(self):
|
|
21
|
+
self.commercial = self.config.get("commercial", False)
|
|
22
|
+
return await super().setup()
|
|
23
|
+
|
|
24
|
+
def prepare_api_request(self, url, kwargs):
|
|
25
|
+
if self.commercial:
|
|
26
|
+
kwargs["headers"]["x-rapidapi-host"] = "bufferover-run-tls.p.rapidapi.com"
|
|
27
|
+
kwargs["headers"]["x-rapidapi-key"] = self.api_key
|
|
28
|
+
else:
|
|
29
|
+
kwargs["headers"]["x-api-key"] = self.api_key
|
|
30
|
+
return url, kwargs
|
|
31
|
+
|
|
32
|
+
async def request_url(self, query):
|
|
33
|
+
url = f"{self.commercial_base_url if self.commercial else self.base_url}?q=.{query}"
|
|
34
|
+
return await self.api_request(url)
|
|
35
|
+
|
|
36
|
+
def parse_results(self, r, query):
|
|
37
|
+
j = r.json()
|
|
38
|
+
subdomains_set = set()
|
|
39
|
+
if isinstance(j, dict):
|
|
40
|
+
results = j.get("Results", [])
|
|
41
|
+
for result in results:
|
|
42
|
+
parts = result.split(",")
|
|
43
|
+
if len(parts) > 4:
|
|
44
|
+
subdomain = parts[4].strip()
|
|
45
|
+
if subdomain and subdomain.endswith(f".{query}"):
|
|
46
|
+
subdomains_set.add(subdomain)
|
|
47
|
+
for subdomain in subdomains_set:
|
|
48
|
+
yield subdomain
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
from .base import ModuleTestBase
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
class TestBufferOverrun(ModuleTestBase):
|
|
5
|
+
config_overrides = {"modules": {"bufferoverrun": {"api_key": "asdf", "commercial": False}}}
|
|
6
|
+
|
|
7
|
+
async def setup_before_prep(self, module_test):
|
|
8
|
+
# Mock response for non-commercial API
|
|
9
|
+
module_test.httpx_mock.add_response(
|
|
10
|
+
url="https://tls.bufferover.run/dns?q=.blacklanternsecurity.com",
|
|
11
|
+
match_headers={"x-api-key": "asdf"},
|
|
12
|
+
json={"Results": ["1.2.3.4,example.com,*,*,sub.blacklanternsecurity.com"]},
|
|
13
|
+
)
|
|
14
|
+
|
|
15
|
+
def check(self, module_test, events):
|
|
16
|
+
assert any(e.data == "sub.blacklanternsecurity.com" for e in events), "Failed to detect subdomain for free API"
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
class TestBufferOverrunCommercial(ModuleTestBase):
|
|
20
|
+
modules_overrides = ["bufferoverrun"]
|
|
21
|
+
module_name = "bufferoverrun"
|
|
22
|
+
config_overrides = {"modules": {"bufferoverrun": {"api_key": "asdf", "commercial": True}}}
|
|
23
|
+
|
|
24
|
+
async def setup_before_prep(self, module_test):
|
|
25
|
+
# Mock response for commercial API
|
|
26
|
+
module_test.httpx_mock.add_response(
|
|
27
|
+
url="https://bufferover-run-tls.p.rapidapi.com/ipv4/dns?q=.blacklanternsecurity.com",
|
|
28
|
+
match_headers={"x-rapidapi-host": "bufferover-run-tls.p.rapidapi.com", "x-rapidapi-key": "asdf"},
|
|
29
|
+
json={"Results": ["5.6.7.8,blacklanternsecurity.com,*,*,sub.blacklanternsecurity.com"]},
|
|
30
|
+
)
|
|
31
|
+
|
|
32
|
+
def check(self, module_test, events):
|
|
33
|
+
assert any(
|
|
34
|
+
e.data == "sub.blacklanternsecurity.com" for e in events
|
|
35
|
+
), "Failed to detect subdomain for commercial API"
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
bbot/__init__.py,sha256=
|
|
1
|
+
bbot/__init__.py,sha256=ySHQPiAGcGB9Q3oG9Il3s_EB6K2_oDGzjNwuHWeZkdQ,130
|
|
2
2
|
bbot/cli.py,sha256=7S3a4eB-Dl8yodc5WC-927Z30CNlLl9EXimGvIVypJo,10434
|
|
3
3
|
bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
|
|
4
4
|
bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
|
|
@@ -67,6 +67,7 @@ bbot/modules/bucket_digitalocean.py,sha256=QtTRWAsKgWHaVHSiTfLmesIiVlVNExxPv-NlK
|
|
|
67
67
|
bbot/modules/bucket_file_enum.py,sha256=MsjXKNQoHon_M0-IvlsyYY9esKrqBi_a0fSUTJJpM20,2388
|
|
68
68
|
bbot/modules/bucket_firebase.py,sha256=fburk4quEWbGeixD-PUJh5X06pigHtvbV_mETUX-e4s,1380
|
|
69
69
|
bbot/modules/bucket_google.py,sha256=IHTfWZEy8wsf8QJ8HXUiVlfo9wxBobrPBVzuERDPcvk,2545
|
|
70
|
+
bbot/modules/bufferoverrun.py,sha256=FcHzj04iSyBqyfUY6lBPLlkD-hT-hBgICKJqlgIGkHY,1865
|
|
70
71
|
bbot/modules/builtwith.py,sha256=A2Q70GtHtMHQgLYgX-UhUNzBwIZ7n0p5IOEI5lPSBk4,5369
|
|
71
72
|
bbot/modules/bypass403.py,sha256=Qrszg-vVfjKA0IosM88CekpW6BcazJThpl5moXIdeiQ,6843
|
|
72
73
|
bbot/modules/c99.py,sha256=cvyLZ7oHk6kxq6UWu0oISbXLKwnZW9yNBmsvT1RTGwI,1388
|
|
@@ -272,6 +273,7 @@ bbot/test/test_step_2/module_tests/test_module_bucket_digitalocean.py,sha256=EFz
|
|
|
272
273
|
bbot/test/test_step_2/module_tests/test_module_bucket_file_enum.py,sha256=aOgtrsb32nnTZBvX1tf6Fvfjc-GvuxA8Tu7LGq2oDJo,2301
|
|
273
274
|
bbot/test/test_step_2/module_tests/test_module_bucket_firebase.py,sha256=gM3h1staY3tEHF2l9cYgRhaVwEg7ykfo4E0mvhqTA0g,506
|
|
274
275
|
bbot/test/test_step_2/module_tests/test_module_bucket_google.py,sha256=wXROpF9TSQVOa8cGTOo8k9uDEj7H5pNAcppj4WR3qnY,1312
|
|
276
|
+
bbot/test/test_step_2/module_tests/test_module_bufferoverrun.py,sha256=os7A6vdwlAAXvprwBdNBD05kylva7ZVxyhchkhQiSs4,1580
|
|
275
277
|
bbot/test/test_step_2/module_tests/test_module_builtwith.py,sha256=c_Ta6OXWYdUdcwuE-AbaT-tzj8SUuglMecQX6mDavuE,5051
|
|
276
278
|
bbot/test/test_step_2/module_tests/test_module_bypass403.py,sha256=-MV06l6Q7d_sM0L2OIw1ReXJc2dj30xC3suOl2HhZTY,3551
|
|
277
279
|
bbot/test/test_step_2/module_tests/test_module_c99.py,sha256=-xyL1y3eX_rGuBR-U0N1HDZuAw_A_UysN5PupWe0iDI,7427
|
|
@@ -393,8 +395,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ruUQwVfia1_m2u
|
|
|
393
395
|
bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
|
|
394
396
|
bbot/wordlists/valid_url_schemes.txt,sha256=VciB-ww0y-O8Ii1wpTR6rJzGDiC2r-dhVsIJApS1ZYU,3309
|
|
395
397
|
bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
|
|
396
|
-
bbot-2.1.0.
|
|
397
|
-
bbot-2.1.0.
|
|
398
|
-
bbot-2.1.0.
|
|
399
|
-
bbot-2.1.0.
|
|
400
|
-
bbot-2.1.0.
|
|
398
|
+
bbot-2.1.0.5082rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
|
|
399
|
+
bbot-2.1.0.5082rc0.dist-info/METADATA,sha256=4fRHOgeCohCtqez5Cudegh46ZG2vJmKvC62Q1x-VfAo,16930
|
|
400
|
+
bbot-2.1.0.5082rc0.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
|
|
401
|
+
bbot-2.1.0.5082rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
|
|
402
|
+
bbot-2.1.0.5082rc0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|