bbot 2.3.0.5336rc0__py3-none-any.whl → 2.3.0.5354rc0__py3-none-any.whl

bbot/__init__.py

@@ -1,4 +1,4 @@
 # version placeholder (replaced by poetry-dynamic-versioning)
-__version__ = "v2.3.0.5336rc"
+__version__ = "v2.3.0.5354rc"
 
 from .scanner import Scanner, Preset

bbot/modules/internal/cloudcheck.py

@@ -1,3 +1,5 @@
+from contextlib import suppress
+
 from bbot.modules.base import BaseInterceptModule
 
 
@@ -28,15 +30,28 @@ class CloudCheck(BaseInterceptModule):
         if self.dummy_modules is None:
             self.make_dummy_modules()
         # cloud tagging by hosts
-        hosts_to_check = set(str(s) for s in event.resolved_hosts)
-        # we use the original host, since storage buckets hostnames might be collapsed to _wildcard
-        hosts_to_check.add(str(event.host_original))
-        for host in hosts_to_check:
+        hosts_to_check = set(event.resolved_hosts)
+        with suppress(KeyError):
+            hosts_to_check.remove(event.host_original)
+        hosts_to_check = [event.host_original] + list(hosts_to_check)
+
+        for i, host in enumerate(hosts_to_check):
+            host_is_ip = self.helpers.is_ip(host)
             for provider, provider_type, subnet in self.helpers.cloudcheck(host):
                 if provider:
                     event.add_tag(f"{provider_type}-{provider}")
+                    if host_is_ip:
+                        event.add_tag(f"{provider_type}-ip")
+                    else:
+                        # if the original hostname is a cloud domain, tag it as such
+                        if i == 0:
+                            event.add_tag(f"{provider_type}-domain")
+                        # any children are tagged as CNAMEs
+                        else:
+                            event.add_tag(f"{provider_type}-cname")
 
         found = set()
+        str_hosts_to_check = [str(host) for host in hosts_to_check]
         # look for cloud assets in hosts, http responses
         # loop through each provider
         for provider in self.helpers.cloud.providers.values():
@@ -54,7 +69,7 @@ class CloudCheck(BaseInterceptModule):
                     if event.type == "HTTP_RESPONSE":
                         matches = await self.helpers.re.findall(sig, event.data.get("body", ""))
                     elif event.type.startswith("DNS_NAME"):
-                        for host in hosts_to_check:
+                        for host in str_hosts_to_check:
                             match = sig.match(host)
                             if match:
                                 matches.append(match.groups())

bbot/modules/portscan.py

@@ -6,6 +6,9 @@ from radixtarget import RadixTarget
 from bbot.modules.base import BaseModule
 
 
+# TODO: this module is getting big. It should probably be two modules: one for ping and one for SYN.
+
+
 class portscan(BaseModule):
     flags = ["active", "portscan", "safe"]
     watched_events = ["IP_ADDRESS", "IP_RANGE", "DNS_NAME"]
@@ -27,6 +30,8 @@ class portscan(BaseModule):
         "adapter_ip": "",
         "adapter_mac": "",
         "router_mac": "",
+        "cdn_tags": "cdn-",
+        "allowed_cdn_ports": None,
     }
     options_desc = {
         "top_ports": "Top ports to scan (default 100) (to override, specify 'ports')",
@@ -39,6 +44,8 @@ class portscan(BaseModule):
         "adapter_ip": "Send packets using this IP address. Not needed unless masscan's autodetection fails",
         "adapter_mac": "Send packets using this as the source MAC address. Not needed unless masscan's autodetection fails",
         "router_mac": "Send packets to this MAC address as the destination. Not needed unless masscan's autodetection fails",
+        "cdn_tags": "Comma-separated list of tags to skip, e.g. 'cdn,cloud'",
+        "allowed_cdn_ports": "Comma-separated list of ports that are allowed to be scanned for CDNs",
     }
     deps_common = ["masscan"]
     batch_size = 1000000
@@ -60,7 +67,15 @@ class portscan(BaseModule):
             try:
                 self.helpers.parse_port_string(self.ports)
             except ValueError as e:
-                return False, f"Error parsing ports: {e}"
+                return False, f"Error parsing ports '{self.ports}': {e}"
+        self.cdn_tags = [t.strip() for t in self.config.get("cdn_tags", "").split(",")]
+        self.allowed_cdn_ports = self.config.get("allowed_cdn_ports", None)
+        if self.allowed_cdn_ports is not None:
+            try:
+                self.allowed_cdn_ports = [int(p.strip()) for p in self.allowed_cdn_ports.split(",")]
+            except Exception as e:
+                return False, f"Error parsing allowed CDN ports '{self.allowed_cdn_ports}': {e}"
+
         # whether we've finished scanning our original scan targets
         self.scanned_initial_targets = False
         # keeps track of individual scanned IPs and their open ports
@@ -227,9 +242,20 @@ class portscan(BaseModule):
             parent=parent_event,
             context=f"{{module}} executed a {scan_type} scan against {parent_event.data} and found: {{event.type}}: {{event.data}}",
         )
-        await self.emit_event(event)
+
+        await self.emit_event(event, abort_if=self.abort_if)
         return event
 
+    def abort_if(self, event):
+        if self.allowed_cdn_ports is not None:
+            # if the host is a CDN
+            for cdn_tag in self.cdn_tags:
+                if any(t.startswith(str(cdn_tag)) for t in event.tags):
+                    # and if its port isn't in the list of allowed CDN ports
+                    if event.port not in self.allowed_cdn_ports:
+                        return True, "event is a CDN and port is not in the allowed list"
+        return False
+
     def parse_json_line(self, line):
         try:
             j = json.loads(line)

bbot/modules/templates/subdomain_enum.py

@@ -169,7 +169,7 @@ class subdomain_enum(BaseModule):
         if any(t.startswith("cloud-") for t in event.tags):
             is_cloud = True
         # reject if it's a cloud resource and not in our target
-        if is_cloud and event not in self.scan.target:
+        if is_cloud and event not in self.scan.target.whitelist:
             return False, "Event is a cloud resource and not a direct target"
         # optionally reject events with wildcards / errors
         if self.reject_wildcards:

bbot/test/test_step_2/module_tests/test_module_cloudcheck.py

@@ -51,6 +51,10 @@ class TestCloudCheck(ModuleTestBase):
             await module.handle_event(event)
             assert "cloud-amazon" in event.tags, f"{event} was not properly cloud-tagged"
 
+        assert "cloud-domain" in aws_event1.tags
+        assert "cloud-ip" in other_event2.tags
+        assert "cloud-cname" in other_event3.tags
+
         for event in (aws_event3, other_event1):
             await module.handle_event(event)
             assert "cloud-amazon" not in event.tags, f"{event} was improperly cloud-tagged"

bbot/test/test_step_2/module_tests/test_module_portscan.py

@@ -109,10 +109,12 @@ class TestPortscan(ModuleTestBase):
                 if e.type == "DNS_NAME" and e.data == "dummy.asdf.evilcorp.net" and str(e.module) == "dummy_module"
             ]
         )
-        assert 2 <= len([e for e in events if e.type == "IP_ADDRESS" and e.data == "8.8.8.8"]) <= 3
-        assert 2 <= len([e for e in events if e.type == "IP_ADDRESS" and e.data == "8.8.4.4"]) <= 3
-        assert 2 <= len([e for e in events if e.type == "IP_ADDRESS" and e.data == "8.8.4.5"]) <= 3
-        assert 2 <= len([e for e in events if e.type == "IP_ADDRESS" and e.data == "8.8.4.6"]) <= 3
+        # the reason these numbers aren't exactly predictable is because we can't predict which one arrives first
+        # to the portscan module. Sometimes, one that would normally be deduped is force-emitted because it led to a new open port.
+        assert 2 <= len([e for e in events if e.type == "IP_ADDRESS" and e.data == "8.8.8.8"]) <= 4
+        assert 2 <= len([e for e in events if e.type == "IP_ADDRESS" and e.data == "8.8.4.4"]) <= 4
+        assert 2 <= len([e for e in events if e.type == "IP_ADDRESS" and e.data == "8.8.4.5"]) <= 4
+        assert 2 <= len([e for e in events if e.type == "IP_ADDRESS" and e.data == "8.8.4.6"]) <= 4
         assert 1 == len([e for e in events if e.type == "OPEN_TCP_PORT" and e.data == "8.8.8.8:443"])
         assert 1 == len([e for e in events if e.type == "OPEN_TCP_PORT" and e.data == "8.8.4.5:80"])
         assert 1 == len([e for e in events if e.type == "OPEN_TCP_PORT" and e.data == "8.8.4.6:631"])

{bbot-2.3.0.5336rc0.dist-info → bbot-2.3.0.5354rc0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: bbot
-Version: 2.3.0.5336rc0
+Version: 2.3.0.5354rc0
 Summary: OSINT automation for hackers.
 Home-page: https://github.com/blacklanternsecurity/bbot
 License: GPL-3.0
@@ -249,10 +249,10 @@ flags:
 
 ```bash
 # everything everywhere all at once
-bbot -t evilcorp.com -p kitchen-sink
+bbot -t evilcorp.com -p kitchen-sink --allow-deadly
 
 # roughly equivalent to:
-bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots
+bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots --allow-deadly
 ```
 
 <!-- BBOT KITCHEN-SINK PRESET EXPANDABLE -->

{bbot-2.3.0.5336rc0.dist-info → bbot-2.3.0.5354rc0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-bbot/__init__.py,sha256=64_F2PE18hTp73HNgaDhvsf-5sGFJgIhexCXhwya6Nw,130
+bbot/__init__.py,sha256=-FTJivANQg1DxYPRW-_-j0E66PFIwvSBnASvwTEpp_g,130
 bbot/cli.py,sha256=-9d6yCAYZaP0lIOCja-fSk3MiNclc-kbEgos10jYNUQ,10440
 bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
 bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
@@ -120,7 +120,7 @@ bbot/modules/iis_shortnames.py,sha256=NI0lAcTzUTJCkw9uJZJB6_OsOQ7J6bSGtZw_nAWHvo
 bbot/modules/internal/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bbot/modules/internal/aggregate.py,sha256=csWYIt2fUp9K_CRxP3bndUMIjpNIh8rmBubp5Fr1-nc,395
 bbot/modules/internal/base.py,sha256=BXO4Hc7XKaAOaLzolF3krJX1KibPxtek2GTQUgnCHk0,387
-bbot/modules/internal/cloudcheck.py,sha256=kkD5DC5Y7EPCiVTdEspZktkflArU3unx--9ciBikxHo,4099
+bbot/modules/internal/cloudcheck.py,sha256=86wYVzoY8OeorpqQFger9UrdNdu2vTkd8XmC9xtplUc,4727
 bbot/modules/internal/dnsresolve.py,sha256=UW88BlpJ7gOjPARrjVgtwpDIDPNQZRpuIRpL2yVP6T4,15251
 bbot/modules/internal/excavate.py,sha256=XCwEreroQIRPBnKBNo1epLHcbycCZGYTuW73Zi8qZLU,51174
 bbot/modules/internal/speculate.py,sha256=hOJPrmJP8-APqSEbmYsbKrvovLIGIz4dJUoZyusq0w0,9270
@@ -160,7 +160,7 @@ bbot/modules/paramminer_getparams.py,sha256=_j6rgaqV5wGJoa8p5-KKbe2YsVGUtmWIanCV
 bbot/modules/paramminer_headers.py,sha256=QEnWxveQVuS91MEYKYtfquqdNzimN7sQHuxpcqiTHpo,10305
 bbot/modules/passivetotal.py,sha256=uGT6c_CUxBNInmClsTg8afIYA2ZykKYYCgjkyzujfHg,1653
 bbot/modules/pgp.py,sha256=Xu2M9WEIlwTm5-Lv29g7BblI05tD9Dl0XsYSeY6UURs,2065
-bbot/modules/portscan.py,sha256=eb1sNb8ffe5gcjOsOOvX48oNtecJ1Tqq6exoz_G_jZ4,13327
+bbot/modules/portscan.py,sha256=2VSoxoh0AypE8DoGKHqE-a57G4Z91XEo3kquQ5OpM3Y,14656
 bbot/modules/postman.py,sha256=tbLrxi5pOycLABvphORxyK9duTSBXZLgpf1vAZvOIa0,3512
 bbot/modules/postman_download.py,sha256=dYKwZjM1Z8JTy8oKWha1WHZTetxVIYRM09-vsHBNNUI,9071
 bbot/modules/rapiddns.py,sha256=uONESr0B5pv9cSAr7lF4WWV31APUhXyHexvI04rUcyk,787
@@ -185,7 +185,7 @@ bbot/modules/templates/github.py,sha256=ENnDWpzzmZBsTisDx6Cg9V_NwJKyVyPIOpGAPkti
 bbot/modules/templates/postman.py,sha256=oxwVusW2EdNotVX7xnnxCTnWtj3xNPbfs8aff9s4phs,614
 bbot/modules/templates/shodan.py,sha256=BfI0mNPbqkykGmjMtARhmCGKmk1uq7yTlZoPgzzJ040,1175
 bbot/modules/templates/sql.py,sha256=bn8ZbTC0RkrA5wYOQ7RtSHfIywBm03L3mY344xH1Ue4,3417
-bbot/modules/templates/subdomain_enum.py,sha256=h2YhIWoMLUXV7EBIidiQezuwXf35T8tXmOO9Vg__sIY,8393
+bbot/modules/templates/subdomain_enum.py,sha256=54prHdg_wgTBHIJLPLbDWBqq2x978NDfDOGG7R5A6fQ,8403
 bbot/modules/templates/webhook.py,sha256=MYhKWrNYrsfM0a4PR6yVotudLyyCwgmy2eI-l9LvpBs,3706
 bbot/modules/trickest.py,sha256=MRgLW0YiDWzlWdAjyqfPPLFb-a51r-Ffn_dphiJI_gA,1550
 bbot/modules/trufflehog.py,sha256=yOoCszQe6ZoJGBUHfFp-lj5JH-Izp9R-CltsmZnI3Fw,8554
@@ -291,7 +291,7 @@ bbot/test/test_step_2/module_tests/test_module_c99.py,sha256=-xyL1y3eX_rGuBR-U0N
 bbot/test/test_step_2/module_tests/test_module_censys.py,sha256=RoFfLS0hgASdSoctJEzaKrHVqqRkuPRKPTYVCX2rZLo,4177
 bbot/test/test_step_2/module_tests/test_module_certspotter.py,sha256=60jCOeK1yaUEgtTxYW-T47kZgKt9XxP2qBH9w-0MDBk,636
 bbot/test/test_step_2/module_tests/test_module_chaos.py,sha256=9JRgtDEnnJgmEMCTB2bqRJRkBavLys-6ypHPxrM_hXk,956
-bbot/test/test_step_2/module_tests/test_module_cloudcheck.py,sha256=sRWgotul2I4qY5SjNBDuo2iOceHs-3x0cqJ-K29GitY,3927
+bbot/test/test_step_2/module_tests/test_module_cloudcheck.py,sha256=XWAkCpq0PMEGXksnK4tNR1IyPkjRd_anhCoT5tWmLU4,4074
 bbot/test/test_step_2/module_tests/test_module_code_repository.py,sha256=i02Tgvr_F9_E4d6aEaXrfdk71NkoDvjzP4C98l2rNGg,2414
 bbot/test/test_step_2/module_tests/test_module_columbus.py,sha256=JZG_EvDQoKGNcBhYOGaNr_FGU2s1BCzG6ePz4yfZcUg,564
 bbot/test/test_step_2/module_tests/test_module_credshed.py,sha256=rlvKZERFoAS-gg7sdgk6Pa2JbySmHDPee3zKUYATWlw,3362
@@ -355,7 +355,7 @@ bbot/test/test_step_2/module_tests/test_module_paramminer_getparams.py,sha256=mW
 bbot/test/test_step_2/module_tests/test_module_paramminer_headers.py,sha256=qTT-5fyqw69LaZBxak3FvPfH7lh9W0KVBtJgslD-3eQ,5545
 bbot/test/test_step_2/module_tests/test_module_passivetotal.py,sha256=fTGQECQ0OzcwiH64-0igFRKO-rs3kXScivZord_oWWU,1120
 bbot/test/test_step_2/module_tests/test_module_pgp.py,sha256=-m-nPq6WR5UzPDuxeZbuzBQfFi1QfrZQ8RZH4g11ocE,1609
-bbot/test/test_step_2/module_tests/test_module_portscan.py,sha256=StCm93P4q3o-NhPtUDOA6g_LTH2cwzEw0l2V5ZN5eeI,7306
+bbot/test/test_step_2/module_tests/test_module_portscan.py,sha256=MsemMkkKVCJBd3HuyP5FOasfDGCj-JK7bpiPjBpmTjk,7552
 bbot/test/test_step_2/module_tests/test_module_postgres.py,sha256=6Seqq1Bq2FEXbJnTi_BYv8ZZPWdy-SfnY8UJN24Op0Q,2689
 bbot/test/test_step_2/module_tests/test_module_postman.py,sha256=XvgfMgUhJuVgGkgT-JzxJyevNSVv7YvX1yLKJHmD3dw,5026
 bbot/test/test_step_2/module_tests/test_module_postman_download.py,sha256=B_NajQaGQjwMSmcBCr37_7cvcnw4Zmh8k_hVoWL7bVI,21623
@@ -410,8 +410,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ruUQwVfia1_m2u
 bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
 bbot/wordlists/valid_url_schemes.txt,sha256=VciB-ww0y-O8Ii1wpTR6rJzGDiC2r-dhVsIJApS1ZYU,3309
 bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
-bbot-2.3.0.5336rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
-bbot-2.3.0.5336rc0.dist-info/METADATA,sha256=8uDNDLBuulreOPW5vhd6ZaD5x94NcyjyAxbW7W-8hOU,17239
-bbot-2.3.0.5336rc0.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
-bbot-2.3.0.5336rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
-bbot-2.3.0.5336rc0.dist-info/RECORD,,
+bbot-2.3.0.5354rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
+bbot-2.3.0.5354rc0.dist-info/METADATA,sha256=1KTziVaVMXu5AycEu82eUZLY-mIQcs_0pqrsDJpcchA,17269
+bbot-2.3.0.5354rc0.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
+bbot-2.3.0.5354rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
+bbot-2.3.0.5354rc0.dist-info/RECORD,,