bbot 2.3.0.5370rc0__py3-none-any.whl → 2.3.0.5376rc0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of bbot might be problematic. Click here for more details.
- bbot/__init__.py +1 -1
- bbot/cli.py +0 -4
- bbot/core/config/files.py +0 -1
- bbot/core/event/base.py +0 -3
- bbot/core/helpers/dns/dns.py +0 -1
- bbot/core/helpers/dns/engine.py +0 -2
- bbot/core/helpers/dns/mock.py +0 -1
- bbot/core/helpers/libmagic.py +0 -1
- bbot/core/helpers/process.py +0 -2
- bbot/core/helpers/validators.py +0 -1
- bbot/core/helpers/web/engine.py +0 -1
- bbot/core/helpers/web/web.py +0 -1
- bbot/core/modules.py +0 -1
- bbot/db/sql/models.py +0 -1
- bbot/modules/baddns.py +0 -2
- bbot/modules/baddns_direct.py +0 -1
- bbot/modules/dotnetnuke.py +0 -2
- bbot/modules/internal/excavate.py +18 -21
- bbot/modules/paramminer_headers.py +1 -4
- bbot/modules/trufflehog.py +1 -1
- bbot/scanner/preset/args.py +0 -1
- bbot/scanner/preset/environ.py +0 -1
- bbot/test/test_step_2/module_tests/test_module_asset_inventory.py +0 -1
- bbot/test/test_step_2/module_tests/test_module_dnsbrute.py +0 -1
- bbot/test/test_step_2/module_tests/test_module_dnsbrute_mutations.py +0 -1
- bbot/test/test_step_2/module_tests/test_module_dnscommonsrv.py +0 -1
- bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py +0 -2
- bbot/test/test_step_2/module_tests/test_module_excavate.py +0 -20
- bbot/test/test_step_2/module_tests/test_module_paramminer_cookies.py +0 -1
- bbot/test/test_step_2/module_tests/test_module_paramminer_getparams.py +0 -6
- bbot/test/test_step_2/module_tests/test_module_paramminer_headers.py +0 -7
- bbot/test/test_step_2/module_tests/test_module_portscan.py +0 -1
- {bbot-2.3.0.5370rc0.dist-info → bbot-2.3.0.5376rc0.dist-info}/METADATA +1 -1
- {bbot-2.3.0.5370rc0.dist-info → bbot-2.3.0.5376rc0.dist-info}/RECORD +37 -37
- {bbot-2.3.0.5370rc0.dist-info → bbot-2.3.0.5376rc0.dist-info}/LICENSE +0 -0
- {bbot-2.3.0.5370rc0.dist-info → bbot-2.3.0.5376rc0.dist-info}/WHEEL +0 -0
- {bbot-2.3.0.5370rc0.dist-info → bbot-2.3.0.5376rc0.dist-info}/entry_points.txt +0 -0
bbot/__init__.py
CHANGED
bbot/cli.py
CHANGED
|
@@ -29,7 +29,6 @@ scan_name = ""
|
|
|
29
29
|
|
|
30
30
|
|
|
31
31
|
async def _main():
|
|
32
|
-
|
|
33
32
|
import asyncio
|
|
34
33
|
import traceback
|
|
35
34
|
from contextlib import suppress
|
|
@@ -45,7 +44,6 @@ async def _main():
|
|
|
45
44
|
global scan_name
|
|
46
45
|
|
|
47
46
|
try:
|
|
48
|
-
|
|
49
47
|
# start by creating a default scan preset
|
|
50
48
|
preset = Preset(_log=True, name="bbot_cli_main")
|
|
51
49
|
# parse command line arguments and merge into preset
|
|
@@ -81,7 +79,6 @@ async def _main():
|
|
|
81
79
|
|
|
82
80
|
# if we're listing modules or their options
|
|
83
81
|
if options.list_modules or options.list_module_options:
|
|
84
|
-
|
|
85
82
|
# if no modules or flags are specified, enable everything
|
|
86
83
|
if not (options.modules or options.output_modules or options.flags):
|
|
87
84
|
for module, preloaded in preset.module_loader.preloaded().items():
|
|
@@ -172,7 +169,6 @@ async def _main():
|
|
|
172
169
|
log.trace(f"Command: {' '.join(sys.argv)}")
|
|
173
170
|
|
|
174
171
|
if sys.stdin.isatty():
|
|
175
|
-
|
|
176
172
|
# warn if any targets belong directly to a cloud provider
|
|
177
173
|
for event in scan.target.seeds.events:
|
|
178
174
|
if event.type == "DNS_NAME":
|
bbot/core/config/files.py
CHANGED
|
@@ -10,7 +10,6 @@ bbot_code_dir = Path(__file__).parent.parent.parent
|
|
|
10
10
|
|
|
11
11
|
|
|
12
12
|
class BBOTConfigFiles:
|
|
13
|
-
|
|
14
13
|
config_dir = (Path.home() / ".config" / "bbot").resolve()
|
|
15
14
|
defaults_filename = (bbot_code_dir / "defaults.yml").resolve()
|
|
16
15
|
config_filename = (config_dir / "bbot.yml").resolve()
|
bbot/core/event/base.py
CHANGED
|
@@ -1180,7 +1180,6 @@ class URL_UNVERIFIED(BaseEvent):
|
|
|
1180
1180
|
self.num_redirects = getattr(self.parent, "num_redirects", 0)
|
|
1181
1181
|
|
|
1182
1182
|
def _data_id(self):
|
|
1183
|
-
|
|
1184
1183
|
data = super()._data_id()
|
|
1185
1184
|
|
|
1186
1185
|
# remove the querystring for URL/URL_UNVERIFIED events, because we will conditionally add it back in (based on settings)
|
|
@@ -1267,7 +1266,6 @@ class URL_UNVERIFIED(BaseEvent):
|
|
|
1267
1266
|
|
|
1268
1267
|
|
|
1269
1268
|
class URL(URL_UNVERIFIED):
|
|
1270
|
-
|
|
1271
1269
|
def __init__(self, *args, **kwargs):
|
|
1272
1270
|
super().__init__(*args, **kwargs)
|
|
1273
1271
|
|
|
@@ -1309,7 +1307,6 @@ class URL_HINT(URL_UNVERIFIED):
|
|
|
1309
1307
|
|
|
1310
1308
|
|
|
1311
1309
|
class WEB_PARAMETER(DictHostEvent):
|
|
1312
|
-
|
|
1313
1310
|
def _data_id(self):
|
|
1314
1311
|
# dedupe by url:name:param_type
|
|
1315
1312
|
url = self.data.get("url", "")
|
bbot/core/helpers/dns/dns.py
CHANGED
bbot/core/helpers/dns/engine.py
CHANGED
|
@@ -24,7 +24,6 @@ all_rdtypes = ["A", "AAAA", "SRV", "MX", "NS", "SOA", "CNAME", "TXT"]
|
|
|
24
24
|
|
|
25
25
|
|
|
26
26
|
class DNSEngine(EngineServer):
|
|
27
|
-
|
|
28
27
|
CMDS = {
|
|
29
28
|
0: "resolve",
|
|
30
29
|
1: "resolve_raw",
|
|
@@ -476,7 +475,6 @@ class DNSEngine(EngineServer):
|
|
|
476
475
|
# for every parent domain, starting with the shortest
|
|
477
476
|
parents = list(domain_parents(query))
|
|
478
477
|
for parent in parents[::-1]:
|
|
479
|
-
|
|
480
478
|
# check if the parent domain is set up with wildcards
|
|
481
479
|
wildcard_results = await self.is_wildcard_domain(parent, rdtypes_to_check)
|
|
482
480
|
|
bbot/core/helpers/dns/mock.py
CHANGED
bbot/core/helpers/libmagic.py
CHANGED
bbot/core/helpers/process.py
CHANGED
|
@@ -7,7 +7,6 @@ from .misc import in_exception_chain
|
|
|
7
7
|
|
|
8
8
|
|
|
9
9
|
class BBOTThread(threading.Thread):
|
|
10
|
-
|
|
11
10
|
default_name = "default bbot thread"
|
|
12
11
|
|
|
13
12
|
def __init__(self, *args, **kwargs):
|
|
@@ -24,7 +23,6 @@ class BBOTThread(threading.Thread):
|
|
|
24
23
|
|
|
25
24
|
|
|
26
25
|
class BBOTProcess(SpawnProcess):
|
|
27
|
-
|
|
28
26
|
default_name = "bbot process pool"
|
|
29
27
|
|
|
30
28
|
def __init__(self, *args, **kwargs):
|
bbot/core/helpers/validators.py
CHANGED
bbot/core/helpers/web/engine.py
CHANGED
bbot/core/helpers/web/web.py
CHANGED
bbot/core/modules.py
CHANGED
|
@@ -337,7 +337,6 @@ class ModuleLoader:
|
|
|
337
337
|
# look for classes
|
|
338
338
|
if type(root_element) == ast.ClassDef:
|
|
339
339
|
for class_attr in root_element.body:
|
|
340
|
-
|
|
341
340
|
# class attributes that are dictionaries
|
|
342
341
|
if type(class_attr) == ast.Assign and type(class_attr.value) == ast.Dict:
|
|
343
342
|
# module options
|
bbot/db/sql/models.py
CHANGED
bbot/modules/baddns.py
CHANGED
|
@@ -55,7 +55,6 @@ class baddns(BaseModule):
|
|
|
55
55
|
return True
|
|
56
56
|
|
|
57
57
|
async def handle_event(self, event):
|
|
58
|
-
|
|
59
58
|
tasks = []
|
|
60
59
|
for ModuleClass in self.select_modules():
|
|
61
60
|
kwargs = {
|
|
@@ -75,7 +74,6 @@ class baddns(BaseModule):
|
|
|
75
74
|
tasks.append((module_instance, task))
|
|
76
75
|
|
|
77
76
|
async for completed_task in self.helpers.as_completed([task for _, task in tasks]):
|
|
78
|
-
|
|
79
77
|
module_instance = next((m for m, t in tasks if t == completed_task), None)
|
|
80
78
|
try:
|
|
81
79
|
task_result = await completed_task
|
bbot/modules/baddns_direct.py
CHANGED
bbot/modules/dotnetnuke.py
CHANGED
|
@@ -32,7 +32,6 @@ class dotnetnuke(BaseModule):
|
|
|
32
32
|
self.interactsh_instance = None
|
|
33
33
|
|
|
34
34
|
if self.scan.config.get("interactsh_disable", False) == False:
|
|
35
|
-
|
|
36
35
|
try:
|
|
37
36
|
self.interactsh_instance = self.helpers.interactsh()
|
|
38
37
|
self.interactsh_domain = await self.interactsh_instance.register(callback=self.interactsh_callback)
|
|
@@ -114,7 +113,6 @@ class dotnetnuke(BaseModule):
|
|
|
114
113
|
)
|
|
115
114
|
|
|
116
115
|
if "endpoint" not in event.tags:
|
|
117
|
-
|
|
118
116
|
# NewsArticlesSlider ImageHandler.ashx File Read
|
|
119
117
|
result = await self.helpers.request(
|
|
120
118
|
f'{event.data["url"]}/DesktopModules/dnnUI_NewsArticlesSlider/ImageHandler.ashx?img=~/web.config'
|
|
@@ -62,7 +62,6 @@ def _exclude_key(original_dict, key_to_exclude):
|
|
|
62
62
|
|
|
63
63
|
|
|
64
64
|
def extract_params_url(parsed_url):
|
|
65
|
-
|
|
66
65
|
params = parse_qs(parsed_url.query)
|
|
67
66
|
flat_params = {k: v[0] for k, v in params.items()}
|
|
68
67
|
|
|
@@ -94,7 +93,6 @@ def extract_params_location(location_header_value, original_parsed_url):
|
|
|
94
93
|
|
|
95
94
|
|
|
96
95
|
class YaraRuleSettings:
|
|
97
|
-
|
|
98
96
|
def __init__(self, description, tags, emit_match):
|
|
99
97
|
self.description = description
|
|
100
98
|
self.tags = tags
|
|
@@ -263,7 +261,6 @@ class ExcavateRule:
|
|
|
263
261
|
|
|
264
262
|
|
|
265
263
|
class CustomExtractor(ExcavateRule):
|
|
266
|
-
|
|
267
264
|
def __init__(self, excavate):
|
|
268
265
|
super().__init__(excavate)
|
|
269
266
|
|
|
@@ -358,7 +355,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
358
355
|
)
|
|
359
356
|
|
|
360
357
|
class ParameterExtractor(ExcavateRule):
|
|
361
|
-
|
|
362
358
|
yara_rules = {}
|
|
363
359
|
|
|
364
360
|
class ParameterExtractorRule:
|
|
@@ -372,7 +368,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
372
368
|
self.result = result
|
|
373
369
|
|
|
374
370
|
class GetJquery(ParameterExtractorRule):
|
|
375
|
-
|
|
376
371
|
name = "GET jquery"
|
|
377
372
|
discovery_regex = r"/\$.get\([^\)].+\)/ nocase"
|
|
378
373
|
extraction_regex = re.compile(r"\$.get\([\'\"](.+)[\'\"].+(\{.+\})\)")
|
|
@@ -393,8 +388,12 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
393
388
|
for action, extracted_parameters in extracted_results:
|
|
394
389
|
extracted_parameters_dict = self.convert_to_dict(extracted_parameters)
|
|
395
390
|
for parameter_name, original_value in extracted_parameters_dict.items():
|
|
396
|
-
yield
|
|
397
|
-
|
|
391
|
+
yield (
|
|
392
|
+
self.output_type,
|
|
393
|
+
parameter_name,
|
|
394
|
+
original_value,
|
|
395
|
+
action,
|
|
396
|
+
_exclude_key(extracted_parameters_dict, parameter_name),
|
|
398
397
|
)
|
|
399
398
|
|
|
400
399
|
class PostJquery(GetJquery):
|
|
@@ -418,8 +417,12 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
418
417
|
k: v[0] if isinstance(v, list) and len(v) == 1 else v for k, v in query_strings.items()
|
|
419
418
|
}
|
|
420
419
|
for parameter_name, original_value in query_strings_dict.items():
|
|
421
|
-
yield
|
|
422
|
-
|
|
420
|
+
yield (
|
|
421
|
+
self.output_type,
|
|
422
|
+
parameter_name,
|
|
423
|
+
original_value,
|
|
424
|
+
url,
|
|
425
|
+
_exclude_key(query_strings_dict, parameter_name),
|
|
423
426
|
)
|
|
424
427
|
|
|
425
428
|
class GetForm(ParameterExtractorRule):
|
|
@@ -444,8 +447,12 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
444
447
|
form_parameters[parameter_name] = original_value
|
|
445
448
|
|
|
446
449
|
for parameter_name, original_value in form_parameters.items():
|
|
447
|
-
yield
|
|
448
|
-
|
|
450
|
+
yield (
|
|
451
|
+
self.output_type,
|
|
452
|
+
parameter_name,
|
|
453
|
+
original_value,
|
|
454
|
+
form_action,
|
|
455
|
+
_exclude_key(form_parameters, parameter_name),
|
|
449
456
|
)
|
|
450
457
|
|
|
451
458
|
class PostForm(GetForm):
|
|
@@ -485,7 +492,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
485
492
|
endpoint,
|
|
486
493
|
additional_params,
|
|
487
494
|
) in extracted_params:
|
|
488
|
-
|
|
489
495
|
self.excavate.debug(
|
|
490
496
|
f"Found Parameter [{parameter_name}] in [{parameterExtractorSubModule.name}] ParameterExtractor Submodule"
|
|
491
497
|
)
|
|
@@ -497,7 +503,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
497
503
|
)
|
|
498
504
|
|
|
499
505
|
if self.excavate.helpers.validate_parameter(parameter_name, parameter_type):
|
|
500
|
-
|
|
501
506
|
if self.excavate.in_bl(parameter_name) == False:
|
|
502
507
|
parsed_url = urlparse(url)
|
|
503
508
|
description = f"HTTP Extracted Parameter [{parameter_name}] ({parameterExtractorSubModule.name} Submodule)"
|
|
@@ -532,7 +537,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
532
537
|
await self.report(domain, event, yara_rule_settings, discovery_context, event_type="DNS_NAME")
|
|
533
538
|
|
|
534
539
|
class EmailExtractor(ExcavateRule):
|
|
535
|
-
|
|
536
540
|
yara_rules = {
|
|
537
541
|
"email": 'rule email { meta: description = "contains email address" strings: $email = /[^\\W_][\\w\\-\\.\\+\']{0,100}@[a-zA-Z0-9\\-]{1,100}(\\.[a-zA-Z0-9\\-]{1,100})*\\.[a-zA-Z]{2,63}/ nocase fullword condition: $email }',
|
|
538
542
|
}
|
|
@@ -551,7 +555,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
551
555
|
}
|
|
552
556
|
|
|
553
557
|
class ErrorExtractor(ExcavateRule):
|
|
554
|
-
|
|
555
558
|
signatures = {
|
|
556
559
|
"PHP_1": r"/\.php on line [0-9]+/",
|
|
557
560
|
"PHP_2": r"/\.php<\/b> on line <b>[0-9]+/",
|
|
@@ -589,7 +592,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
589
592
|
await self.report(event_data, event, yara_rule_settings, discovery_context, event_type="FINDING")
|
|
590
593
|
|
|
591
594
|
class SerializationExtractor(ExcavateRule):
|
|
592
|
-
|
|
593
595
|
regexes = {
|
|
594
596
|
"Java": re.compile(r"[^a-zA-Z0-9\/+]rO0[a-zA-Z0-9+\/]+={0,2}"),
|
|
595
597
|
"DOTNET": re.compile(r"[^a-zA-Z0-9\/+]AAEAAAD\/\/[a-zA-Z0-9\/+]+={0,2}"),
|
|
@@ -619,7 +621,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
619
621
|
await self.report(event_data, event, yara_rule_settings, discovery_context, event_type="FINDING")
|
|
620
622
|
|
|
621
623
|
class FunctionalityExtractor(ExcavateRule):
|
|
622
|
-
|
|
623
624
|
yara_rules = {
|
|
624
625
|
"File_Upload_Functionality": r'rule File_Upload_Functionality { meta: description = "contains file upload functionality" strings: $fileuploadfunc = /<input[^>]+type=["\']?file["\']?[^>]+>/ nocase condition: $fileuploadfunc }',
|
|
625
626
|
"Web_Service_WSDL": r'rule Web_Service_WSDL { meta: emit_match = "True" description = "contains a web service WSDL URL" strings: $wsdl = /https?:\/\/[^\s]*\.(wsdl)/ nocase condition: $wsdl }',
|
|
@@ -704,7 +705,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
704
705
|
tag_attribute_regex = bbot_regexes.tag_attribute_regex
|
|
705
706
|
|
|
706
707
|
async def process(self, yara_results, event, yara_rule_settings, discovery_context):
|
|
707
|
-
|
|
708
708
|
for identifier, results in yara_results.items():
|
|
709
709
|
urls_found = 0
|
|
710
710
|
final_url = ""
|
|
@@ -897,7 +897,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
897
897
|
decoded_data = await self.helpers.re.recursive_decode(data)
|
|
898
898
|
|
|
899
899
|
if self.parameter_extraction:
|
|
900
|
-
|
|
901
900
|
content_type_lower = content_type.lower() if content_type else ""
|
|
902
901
|
extraction_map = {
|
|
903
902
|
"json": self.helpers.extract_params_json,
|
|
@@ -934,7 +933,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
934
933
|
self.hugewarning(f"YARA Rule {rule_name} not found in pre-compiled rules")
|
|
935
934
|
|
|
936
935
|
async def handle_event(self, event):
|
|
937
|
-
|
|
938
936
|
if event.type == "HTTP_RESPONSE":
|
|
939
937
|
# Harvest GET parameters from URL, if it came directly from the target, and parameter extraction is enabled
|
|
940
938
|
if (
|
|
@@ -1023,7 +1021,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
1023
1021
|
|
|
1024
1022
|
# Try to extract parameters from the redirect URL
|
|
1025
1023
|
if self.parameter_extraction:
|
|
1026
|
-
|
|
1027
1024
|
for (
|
|
1028
1025
|
method,
|
|
1029
1026
|
parsed_url,
|
|
@@ -82,7 +82,6 @@ class paramminer_headers(BaseModule):
|
|
|
82
82
|
header_regex = re.compile(r"^[!#$%&\'*+\-.^_`|~0-9a-zA-Z]+: [^\r\n]+$")
|
|
83
83
|
|
|
84
84
|
async def setup(self):
|
|
85
|
-
|
|
86
85
|
self.recycle_words = self.config.get("recycle_words", True)
|
|
87
86
|
self.event_dict = {}
|
|
88
87
|
self.already_checked = set()
|
|
@@ -157,7 +156,6 @@ class paramminer_headers(BaseModule):
|
|
|
157
156
|
)
|
|
158
157
|
|
|
159
158
|
async def handle_event(self, event):
|
|
160
|
-
|
|
161
159
|
# If recycle words is enabled, we will collect WEB_PARAMETERS we find to build our list in finish()
|
|
162
160
|
# We also collect any parameters of type "SPECULATIVE"
|
|
163
161
|
if event.type == "WEB_PARAMETER":
|
|
@@ -201,7 +199,7 @@ class paramminer_headers(BaseModule):
|
|
|
201
199
|
return
|
|
202
200
|
for count, args, kwargs in self.gen_count_args(url):
|
|
203
201
|
r = await self.helpers.request(*args, **kwargs)
|
|
204
|
-
if r is not None and not (
|
|
202
|
+
if r is not None and not (str(r.status_code)[0] in ("4", "5")):
|
|
205
203
|
return count
|
|
206
204
|
|
|
207
205
|
def gen_count_args(self, url):
|
|
@@ -240,7 +238,6 @@ class paramminer_headers(BaseModule):
|
|
|
240
238
|
return await compare_helper.compare(url, headers=test_headers, check_reflection=(len(header_list) == 1))
|
|
241
239
|
|
|
242
240
|
async def finish(self):
|
|
243
|
-
|
|
244
241
|
untested_matches = sorted(list(self.extracted_words_master.copy()))
|
|
245
242
|
for url, (event, batch_size) in list(self.event_dict.items()):
|
|
246
243
|
try:
|
bbot/modules/trufflehog.py
CHANGED
bbot/scanner/preset/args.py
CHANGED
bbot/scanner/preset/environ.py
CHANGED
|
@@ -10,7 +10,6 @@ class TestAsset_Inventory(ModuleTestBase):
|
|
|
10
10
|
masscan_output = """{ "ip": "127.0.0.1", "timestamp": "1680197558", "ports": [ {"port": 9999, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 54} ] }"""
|
|
11
11
|
|
|
12
12
|
async def setup_before_prep(self, module_test):
|
|
13
|
-
|
|
14
13
|
async def run_masscan(command, *args, **kwargs):
|
|
15
14
|
if "masscan" in command[:2]:
|
|
16
15
|
targets = open(command[11]).read().splitlines()
|
|
@@ -7,7 +7,6 @@ class TestDnsbrute(ModuleTestBase):
|
|
|
7
7
|
config_overrides = {"modules": {"dnsbrute": {"wordlist": str(subdomain_wordlist), "max_depth": 3}}}
|
|
8
8
|
|
|
9
9
|
async def setup_after_prep(self, module_test):
|
|
10
|
-
|
|
11
10
|
old_run_live = module_test.scan.helpers.run_live
|
|
12
11
|
|
|
13
12
|
async def new_run_live(*command, check=False, text=True, **kwargs):
|
|
@@ -8,7 +8,6 @@ class TestDNSCommonSRV(ModuleTestBase):
|
|
|
8
8
|
config_overrides = {"dns": {"minimal": False}}
|
|
9
9
|
|
|
10
10
|
async def setup_after_prep(self, module_test):
|
|
11
|
-
|
|
12
11
|
old_run_live = module_test.scan.helpers.run_live
|
|
13
12
|
|
|
14
13
|
async def new_run_live(*command, check=False, text=True, **kwargs):
|
|
@@ -146,14 +146,12 @@ class TestDotnetnuke_blindssrf(ModuleTestBase):
|
|
|
146
146
|
return Response("alive", status=200)
|
|
147
147
|
|
|
148
148
|
async def setup_before_prep(self, module_test):
|
|
149
|
-
|
|
150
149
|
self.interactsh_mock_instance = module_test.mock_interactsh("dotnetnuke_blindssrf")
|
|
151
150
|
module_test.monkeypatch.setattr(
|
|
152
151
|
module_test.scan.helpers, "interactsh", lambda *args, **kwargs: self.interactsh_mock_instance
|
|
153
152
|
)
|
|
154
153
|
|
|
155
154
|
async def setup_after_prep(self, module_test):
|
|
156
|
-
|
|
157
155
|
# Simulate DotNetNuke Instance
|
|
158
156
|
expect_args = {"method": "GET", "uri": "/"}
|
|
159
157
|
respond_args = {"response_data": dotnetnuke_http_response}
|
|
@@ -13,7 +13,6 @@ class TestExcavate(ModuleTestBase):
|
|
|
13
13
|
config_overrides = {"web": {"spider_distance": 1, "spider_depth": 1}}
|
|
14
14
|
|
|
15
15
|
async def setup_before_prep(self, module_test):
|
|
16
|
-
|
|
17
16
|
response_data = """
|
|
18
17
|
ftp://ftp.test.notreal
|
|
19
18
|
\\nhttps://www1.test.notreal
|
|
@@ -181,7 +180,6 @@ class TestExcavateRedirect(TestExcavate):
|
|
|
181
180
|
module_test.httpserver.no_handler_status_code = 404
|
|
182
181
|
|
|
183
182
|
def check(self, module_test, events):
|
|
184
|
-
|
|
185
183
|
assert 1 == len(
|
|
186
184
|
[
|
|
187
185
|
e
|
|
@@ -332,7 +330,6 @@ class TestExcavateMaxLinksPerPage(TestExcavate):
|
|
|
332
330
|
|
|
333
331
|
|
|
334
332
|
class TestExcavateCSP(TestExcavate):
|
|
335
|
-
|
|
336
333
|
csp_test_header = "default-src 'self'; script-src asdf.test.notreal; object-src 'none';"
|
|
337
334
|
|
|
338
335
|
async def setup_before_prep(self, module_test):
|
|
@@ -356,7 +353,6 @@ class TestExcavateURL(TestExcavate):
|
|
|
356
353
|
|
|
357
354
|
|
|
358
355
|
class TestExcavateURL_IP(TestExcavate):
|
|
359
|
-
|
|
360
356
|
targets = ["http://127.0.0.1:8888/", "127.0.0.2"]
|
|
361
357
|
|
|
362
358
|
async def setup_before_prep(self, module_test):
|
|
@@ -405,7 +401,6 @@ class TestExcavateSerializationPositive(TestExcavate):
|
|
|
405
401
|
|
|
406
402
|
|
|
407
403
|
class TestExcavateNonHttpScheme(TestExcavate):
|
|
408
|
-
|
|
409
404
|
targets = ["http://127.0.0.1:8888/", "test.notreal"]
|
|
410
405
|
|
|
411
406
|
non_http_scheme_html = """
|
|
@@ -425,7 +420,6 @@ class TestExcavateNonHttpScheme(TestExcavate):
|
|
|
425
420
|
module_test.httpserver.expect_request("/").respond_with_data(self.non_http_scheme_html)
|
|
426
421
|
|
|
427
422
|
def check(self, module_test, events):
|
|
428
|
-
|
|
429
423
|
found_hxxp_url = False
|
|
430
424
|
found_ftp_url = False
|
|
431
425
|
found_nonsense_url = False
|
|
@@ -540,7 +534,6 @@ class TestExcavateParameterExtraction(TestExcavate):
|
|
|
540
534
|
|
|
541
535
|
|
|
542
536
|
class TestExcavateParameterExtraction_getparam(ModuleTestBase):
|
|
543
|
-
|
|
544
537
|
targets = ["http://127.0.0.1:8888/"]
|
|
545
538
|
|
|
546
539
|
# hunt is added as parameter extraction is only activated by one or more modules that consume WEB_PARAMETER
|
|
@@ -554,11 +547,9 @@ class TestExcavateParameterExtraction_getparam(ModuleTestBase):
|
|
|
554
547
|
module_test.set_expect_requests(respond_args=respond_args)
|
|
555
548
|
|
|
556
549
|
def check(self, module_test, events):
|
|
557
|
-
|
|
558
550
|
excavate_getparam_extraction = False
|
|
559
551
|
for e in events:
|
|
560
552
|
if e.type == "WEB_PARAMETER":
|
|
561
|
-
|
|
562
553
|
if "HTTP Extracted Parameter [hack] (HTML Tags Submodule)" in e.data["description"]:
|
|
563
554
|
excavate_getparam_extraction = True
|
|
564
555
|
assert excavate_getparam_extraction, "Excavate failed to extract web parameter"
|
|
@@ -626,7 +617,6 @@ class excavateTestRule(ExcavateRule):
|
|
|
626
617
|
|
|
627
618
|
|
|
628
619
|
class TestExcavateYara(TestExcavate):
|
|
629
|
-
|
|
630
620
|
targets = ["http://127.0.0.1:8888/"]
|
|
631
621
|
yara_test_html = """
|
|
632
622
|
<html>
|
|
@@ -641,12 +631,10 @@ class TestExcavateYara(TestExcavate):
|
|
|
641
631
|
"""
|
|
642
632
|
|
|
643
633
|
async def setup_before_prep(self, module_test):
|
|
644
|
-
|
|
645
634
|
self.modules_overrides = ["excavate", "httpx"]
|
|
646
635
|
module_test.httpserver.expect_request("/").respond_with_data(self.yara_test_html)
|
|
647
636
|
|
|
648
637
|
async def setup_after_prep(self, module_test):
|
|
649
|
-
|
|
650
638
|
excavate_module = module_test.scan.modules["excavate"]
|
|
651
639
|
excavateruleinstance = excavateTestRule(excavate_module)
|
|
652
640
|
excavate_module.add_yara_rule(
|
|
@@ -665,7 +653,6 @@ class TestExcavateYara(TestExcavate):
|
|
|
665
653
|
found_yara_string_1 = False
|
|
666
654
|
found_yara_string_2 = False
|
|
667
655
|
for e in events:
|
|
668
|
-
|
|
669
656
|
if e.type == "FINDING":
|
|
670
657
|
if e.data["description"] == "HTTP response (body) Contains the text AAAABBBBCCCC":
|
|
671
658
|
found_yara_string_1 = True
|
|
@@ -677,7 +664,6 @@ class TestExcavateYara(TestExcavate):
|
|
|
677
664
|
|
|
678
665
|
|
|
679
666
|
class TestExcavateYaraCustom(TestExcavateYara):
|
|
680
|
-
|
|
681
667
|
rule_file = [
|
|
682
668
|
'rule SearchForText { meta: description = "Contains the text AAAABBBBCCCC" strings: $text = "AAAABBBBCCCC" condition: $text }',
|
|
683
669
|
'rule SearchForText2 { meta: description = "Contains the text DDDDEEEEFFFF" strings: $text2 = "DDDDEEEEFFFF" condition: $text2 }',
|
|
@@ -711,7 +697,6 @@ class TestExcavateSpiderDedupe(ModuleTestBase):
|
|
|
711
697
|
module_test.httpserver.expect_request("/spider").respond_with_data("hi")
|
|
712
698
|
|
|
713
699
|
def check(self, module_test, events):
|
|
714
|
-
|
|
715
700
|
found_url_unverified_spider_max = False
|
|
716
701
|
found_url_unverified_dummy = False
|
|
717
702
|
found_url_event = False
|
|
@@ -803,7 +788,6 @@ class TestExcavate_retain_querystring(ModuleTestBase):
|
|
|
803
788
|
|
|
804
789
|
|
|
805
790
|
class TestExcavate_retain_querystring_not(TestExcavate_retain_querystring):
|
|
806
|
-
|
|
807
791
|
config_overrides = {
|
|
808
792
|
"url_querystring_remove": False,
|
|
809
793
|
"url_querystring_collapse": False,
|
|
@@ -827,7 +811,6 @@ class TestExcavate_retain_querystring_not(TestExcavate_retain_querystring):
|
|
|
827
811
|
|
|
828
812
|
|
|
829
813
|
class TestExcavate_webparameter_outofscope(ModuleTestBase):
|
|
830
|
-
|
|
831
814
|
html_body = "<html><a class=button href='https://socialmediasite.com/send?text=foo'><a class=button href='https://outofscope.com/send?text=foo'></html>"
|
|
832
815
|
|
|
833
816
|
targets = ["http://127.0.0.1:8888", "socialmediasite.com"]
|
|
@@ -858,13 +841,11 @@ class TestExcavate_webparameter_outofscope(ModuleTestBase):
|
|
|
858
841
|
|
|
859
842
|
|
|
860
843
|
class TestExcavateHeaders(ModuleTestBase):
|
|
861
|
-
|
|
862
844
|
targets = ["http://127.0.0.1:8888/"]
|
|
863
845
|
modules_overrides = ["excavate", "httpx", "hunt"]
|
|
864
846
|
config_overrides = {"web": {"spider_distance": 1, "spider_depth": 1}}
|
|
865
847
|
|
|
866
848
|
async def setup_before_prep(self, module_test):
|
|
867
|
-
|
|
868
849
|
module_test.httpserver.expect_request("/").respond_with_data(
|
|
869
850
|
"<html><p>test</p></html>",
|
|
870
851
|
status=200,
|
|
@@ -877,7 +858,6 @@ class TestExcavateHeaders(ModuleTestBase):
|
|
|
877
858
|
)
|
|
878
859
|
|
|
879
860
|
def check(self, module_test, events):
|
|
880
|
-
|
|
881
861
|
found_first_cookie = False
|
|
882
862
|
found_second_cookie = False
|
|
883
863
|
|
|
@@ -89,7 +89,6 @@ class TestParamminer_Getparams_boring_off(TestParamminer_Getparams):
|
|
|
89
89
|
module_test.set_expect_requests(respond_args=respond_args)
|
|
90
90
|
|
|
91
91
|
def check(self, module_test, events):
|
|
92
|
-
|
|
93
92
|
emitted_boring_parameter = False
|
|
94
93
|
for e in events:
|
|
95
94
|
if e.type == "WEB_PARAMETER":
|
|
@@ -106,7 +105,6 @@ class TestParamminer_Getparams_boring_on(TestParamminer_Getparams_boring_off):
|
|
|
106
105
|
}
|
|
107
106
|
|
|
108
107
|
def check(self, module_test, events):
|
|
109
|
-
|
|
110
108
|
emitted_boring_parameter = False
|
|
111
109
|
|
|
112
110
|
for e in events:
|
|
@@ -160,15 +158,12 @@ class TestParamminer_Getparams_finish(Paramminer_Headers):
|
|
|
160
158
|
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
161
159
|
|
|
162
160
|
def check(self, module_test, events):
|
|
163
|
-
|
|
164
161
|
excavate_extracted_web_parameter = False
|
|
165
162
|
found_hidden_getparam_recycled = False
|
|
166
163
|
emitted_excavate_paramminer_duplicate = False
|
|
167
164
|
|
|
168
165
|
for e in events:
|
|
169
|
-
|
|
170
166
|
if e.type == "WEB_PARAMETER":
|
|
171
|
-
|
|
172
167
|
if (
|
|
173
168
|
"http://127.0.0.1:8888/test2.php" in e.data["url"]
|
|
174
169
|
and "HTTP Extracted Parameter [abcd1234] (HTML Tags Submodule)" in e.data["description"]
|
|
@@ -213,7 +208,6 @@ class TestParamminer_Getparams_xmlspeculative(Paramminer_Headers):
|
|
|
213
208
|
"""
|
|
214
209
|
|
|
215
210
|
async def setup_after_prep(self, module_test):
|
|
216
|
-
|
|
217
211
|
module_test.scan.modules["paramminer_getparams"].rand_string = lambda *args, **kwargs: "AAAAAAAAAAAAAA"
|
|
218
212
|
module_test.monkeypatch.setattr(
|
|
219
213
|
helper.HttpCompare, "gen_cache_buster", lambda *args, **kwargs: {"AAAAAA": "1"}
|
|
@@ -39,7 +39,6 @@ class Paramminer_Headers(ModuleTestBase):
|
|
|
39
39
|
module_test.set_expect_requests(respond_args=respond_args)
|
|
40
40
|
|
|
41
41
|
def check(self, module_test, events):
|
|
42
|
-
|
|
43
42
|
found_reflected_header = False
|
|
44
43
|
false_positive_match = False
|
|
45
44
|
|
|
@@ -60,7 +59,6 @@ class TestParamminer_Headers(Paramminer_Headers):
|
|
|
60
59
|
|
|
61
60
|
|
|
62
61
|
class TestParamminer_Headers_noreflection(Paramminer_Headers):
|
|
63
|
-
|
|
64
62
|
found_nonreflected_header = False
|
|
65
63
|
|
|
66
64
|
headers_body_match = """
|
|
@@ -82,7 +80,6 @@ class TestParamminer_Headers_noreflection(Paramminer_Headers):
|
|
|
82
80
|
|
|
83
81
|
|
|
84
82
|
class TestParamminer_Headers_extract(Paramminer_Headers):
|
|
85
|
-
|
|
86
83
|
modules_overrides = ["httpx", "paramminer_headers", "excavate"]
|
|
87
84
|
config_overrides = {
|
|
88
85
|
"modules": {
|
|
@@ -123,7 +120,6 @@ class TestParamminer_Headers_extract(Paramminer_Headers):
|
|
|
123
120
|
module_test.set_expect_requests(respond_args=respond_args)
|
|
124
121
|
|
|
125
122
|
def check(self, module_test, events):
|
|
126
|
-
|
|
127
123
|
excavate_extracted_web_parameter = False
|
|
128
124
|
used_recycled_parameter = False
|
|
129
125
|
|
|
@@ -139,17 +135,14 @@ class TestParamminer_Headers_extract(Paramminer_Headers):
|
|
|
139
135
|
|
|
140
136
|
|
|
141
137
|
class TestParamminer_Headers_extract_norecycle(TestParamminer_Headers_extract):
|
|
142
|
-
|
|
143
138
|
modules_overrides = ["httpx", "excavate"]
|
|
144
139
|
config_overrides = {}
|
|
145
140
|
|
|
146
141
|
async def setup_after_prep(self, module_test):
|
|
147
|
-
|
|
148
142
|
respond_args = {"response_data": self.headers_body}
|
|
149
143
|
module_test.set_expect_requests(respond_args=respond_args)
|
|
150
144
|
|
|
151
145
|
def check(self, module_test, events):
|
|
152
|
-
|
|
153
146
|
excavate_extracted_web_parameter = False
|
|
154
147
|
|
|
155
148
|
for e in events:
|
|
@@ -21,7 +21,6 @@ class TestPortscan(ModuleTestBase):
|
|
|
21
21
|
masscan_output_ping = """{ "ip": "8.8.8.8", "timestamp": "1719862594", "ports": [ {"port": 0, "proto": "icmp", "status": "open", "reason": "none", "ttl": 54} ] }"""
|
|
22
22
|
|
|
23
23
|
async def setup_after_prep(self, module_test):
|
|
24
|
-
|
|
25
24
|
from bbot.modules.base import BaseModule
|
|
26
25
|
|
|
27
26
|
class DummyModule(BaseModule):
|
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
bbot/__init__.py,sha256
|
|
2
|
-
bbot/cli.py,sha256
|
|
1
|
+
bbot/__init__.py,sha256=axMbsMMdxGO7hofgbNW8GFlsfp7fd12R17RP3nRqYC0,130
|
|
2
|
+
bbot/cli.py,sha256=f_HbPSOyR7ishGb-UVwGdI71kLFrvkko4d01lDYlSdE,10436
|
|
3
3
|
bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
|
|
4
4
|
bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
|
|
5
|
-
bbot/core/config/files.py,sha256=
|
|
5
|
+
bbot/core/config/files.py,sha256=zANvrTRLJQIOWSNkxd9MpWmf9cQFr0gRZLUxeIbTwQc,1412
|
|
6
6
|
bbot/core/config/logger.py,sha256=YBWLg3x0bEaHKQR8Fn9e1Y0OeyFTED0fgAMtUZT2gEw,10583
|
|
7
7
|
bbot/core/core.py,sha256=zFSbPd0YcjpeI1uO9U6lYY5gKmzNSTGhduvXvB6qZ0M,7065
|
|
8
8
|
bbot/core/engine.py,sha256=uauGZgd7zAnJwNmVVPDicwHbUVCa8pV_pif49lgYeWk,29364
|
|
9
9
|
bbot/core/event/__init__.py,sha256=8ut88ZUg0kbtWkOx2j3XzNr_3kTfgoM-3UdiWHFA_ag,56
|
|
10
|
-
bbot/core/event/base.py,sha256=
|
|
10
|
+
bbot/core/event/base.py,sha256=_WKPUeCFc6hC7G2DQaLOlHqdre-TBWWlUEvfJF3g2zU,61462
|
|
11
11
|
bbot/core/event/helpers.py,sha256=PUN4Trq5_wpKVuhmwUQWAr40apgMXhJ9Gz-VfZ0j3lA,1554
|
|
12
12
|
bbot/core/flags.py,sha256=Ltvm8Bc4D65I55HuU5bzyjO1R3yMDNpVmreGU83ZBXE,1266
|
|
13
13
|
bbot/core/helpers/__init__.py,sha256=0UNwcZjNsX41hbHdo3yZPuARkYWch-okI68DScexve4,86
|
|
@@ -21,33 +21,33 @@ bbot/core/helpers/depsinstaller/sudo_askpass.py,sha256=yGa2OQv30RO75QkMuG1iruKqb
|
|
|
21
21
|
bbot/core/helpers/diff.py,sha256=7waBeHFGnAKn-R-sBd-wc3yjwxT_umwy4YxfE7JFd6w,10599
|
|
22
22
|
bbot/core/helpers/dns/__init__.py,sha256=2JK8P0BUfPlh4CTuuOWQCOacwL7NEtGFYPJsxbA0Zwo,27
|
|
23
23
|
bbot/core/helpers/dns/brute.py,sha256=sTlgFabHVL5rNaD8Pef0kXap1gM4LFpc71kdR9j7pdE,6990
|
|
24
|
-
bbot/core/helpers/dns/dns.py,sha256=
|
|
25
|
-
bbot/core/helpers/dns/engine.py,sha256=
|
|
24
|
+
bbot/core/helpers/dns/dns.py,sha256=xlmHIdH4I4cn0dHeyYHipPiqeagibBW-BCHMbIlxtsw,8436
|
|
25
|
+
bbot/core/helpers/dns/engine.py,sha256=senRWnKADkH3z8lcPPMGCPVfKHnXHk2HejqAV9iGa4E,28747
|
|
26
26
|
bbot/core/helpers/dns/helpers.py,sha256=aQroIuz5TxrCZ4zoplOaqLj3ZNgOgDRKn0xM8GKz2dA,8505
|
|
27
|
-
bbot/core/helpers/dns/mock.py,sha256=
|
|
27
|
+
bbot/core/helpers/dns/mock.py,sha256=FCPrihu6O4kun38IH70RfktsXIKKfe0Qx5PMzZVUdsY,2588
|
|
28
28
|
bbot/core/helpers/files.py,sha256=GqrwNGJljUvGSzaOW5-Y357hkt7j88dOYbzQxJGsdTc,5787
|
|
29
29
|
bbot/core/helpers/helper.py,sha256=t6bv_wwI_MYlVpBAh9_c318rRSKGmoejx6qO9JOldbI,8423
|
|
30
30
|
bbot/core/helpers/interactsh.py,sha256=Q9IHUzH-T7e1s4YTHevHe-VJj1Mokv0EHY16UZJdl8M,12627
|
|
31
|
-
bbot/core/helpers/libmagic.py,sha256=
|
|
31
|
+
bbot/core/helpers/libmagic.py,sha256=QMHyxjgDLb2jyjBvK1MQ-xt6WkGXhKcHu9ZP1li-sik,3460
|
|
32
32
|
bbot/core/helpers/misc.py,sha256=fphXVSGtW70m2xdUCPDdISLtLwIG1v_cL6RxgNGmJNk,87757
|
|
33
33
|
bbot/core/helpers/names_generator.py,sha256=Sj_Q-7KQyElEpalzlUadSwaniESqrIVVEle9ycPIiho,10322
|
|
34
34
|
bbot/core/helpers/ntlm.py,sha256=P2Xj4-GPos2iAzw4dfk0FJp6oGyycGhu2x6sLDVjYjs,2573
|
|
35
|
-
bbot/core/helpers/process.py,sha256=
|
|
35
|
+
bbot/core/helpers/process.py,sha256=00uRpLMFi3Pt3uT8qXwAIhsXdoa7h-ifoXh0sGYgwqs,1702
|
|
36
36
|
bbot/core/helpers/ratelimiter.py,sha256=K8qFIyJPJtfdb9kSW6_lL6ahWqxR2uWyCBkDlg6uJgo,1990
|
|
37
37
|
bbot/core/helpers/regex.py,sha256=XURaY6ijpOYYU9lzWMAKg12G1VFtGJjlJl07_eN1xxk,4170
|
|
38
38
|
bbot/core/helpers/regexes.py,sha256=-IHbsvS9XJXHkfbthaB1CbRaikDt1pmiiUsbOJW7wpc,5946
|
|
39
39
|
bbot/core/helpers/url.py,sha256=1NDrvirODzzD6Mcssu-4WDNerMeMdekHCFzhRCS0m3g,5947
|
|
40
|
-
bbot/core/helpers/validators.py,sha256=
|
|
40
|
+
bbot/core/helpers/validators.py,sha256=TIjgtHS6fMObjTszDJ_nng3YMJpuV6BzKdmkQ2LY3Qk,9695
|
|
41
41
|
bbot/core/helpers/web/__init__.py,sha256=pIEkL3DhjaGTSmZ7D3yKKYwWpntoLRILekV2wWsbsws,27
|
|
42
42
|
bbot/core/helpers/web/client.py,sha256=vDRhUQ6onkNzeJCqWd8oCQb08rLrWB2Sg7sDH7ZssK0,3562
|
|
43
|
-
bbot/core/helpers/web/engine.py,sha256=
|
|
43
|
+
bbot/core/helpers/web/engine.py,sha256=hwFSWrW8fDzinmKS27u1RHl3rP-QM05FOZp8zXWD5AY,8869
|
|
44
44
|
bbot/core/helpers/web/ssl_context.py,sha256=aWVgl-d0HoE8B4EBKNxaa5UAzQmx79DjDByfBw9tezo,356
|
|
45
|
-
bbot/core/helpers/web/web.py,sha256=
|
|
45
|
+
bbot/core/helpers/web/web.py,sha256=sdsffF3F_gj76DwfFcgW9D70Vj8HJszSNxw21QJdUKk,22657
|
|
46
46
|
bbot/core/helpers/wordcloud.py,sha256=WdQwboCNcCxcUdLuB6MMMDQBL4ZshFM_f6GW7nUZEBQ,19819
|
|
47
|
-
bbot/core/modules.py,sha256=
|
|
47
|
+
bbot/core/modules.py,sha256=k4a-4cxdpQGA-17vELWOZ8eqsMSrd4nk5g3eOJVhx9g,31431
|
|
48
48
|
bbot/core/multiprocess.py,sha256=ocQHanskJ09gHwe7RZmwNdZyCOQyeyUoIHCtLbtvXUk,1771
|
|
49
49
|
bbot/core/shared_deps.py,sha256=A3vrI62uPTTayNIHhWAj6xz43cj--oXWC4prmDlgJnw,6958
|
|
50
|
-
bbot/db/sql/models.py,sha256=
|
|
50
|
+
bbot/db/sql/models.py,sha256=SrUdDOBCICzXJBY29p0VvILhMQ1JCuh725bqvIYogX0,4884
|
|
51
51
|
bbot/defaults.yml,sha256=d1uVZOWzaJ7IM5YF-Zpambb8Gdbas-aCInqoWElxsEw,6221
|
|
52
52
|
bbot/errors.py,sha256=xwQcD26nU9oc7-o0kv5jmEDTInmi8_W8eKAgQZZxdVM,953
|
|
53
53
|
bbot/logger.py,sha256=rLcLzNDvfR8rFj7_tZ-f5QB3Z8T0RVroact3W0ogjpA,1408
|
|
@@ -57,8 +57,8 @@ bbot/modules/anubisdb.py,sha256=JCy2YCfa0e_VawpzNmcPXAosKUthmYGutireJ0gMDws,1916
|
|
|
57
57
|
bbot/modules/apkpure.py,sha256=V-bGIFV7b91kXo24OitACip8Rx5qaoI1p6iHwbICxwk,2434
|
|
58
58
|
bbot/modules/azure_realm.py,sha256=pP2PUlLy0K9KKaE8aNcznWjDW3PKHvnMejdOSc-o4ms,1612
|
|
59
59
|
bbot/modules/azure_tenant.py,sha256=cKS53GjvrplaFFYvacUmJKCdLB6h7Yp_AzHNFuKtFrU,5374
|
|
60
|
-
bbot/modules/baddns.py,sha256=
|
|
61
|
-
bbot/modules/baddns_direct.py,sha256=
|
|
60
|
+
bbot/modules/baddns.py,sha256=SP-o0M2dq5QIkaQZUKl9YZiOXdZasty-fHPxTJJAeR0,6378
|
|
61
|
+
bbot/modules/baddns_direct.py,sha256=pe_seO74XI4b6w4Q_IBDNvtBjmD-7it5ts0Z-FB0L6k,3818
|
|
62
62
|
bbot/modules/baddns_zone.py,sha256=IcewDBtA_-64NCNFojEFd9jt2YBek6ltB2mmqdDH6LE,1034
|
|
63
63
|
bbot/modules/badsecrets.py,sha256=JSukBYdD3yuvVy84DkyX48428R_LgQ7P39tjTRAD_Mo,5107
|
|
64
64
|
bbot/modules/base.py,sha256=-nPgoPjMwcveZ81fzb4TwhbtBFqNYorj-zD3TG91ZPg,71115
|
|
@@ -96,7 +96,7 @@ bbot/modules/dnsdumpster.py,sha256=n-UP428_9kAmh_1gf55jeh-3uWyr1EZN0AYSnT3uOnU,3
|
|
|
96
96
|
bbot/modules/dnstlsrpt.py,sha256=LW-8NTfUlYAlSlDrDBcELTe4LTrAI412J03xQfAL93Y,6427
|
|
97
97
|
bbot/modules/docker_pull.py,sha256=Dp8de9UCCELcozwmZphA3lMh8qZaXyDo2kfwG45Wm3w,9069
|
|
98
98
|
bbot/modules/dockerhub.py,sha256=ruvTP8Uz5LEuX-_SrKDzByvSNtd1ofZbX-lRTeKUB24,3491
|
|
99
|
-
bbot/modules/dotnetnuke.py,sha256=
|
|
99
|
+
bbot/modules/dotnetnuke.py,sha256=qS1lzAmvWlDYrm1ODufIBvIS20oTr7m7m3xU-a5PGUA,10537
|
|
100
100
|
bbot/modules/emailformat.py,sha256=RLPJW-xitYB-VT4Lp08qVzFkXx_kMyV_035JT_Yf4fM,1082
|
|
101
101
|
bbot/modules/extractous.py,sha256=22pc62jOs_4E3uZtBjUbUksLTadNr9sp_4r0-eU1un8,4551
|
|
102
102
|
bbot/modules/ffuf_shortnames.py,sha256=9Kh0kJsw7XXpXmCkiB5eAhG4h9rSo8Y-mB3p0EDa_l0,12624
|
|
@@ -123,7 +123,7 @@ bbot/modules/internal/aggregate.py,sha256=csWYIt2fUp9K_CRxP3bndUMIjpNIh8rmBubp5F
|
|
|
123
123
|
bbot/modules/internal/base.py,sha256=BXO4Hc7XKaAOaLzolF3krJX1KibPxtek2GTQUgnCHk0,387
|
|
124
124
|
bbot/modules/internal/cloudcheck.py,sha256=86wYVzoY8OeorpqQFger9UrdNdu2vTkd8XmC9xtplUc,4727
|
|
125
125
|
bbot/modules/internal/dnsresolve.py,sha256=UW88BlpJ7gOjPARrjVgtwpDIDPNQZRpuIRpL2yVP6T4,15251
|
|
126
|
-
bbot/modules/internal/excavate.py,sha256=
|
|
126
|
+
bbot/modules/internal/excavate.py,sha256=3kQqtA0yAfPXtwyhiDiywDVBXIsq5H9qAVBW6SB2wuY,51536
|
|
127
127
|
bbot/modules/internal/speculate.py,sha256=hOJPrmJP8-APqSEbmYsbKrvovLIGIz4dJUoZyusq0w0,9270
|
|
128
128
|
bbot/modules/internetdb.py,sha256=Edg0Z84dH8dPTZMd7RlzvYBYNq8JHs_ns_ldnFxwRKo,5415
|
|
129
129
|
bbot/modules/ip2location.py,sha256=yGivX9fzvwvLpnqmYCP2a8SPjTarzrZxfRluog-nkME,2628
|
|
@@ -159,7 +159,7 @@ bbot/modules/output/web_report.py,sha256=lZ0FqRZ7Jz1lljI9JMhH9gjtWLaTCSpSnAKQGAc
|
|
|
159
159
|
bbot/modules/output/websocket.py,sha256=sDTtHU-Ey_tvS0gMi6PVPV9L4qAmGyWeccxAKfEWCac,2278
|
|
160
160
|
bbot/modules/paramminer_cookies.py,sha256=q1PzftHQpCHLz81_VgLZsO6moia7ZtnU32igfcySi2w,1816
|
|
161
161
|
bbot/modules/paramminer_getparams.py,sha256=_j6rgaqV5wGJoa8p5-KKbe2YsVGUtmWIanCVtFiF97Y,1893
|
|
162
|
-
bbot/modules/paramminer_headers.py,sha256=
|
|
162
|
+
bbot/modules/paramminer_headers.py,sha256=fljlCoRuH6ML4Hz2ZCGH7Yr3aeOgRM896KfS8TVBKrs,10300
|
|
163
163
|
bbot/modules/passivetotal.py,sha256=uGT6c_CUxBNInmClsTg8afIYA2ZykKYYCgjkyzujfHg,1653
|
|
164
164
|
bbot/modules/pgp.py,sha256=Xu2M9WEIlwTm5-Lv29g7BblI05tD9Dl0XsYSeY6UURs,2065
|
|
165
165
|
bbot/modules/portscan.py,sha256=2VSoxoh0AypE8DoGKHqE-a57G4Z91XEo3kquQ5OpM3Y,14656
|
|
@@ -190,7 +190,7 @@ bbot/modules/templates/sql.py,sha256=o-CdyyoJvHJdJBKkj3CIGXYxUta4w2AB_2Vr-k7cDDU
|
|
|
190
190
|
bbot/modules/templates/subdomain_enum.py,sha256=54prHdg_wgTBHIJLPLbDWBqq2x978NDfDOGG7R5A6fQ,8403
|
|
191
191
|
bbot/modules/templates/webhook.py,sha256=MYhKWrNYrsfM0a4PR6yVotudLyyCwgmy2eI-l9LvpBs,3706
|
|
192
192
|
bbot/modules/trickest.py,sha256=MRgLW0YiDWzlWdAjyqfPPLFb-a51r-Ffn_dphiJI_gA,1550
|
|
193
|
-
bbot/modules/trufflehog.py,sha256=
|
|
193
|
+
bbot/modules/trufflehog.py,sha256=NCggggfFFdHn-tpws0mvD2OYLQcKkYDLb1P6CRySPWM,8554
|
|
194
194
|
bbot/modules/url_manipulation.py,sha256=BI-OhlzNzP5xvwzHphL4qdehc4NiEYnL2BNK-JoEm90,4322
|
|
195
195
|
bbot/modules/urlscan.py,sha256=ajhiX2sj-zZDlKU1q5rE8JTzxioj1mDLqZ9PRSQCpAw,3741
|
|
196
196
|
bbot/modules/viewdns.py,sha256=f0vwoLpua2Ovw1gcrjoafUdaAP9fi4bHgTUiDOe8iWg,2596
|
|
@@ -220,9 +220,9 @@ bbot/scanner/__init__.py,sha256=gCyAAbkNm8_KozNpDENCKqO3E3ZCgseplnz40AtiJ1U,56
|
|
|
220
220
|
bbot/scanner/dispatcher.py,sha256=_hsIegfUDrt8CUdXqgRvp1J0UwwzqVSDxjQmiviO41c,793
|
|
221
221
|
bbot/scanner/manager.py,sha256=_5FBfxOmSMUeGp_-ryyGGl0pxb_eu-NSWft-lH1Pyog,10466
|
|
222
222
|
bbot/scanner/preset/__init__.py,sha256=Jf2hWsHlTFtWNXL6gXD8_ZbKPFUM564ppdSxHFYnIJU,27
|
|
223
|
-
bbot/scanner/preset/args.py,sha256=
|
|
223
|
+
bbot/scanner/preset/args.py,sha256=wuG-eVCsl-4EpmJoNeuuFB4sFNulOgCYFc_8P7ztKLE,16023
|
|
224
224
|
bbot/scanner/preset/conditions.py,sha256=hFL9cSIWGEsv2TfM5UGurf0c91cyaM8egb5IngBmIjA,1569
|
|
225
|
-
bbot/scanner/preset/environ.py,sha256
|
|
225
|
+
bbot/scanner/preset/environ.py,sha256=9KbEOLWkUdoAf5Ez_2A1NNm6QduQElbnNnrPi6VDhZs,4731
|
|
226
226
|
bbot/scanner/preset/path.py,sha256=Q29MO8cOEn690yW6bB08P72kbZ3C-H_TOEoXuwWnFM8,2274
|
|
227
227
|
bbot/scanner/preset/preset.py,sha256=QHUKc2raBArcdzn3op7BhLJHJpb5yjDsQumOvvOw85E,40058
|
|
228
228
|
bbot/scanner/scanner.py,sha256=YPvu4KMKLAM_P-kzww5JdvX6JMVHC0gq6P0kUOt1_X8,53884
|
|
@@ -271,7 +271,7 @@ bbot/test/test_step_2/module_tests/test_module_ajaxpro.py,sha256=0sPzcm0O3mmeqcO
|
|
|
271
271
|
bbot/test/test_step_2/module_tests/test_module_anubisdb.py,sha256=aQHUUswX2VJYoUWFm3cInXnUK4lkU-ah3b2BnxWgWcQ,546
|
|
272
272
|
bbot/test/test_step_2/module_tests/test_module_apkpure.py,sha256=8KM-JCir0doUupwN3JwV5OPaPE_Jq_hz2-96-ZKGpRI,2823
|
|
273
273
|
bbot/test/test_step_2/module_tests/test_module_asn.py,sha256=qIbitSAEAmYyxhpxvdFDsQrHaaxfgKsFox9Q3jTmvgI,10616
|
|
274
|
-
bbot/test/test_step_2/module_tests/test_module_asset_inventory.py,sha256=
|
|
274
|
+
bbot/test/test_step_2/module_tests/test_module_asset_inventory.py,sha256=NEMSPBlczpA5NbQpIcRBpRXpVnfS9lmSS1U7eJmIXAU,3878
|
|
275
275
|
bbot/test/test_step_2/module_tests/test_module_azure_realm.py,sha256=uCNeyKmlC26tcyQGyasnTqzzVWo_oKy_EHKEVVh8W9o,1287
|
|
276
276
|
bbot/test/test_step_2/module_tests/test_module_azure_tenant.py,sha256=Aaid6Ftb_qBOmjcUDauXeI6WZcBz49Wli5Yk8FWrZVc,4805
|
|
277
277
|
bbot/test/test_step_2/module_tests/test_module_baddns.py,sha256=vJYZZeYPYO2BbR4fdpB8KjGei3APB9gxOlrnU3lamXU,2822
|
|
@@ -304,19 +304,19 @@ bbot/test/test_step_2/module_tests/test_module_dehashed.py,sha256=YVsTEFEPchahDT
|
|
|
304
304
|
bbot/test/test_step_2/module_tests/test_module_digitorus.py,sha256=81mNwDb4WLUibstUSD8TowSJB3B5DBneS2LWimie9y4,1613
|
|
305
305
|
bbot/test/test_step_2/module_tests/test_module_discord.py,sha256=Z66fGb-kkdZTQfUh6WZiM35Ad-gDyvwxlA7mUUB2vnQ,1838
|
|
306
306
|
bbot/test/test_step_2/module_tests/test_module_dnsbimi.py,sha256=Ag24Bcm4MFxgUwvXXubPGE6mLMBsJGwfhCQ6paK-rRU,4391
|
|
307
|
-
bbot/test/test_step_2/module_tests/test_module_dnsbrute.py,sha256=
|
|
308
|
-
bbot/test/test_step_2/module_tests/test_module_dnsbrute_mutations.py,sha256=
|
|
307
|
+
bbot/test/test_step_2/module_tests/test_module_dnsbrute.py,sha256=x6p3rhLPbEvtOjV1u9C25He15xrVJq6diKEx-05sdtk,5152
|
|
308
|
+
bbot/test/test_step_2/module_tests/test_module_dnsbrute_mutations.py,sha256=AkL1cOCwHF1unabsbMZz_HXs45K6myxmPndNbcigbjo,3901
|
|
309
309
|
bbot/test/test_step_2/module_tests/test_module_dnscaa.py,sha256=5JaAYt-oFGON8Gc4xJNyc2UtjCp97OEiaJrvD04VHQM,2751
|
|
310
|
-
bbot/test/test_step_2/module_tests/test_module_dnscommonsrv.py,sha256=
|
|
310
|
+
bbot/test/test_step_2/module_tests/test_module_dnscommonsrv.py,sha256=T9RwPZCAnSVgnjLH7bBpH516owws_B2yxhiDRPBAp40,8259
|
|
311
311
|
bbot/test/test_step_2/module_tests/test_module_dnsdumpster.py,sha256=pgwOrfq_qNxbDBCAffspz6qlbd9MU5yZxguJizqHpFU,59749
|
|
312
312
|
bbot/test/test_step_2/module_tests/test_module_dnsresolve.py,sha256=15LEcggP_eVYFQdMO1zHTvoGc6n8IaUjsQDmX0sZS4o,2077
|
|
313
313
|
bbot/test/test_step_2/module_tests/test_module_dnstlsrpt.py,sha256=tAXUcu66BrNOo4AWvJfHft8IWKJtL0pLhfWstpl5zUc,2640
|
|
314
314
|
bbot/test/test_step_2/module_tests/test_module_docker_pull.py,sha256=-JSAo51dS3Ie9RaLBcWK0kfbg8bCPr7mohpFGAwOKPQ,27988
|
|
315
315
|
bbot/test/test_step_2/module_tests/test_module_dockerhub.py,sha256=9T8CFcFP32MOppUmSVNBUSifnk2kMONqzW_7vvvKdpk,3907
|
|
316
|
-
bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=
|
|
316
|
+
bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=voi1C_v7VeaRe_-yzCybO9FUxnFf9qzWkoUY66KYiGI,8114
|
|
317
317
|
bbot/test/test_step_2/module_tests/test_module_emailformat.py,sha256=cKxBPnEQ4AiRKV_-hSYEE6756ypst3hi6MN0L5RTukY,461
|
|
318
318
|
bbot/test/test_step_2/module_tests/test_module_emails.py,sha256=bZjtO8N3GG2_g6SUEYprAFLcsi7SlwNPJJ0nODfrWYU,944
|
|
319
|
-
bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=
|
|
319
|
+
bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=jK0MQsaIVkg-QOKrvJde4zw_L6moHqy7soyLBO3TFUY,42159
|
|
320
320
|
bbot/test/test_step_2/module_tests/test_module_extractous.py,sha256=FiMSgddx2qnxGIDImvofrd5hPRQIIul6Y67wwNsgEqE,17973
|
|
321
321
|
bbot/test/test_step_2/module_tests/test_module_ffuf.py,sha256=aSB49aN77sw-2LNTDHckiEEaHAn_85xCJno1shdOwus,2964
|
|
322
322
|
bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py,sha256=s8E7M9d1fhm__krM4lmteyTtSsYpVL4hn1z8ub7RVss,7608
|
|
@@ -354,12 +354,12 @@ bbot/test/test_step_2/module_tests/test_module_ntlm.py,sha256=N8SrrA-q8CMtL2Mcdz
|
|
|
354
354
|
bbot/test/test_step_2/module_tests/test_module_nuclei.py,sha256=rLCTuKWnGWiGDcVnMjk4D7x6RGftEj3D4Woqpam-cgQ,7050
|
|
355
355
|
bbot/test/test_step_2/module_tests/test_module_oauth.py,sha256=i6kSBK-aa7QREGaGAi6WeDaD3susclAqImUxW2i2tyc,9482
|
|
356
356
|
bbot/test/test_step_2/module_tests/test_module_otx.py,sha256=tWkJlrdSCP2IUPGkB2RoS_xUN1xndMwyRDNyDfj5l3s,1160
|
|
357
|
-
bbot/test/test_step_2/module_tests/test_module_paramminer_cookies.py,sha256=
|
|
358
|
-
bbot/test/test_step_2/module_tests/test_module_paramminer_getparams.py,sha256
|
|
359
|
-
bbot/test/test_step_2/module_tests/test_module_paramminer_headers.py,sha256=
|
|
357
|
+
bbot/test/test_step_2/module_tests/test_module_paramminer_cookies.py,sha256=lQZkbaCFh5znw-wDBB2Jz4lCYm0g_AOSPZM_bAhNqbE,2376
|
|
358
|
+
bbot/test/test_step_2/module_tests/test_module_paramminer_getparams.py,sha256=-nQjicpNlwsXWi-SSz8IRUMKnjHpjXtSv3aSwTWbCvM,10077
|
|
359
|
+
bbot/test/test_step_2/module_tests/test_module_paramminer_headers.py,sha256=wutLsVnsL3tk7nIwKb-0xbjvyFlim9rXyCfylt2l-W0,5538
|
|
360
360
|
bbot/test/test_step_2/module_tests/test_module_passivetotal.py,sha256=fTGQECQ0OzcwiH64-0igFRKO-rs3kXScivZord_oWWU,1120
|
|
361
361
|
bbot/test/test_step_2/module_tests/test_module_pgp.py,sha256=-m-nPq6WR5UzPDuxeZbuzBQfFi1QfrZQ8RZH4g11ocE,1609
|
|
362
|
-
bbot/test/test_step_2/module_tests/test_module_portscan.py,sha256=
|
|
362
|
+
bbot/test/test_step_2/module_tests/test_module_portscan.py,sha256=8TZyzlWQcBDFEiArs-wpbsRlVXzwqlE6LjrPx6vctQk,7551
|
|
363
363
|
bbot/test/test_step_2/module_tests/test_module_postgres.py,sha256=6Seqq1Bq2FEXbJnTi_BYv8ZZPWdy-SfnY8UJN24Op0Q,2689
|
|
364
364
|
bbot/test/test_step_2/module_tests/test_module_postman.py,sha256=XvgfMgUhJuVgGkgT-JzxJyevNSVv7YvX1yLKJHmD3dw,5026
|
|
365
365
|
bbot/test/test_step_2/module_tests/test_module_postman_download.py,sha256=B_NajQaGQjwMSmcBCr37_7cvcnw4Zmh8k_hVoWL7bVI,21623
|
|
@@ -414,8 +414,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ruUQwVfia1_m2u
|
|
|
414
414
|
bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
|
|
415
415
|
bbot/wordlists/valid_url_schemes.txt,sha256=VciB-ww0y-O8Ii1wpTR6rJzGDiC2r-dhVsIJApS1ZYU,3309
|
|
416
416
|
bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
|
|
417
|
-
bbot-2.3.0.
|
|
418
|
-
bbot-2.3.0.
|
|
419
|
-
bbot-2.3.0.
|
|
420
|
-
bbot-2.3.0.
|
|
421
|
-
bbot-2.3.0.
|
|
417
|
+
bbot-2.3.0.5376rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
|
|
418
|
+
bbot-2.3.0.5376rc0.dist-info/METADATA,sha256=9IQwlCJ32F6Qp4wPblchHo4XaX41A8BjZOz_3skrnaI,17893
|
|
419
|
+
bbot-2.3.0.5376rc0.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
|
|
420
|
+
bbot-2.3.0.5376rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
|
|
421
|
+
bbot-2.3.0.5376rc0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|