bbot 2.3.0.5370rc0__py3-none-any.whl → 2.3.0.5382rc0__py3-none-any.whl

bbot/modules/gowitness.py

@@ -88,7 +88,7 @@ class gowitness(BaseModule):
         self.screenshot_path = self.base_path / "screenshots"
         self.command = self.construct_command()
         self.prepped = False
-        self.screenshots_taken = dict()
+        self.screenshots_taken = {}
         self.connections_logged = set()
         self.technologies_found = set()
         return True
@@ -172,7 +172,7 @@ class gowitness(BaseModule):
 
         # emit technologies
         new_technologies = await self.get_new_technologies()
-        for _, row in new_technologies.items():
+        for row in new_technologies.values():
             parent_id = row["url_id"]
             parent_url = self.screenshots_taken[parent_id]
             parent_event = event_dict[parent_url]
@@ -227,7 +227,7 @@ class gowitness(BaseModule):
         return screenshots
 
     async def get_new_network_logs(self):
-        network_logs = dict()
+        network_logs = {}
         if self.db_path.is_file():
             async with aiosqlite.connect(str(self.db_path)) as con:
                 con.row_factory = aiosqlite.Row
@@ -241,7 +241,7 @@ class gowitness(BaseModule):
         return network_logs
 
     async def get_new_technologies(self):
-        technologies = dict()
+        technologies = {}
         if self.db_path.is_file():
             async with aiosqlite.connect(str(self.db_path)) as con:
                 con.row_factory = aiosqlite.Row
@@ -264,8 +264,8 @@ class gowitness(BaseModule):
     async def report(self):
         if self.screenshots_taken:
             self.success(f"{len(self.screenshots_taken):,} web screenshots captured. To view:")
-            self.success(f"    - Start gowitness")
+            self.success("    - Start gowitness")
             self.success(f"        - cd {self.base_path} && ./gowitness server")
-            self.success(f"    - Browse to http://localhost:7171")
+            self.success("    - Browse to http://localhost:7171")
         else:
-            self.info(f"No web screenshots captured")
+            self.info("No web screenshots captured")

bbot/modules/host_header.py

@@ -19,7 +19,7 @@ class host_header(BaseModule):
 
     async def setup(self):
         self.subdomain_tags = {}
-        if self.scan.config.get("interactsh_disable", False) == False:
+        if self.scan.config.get("interactsh_disable", False) is False:
             try:
                 self.interactsh_instance = self.helpers.interactsh()
                 self.domain = await self.interactsh_instance.register(callback=self.interactsh_callback)
@@ -60,7 +60,7 @@ class host_header(BaseModule):
                 self.debug("skipping results because subdomain tag was missing")
 
     async def finish(self):
-        if self.scan.config.get("interactsh_disable", False) == False:
+        if self.scan.config.get("interactsh_disable", False) is False:
             await self.helpers.sleep(5)
             try:
                 for r in await self.interactsh_instance.poll():
@@ -69,7 +69,7 @@ class host_header(BaseModule):
                 self.debug(f"Error in interact.sh: {e}")
 
     async def cleanup(self):
-        if self.scan.config.get("interactsh_disable", False) == False:
+        if self.scan.config.get("interactsh_disable", False) is False:
             try:
                 await self.interactsh_instance.deregister()
                 self.debug(
@@ -84,7 +84,7 @@ class host_header(BaseModule):
 
         added_cookies = {}
 
-        for header, header_values in event.data["header-dict"].items():
+        for header_values in event.data["header-dict"].values():
             for header_value in header_values:
                 if header_value.lower() == "set-cookie":
                     header_split = header_value.split("=")
@@ -136,7 +136,7 @@ class host_header(BaseModule):
 
         split_output = output.split("\n")
         if " 4" in split_output:
-            description = f"Duplicate Host Header Tolerated"
+            description = "Duplicate Host Header Tolerated"
             await self.emit_event(
                 {
                     "host": str(event.host),

bbot/modules/httpx.py

@@ -90,7 +90,7 @@ class httpx(BaseModule):
         else:
             url = str(event.data)
             url_hash = hash((event.host, event.port, has_spider_max))
-        if url_hash == None:
+        if url_hash is None:
             url_hash = hash((url, has_spider_max))
         return url, url_hash
 

bbot/modules/iis_shortnames.py

@@ -39,7 +39,7 @@ class iis_shortnames(BaseModule):
         test_url = f"{target}*~1*/a.aspx"
 
         for method in ["GET", "POST", "OPTIONS", "DEBUG", "HEAD", "TRACE"]:
-            kwargs = dict(method=method, allow_redirects=False, timeout=10)
+            kwargs = {"method": method, "allow_redirects": False, "timeout": 10}
             confirmations = 0
             iterations = 5  # one failed detection is tolerated, as long as its not the first run
             while iterations > 0:
@@ -128,7 +128,7 @@ class iis_shortnames(BaseModule):
         suffix = "/a.aspx"
 
         urls_and_kwargs = []
-        kwargs = dict(method=method, allow_redirects=False, retries=2, timeout=10)
+        kwargs = {"method": method, "allow_redirects": False, "retries": 2, "timeout": 10}
         for c in valid_chars:
             for file_part in ("stem", "ext"):
                 payload = encode_all(f"*{c}*~1*")
@@ -160,7 +160,7 @@ class iis_shortnames(BaseModule):
         url_hint_list = []
         found_results = False
 
-        cl = ext_char_list if extension_mode == True else char_list
+        cl = ext_char_list if extension_mode is True else char_list
 
         urls_and_kwargs = []
 
@@ -169,7 +169,7 @@ class iis_shortnames(BaseModule):
             wildcard = "*" if extension_mode else "*~1*"
             payload = encode_all(f"{prefix}{c}{wildcard}")
             url = f"{target}{payload}{suffix}"
-            kwargs = dict(method=method)
+            kwargs = {"method": method}
             urls_and_kwargs.append((url, kwargs, c))
 
         async for url, kwargs, c, response in self.helpers.request_custom_batch(urls_and_kwargs):
@@ -209,7 +209,7 @@ class iis_shortnames(BaseModule):
                         extension_mode,
                         node_count=node_count,
                     )
-        if len(prefix) > 0 and found_results == False:
+        if len(prefix) > 0 and found_results is False:
             url_hint_list.append(f"{prefix}")
             self.verbose(f"Found new (possibly partial) URL_HINT: {prefix} from node {target}")
         return url_hint_list
@@ -234,7 +234,7 @@ class iis_shortnames(BaseModule):
                 {"severity": "LOW", "host": str(event.host), "url": normalized_url, "description": description},
                 "VULNERABILITY",
                 event,
-                context=f"{{module}} detected low {{event.type}}: IIS shortname enumeration",
+                context="{module} detected low {event.type}: IIS shortname enumeration",
             )
             if not self.config.get("detect_only"):
                 for detection in detections:

bbot/modules/internal/cloudcheck.py

@@ -15,7 +15,7 @@ class CloudCheck(BaseInterceptModule):
 
     def make_dummy_modules(self):
         self.dummy_modules = {}
-        for provider_name, provider in self.helpers.cloud.providers.items():
+        for provider_name in self.helpers.cloud.providers.keys():
             module = self.scan._make_dummy_module(f"cloud_{provider_name}", _type="scan")
             module.default_discovery_context = "{module} derived {event.type}: {event.host}"
             self.dummy_modules[provider_name] = module
@@ -56,9 +56,9 @@ class CloudCheck(BaseInterceptModule):
         # loop through each provider
         for provider in self.helpers.cloud.providers.values():
             provider_name = provider.name.lower()
-            base_kwargs = dict(
-                parent=event, tags=[f"{provider.provider_type}-{provider_name}"], _provider=provider_name
-            )
+            base_kwargs = {
+                "parent": event, "tags": [f"{provider.provider_type}-{provider_name}"], "_provider": provider_name
+            }
             # loop through the provider's regex signatures, if any
             for event_type, sigs in provider.signatures.items():
                 if event_type != "STORAGE_BUCKET":
@@ -74,7 +74,7 @@ class CloudCheck(BaseInterceptModule):
                             if match:
                                 matches.append(match.groups())
                     for match in matches:
-                        if not match in found:
+                        if match not in found:
                             found.add(match)
 
                             _kwargs = dict(base_kwargs)

bbot/modules/internal/dnsresolve.py

@@ -131,9 +131,9 @@ class DNSResolve(BaseInterceptModule):
             event.host, rdtypes=rdtypes, raw_dns_records=event.raw_dns_records
         )
         for rdtype, (is_wildcard, wildcard_host) in wildcard_rdtypes.items():
-            if is_wildcard == False:
+            if is_wildcard is False:
                 continue
-            elif is_wildcard == True:
+            elif is_wildcard is True:
                 event.add_tag("wildcard")
                 wildcard_tag = "wildcard"
             else:
@@ -142,16 +142,16 @@ class DNSResolve(BaseInterceptModule):
             event.add_tag(f"{rdtype}-{wildcard_tag}")
 
         # wildcard event modification (www.evilcorp.com --> _wildcard.evilcorp.com)
-        if wildcard_rdtypes and not "target" in event.tags:
+        if wildcard_rdtypes and "target" not in event.tags:
             # these are the rdtypes that have wildcards
             wildcard_rdtypes_set = set(wildcard_rdtypes)
             # consider the event a full wildcard if all its records are wildcards
             event_is_wildcard = False
             if wildcard_rdtypes_set:
-                event_is_wildcard = all(r[0] == True for r in wildcard_rdtypes.values())
+                event_is_wildcard = all(r[0] is True for r in wildcard_rdtypes.values())
 
             if event_is_wildcard:
-                if event.type in ("DNS_NAME",) and not "_wildcard" in event.data.split("."):
+                if event.type in ("DNS_NAME",) and "_wildcard" not in event.data.split("."):
                     wildcard_parent = self.helpers.parent_domain(event.host)
                     for rdtype, (_is_wildcard, _parent_domain) in wildcard_rdtypes.items():
                         if _is_wildcard:
@@ -273,7 +273,7 @@ class DNSResolve(BaseInterceptModule):
         # tag event with errors
         for rdtype, errors in dns_errors.items():
             # only consider it an error if there weren't any results for that rdtype
-            if errors and not rdtype in event.dns_children:
+            if errors and rdtype not in event.dns_children:
                 event.add_tag(f"{rdtype}-error")
 
     def get_dns_parent(self, event):
@@ -307,7 +307,7 @@ class DNSResolve(BaseInterceptModule):
     def emit_raw_records(self):
         if self._emit_raw_records is None:
             watching_raw_records = any(
-                ["RAW_DNS_RECORD" in m.get_watched_events() for m in self.scan.modules.values()]
+                "RAW_DNS_RECORD" in m.get_watched_events() for m in self.scan.modules.values()
             )
             omitted_event_types = self.scan.config.get("omit_event_types", [])
             omit_raw_records = "RAW_DNS_RECORD" in omitted_event_types

bbot/modules/internal/excavate.py

@@ -62,7 +62,6 @@ def _exclude_key(original_dict, key_to_exclude):
 
 
 def extract_params_url(parsed_url):
-
     params = parse_qs(parsed_url.query)
     flat_params = {k: v[0] for k, v in params.items()}
 
@@ -94,7 +93,6 @@ def extract_params_location(location_header_value, original_parsed_url):
 
 
 class YaraRuleSettings:
-
     def __init__(self, description, tags, emit_match):
         self.description = description
         self.tags = tags
@@ -155,7 +153,7 @@ class ExcavateRule:
         yara_results = {}
         for h in r.strings:
             yara_results[h.identifier.lstrip("$")] = sorted(
-                set([i.matched_data.decode("utf-8", errors="ignore") for i in h.instances])
+                {i.matched_data.decode("utf-8", errors="ignore") for i in h.instances}
             )
         await self.process(yara_results, event, yara_rule_settings, discovery_context)
 
@@ -182,7 +180,7 @@ class ExcavateRule:
         Returns:
         None
         """
-        for identifier, results in yara_results.items():
+        for results in yara_results.values():
             for result in results:
                 event_data = {"description": f"{discovery_context} {yara_rule_settings.description}"}
                 if yara_rule_settings.emit_match:
@@ -263,7 +261,6 @@ class ExcavateRule:
 
 
 class CustomExtractor(ExcavateRule):
-
     def __init__(self, excavate):
         super().__init__(excavate)
 
@@ -317,7 +314,7 @@ class excavate(BaseInternalModule, BaseInterceptModule):
 
     _module_threads = 8
 
-    parameter_blacklist = set(
+    parameter_blacklist = {
         p.lower()
         for p in [
             "__VIEWSTATE",
@@ -332,7 +329,7 @@ class excavate(BaseInternalModule, BaseInterceptModule):
             "JSESSIONID",
             "PHPSESSID",
         ]
-    )
+    }
 
     yara_rule_name_regex = re.compile(r"rule\s(\w+)\s{")
     yara_rule_regex = re.compile(r"(?s)((?:rule\s+\w+\s*{[^{}]*(?:{[^{}]*}[^{}]*)*[^{}]*(?:/\S*?}[^/]*?/)*)*})")
@@ -358,7 +355,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
         )
 
     class ParameterExtractor(ExcavateRule):
-
         yara_rules = {}
 
         class ParameterExtractorRule:
@@ -372,7 +368,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                 self.result = result
 
         class GetJquery(ParameterExtractorRule):
-
             name = "GET jquery"
             discovery_regex = r"/\$.get\([^\)].+\)/ nocase"
             extraction_regex = re.compile(r"\$.get\([\'\"](.+)[\'\"].+(\{.+\})\)")
@@ -393,8 +388,12 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                     for action, extracted_parameters in extracted_results:
                         extracted_parameters_dict = self.convert_to_dict(extracted_parameters)
                         for parameter_name, original_value in extracted_parameters_dict.items():
-                            yield self.output_type, parameter_name, original_value, action, _exclude_key(
-                                extracted_parameters_dict, parameter_name
+                            yield (
+                                self.output_type,
+                                parameter_name,
+                                original_value,
+                                action,
+                                _exclude_key(extracted_parameters_dict, parameter_name),
                             )
 
         class PostJquery(GetJquery):
@@ -418,8 +417,12 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                         k: v[0] if isinstance(v, list) and len(v) == 1 else v for k, v in query_strings.items()
                     }
                     for parameter_name, original_value in query_strings_dict.items():
-                        yield self.output_type, parameter_name, original_value, url, _exclude_key(
-                            query_strings_dict, parameter_name
+                        yield (
+                            self.output_type,
+                            parameter_name,
+                            original_value,
+                            url,
+                            _exclude_key(query_strings_dict, parameter_name),
                         )
 
         class GetForm(ParameterExtractorRule):
@@ -444,8 +447,12 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                             form_parameters[parameter_name] = original_value
 
                         for parameter_name, original_value in form_parameters.items():
-                            yield self.output_type, parameter_name, original_value, form_action, _exclude_key(
-                                form_parameters, parameter_name
+                            yield (
+                                self.output_type,
+                                parameter_name,
+                                original_value,
+                                form_action,
+                                _exclude_key(form_parameters, parameter_name),
                             )
 
         class PostForm(GetForm):
@@ -485,7 +492,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                             endpoint,
                             additional_params,
                         ) in extracted_params:
-
                             self.excavate.debug(
                                 f"Found Parameter [{parameter_name}] in [{parameterExtractorSubModule.name}] ParameterExtractor Submodule"
                             )
@@ -497,7 +503,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                             )
 
                             if self.excavate.helpers.validate_parameter(parameter_name, parameter_type):
-
                                 if self.excavate.in_bl(parameter_name) == False:
                                     parsed_url = urlparse(url)
                                     description = f"HTTP Extracted Parameter [{parameter_name}] ({parameterExtractorSubModule.name} Submodule)"
@@ -532,7 +537,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                         await self.report(domain, event, yara_rule_settings, discovery_context, event_type="DNS_NAME")
 
     class EmailExtractor(ExcavateRule):
-
         yara_rules = {
             "email": 'rule email { meta: description = "contains email address" strings: $email = /[^\\W_][\\w\\-\\.\\+\']{0,100}@[a-zA-Z0-9\\-]{1,100}(\\.[a-zA-Z0-9\\-]{1,100})*\\.[a-zA-Z]{2,63}/ nocase fullword condition: $email }',
         }
@@ -551,7 +555,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
         }
 
     class ErrorExtractor(ExcavateRule):
-
         signatures = {
             "PHP_1": r"/\.php on line [0-9]+/",
             "PHP_2": r"/\.php<\/b> on line <b>[0-9]+/",
@@ -589,7 +592,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                     await self.report(event_data, event, yara_rule_settings, discovery_context, event_type="FINDING")
 
     class SerializationExtractor(ExcavateRule):
-
         regexes = {
             "Java": re.compile(r"[^a-zA-Z0-9\/+]rO0[a-zA-Z0-9+\/]+={0,2}"),
             "DOTNET": re.compile(r"[^a-zA-Z0-9\/+]AAEAAAD\/\/[a-zA-Z0-9\/+]+={0,2}"),
@@ -619,7 +621,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                     await self.report(event_data, event, yara_rule_settings, discovery_context, event_type="FINDING")
 
     class FunctionalityExtractor(ExcavateRule):
-
         yara_rules = {
             "File_Upload_Functionality": r'rule File_Upload_Functionality { meta: description = "contains file upload functionality" strings: $fileuploadfunc = /<input[^>]+type=["\']?file["\']?[^>]+>/ nocase condition: $fileuploadfunc }',
             "Web_Service_WSDL": r'rule Web_Service_WSDL { meta: emit_match = "True" description = "contains a web service WSDL URL" strings: $wsdl = /https?:\/\/[^\s]*\.(wsdl)/ nocase condition: $wsdl }',
@@ -633,7 +634,7 @@ class excavate(BaseInternalModule, BaseInterceptModule):
         scheme_blacklist = ["javascript", "mailto", "tel", "data", "vbscript", "about", "file"]
 
         async def process(self, yara_results, event, yara_rule_settings, discovery_context):
-            for identifier, results in yara_results.items():
+            for results in yara_results.values():
                 for url_str in results:
                     scheme = url_str.split("://")[0]
                     if scheme in self.scheme_blacklist:
@@ -704,7 +705,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
         tag_attribute_regex = bbot_regexes.tag_attribute_regex
 
         async def process(self, yara_results, event, yara_rule_settings, discovery_context):
-
             for identifier, results in yara_results.items():
                 urls_found = 0
                 final_url = ""
@@ -897,7 +897,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
         decoded_data = await self.helpers.re.recursive_decode(data)
 
         if self.parameter_extraction:
-
             content_type_lower = content_type.lower() if content_type else ""
             extraction_map = {
                 "json": self.helpers.extract_params_json,
@@ -934,7 +933,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                 self.hugewarning(f"YARA Rule {rule_name} not found in pre-compiled rules")
 
     async def handle_event(self, event):
-
         if event.type == "HTTP_RESPONSE":
             # Harvest GET parameters from URL, if it came directly from the target, and parameter extraction is enabled
             if (
@@ -1023,7 +1021,6 @@ class excavate(BaseInternalModule, BaseInterceptModule):
 
                             # Try to extract parameters from the redirect URL
                             if self.parameter_extraction:
-
                                 for (
                                     method,
                                     parsed_url,

bbot/modules/internal/speculate.py

@@ -45,10 +45,10 @@ class speculate(BaseInternalModule):
 
     async def setup(self):
         scan_modules = [m for m in self.scan.modules.values() if m._type == "scan"]
-        self.open_port_consumers = any(["OPEN_TCP_PORT" in m.watched_events for m in scan_modules])
+        self.open_port_consumers = any("OPEN_TCP_PORT" in m.watched_events for m in scan_modules)
         # only consider active portscanners (still speculate if only passive ones are enabled)
         self.portscanner_enabled = any(
-            ["portscan" in m.flags and "active" in m.flags for m in self.scan.modules.values()]
+            "portscan" in m.flags and "active" in m.flags for m in self.scan.modules.values()
         )
         self.emit_open_ports = self.open_port_consumers and not self.portscanner_enabled
         self.range_to_ip = True
@@ -71,7 +71,7 @@ class speculate(BaseInternalModule):
                 self.hugewarning(
                     f"Selected target ({target_len:,} hosts) is too large, skipping IP_RANGE --> IP_ADDRESS speculation"
                 )
-                self.hugewarning(f'Enabling the "portscan" module is highly recommended')
+                self.hugewarning('Enabling the "portscan" module is highly recommended')
             self.range_to_ip = False
 
         return True
@@ -126,7 +126,7 @@ class speculate(BaseInternalModule):
             parent = self.helpers.parent_domain(event.host_original)
             if parent != event.data:
                 await self.emit_event(
-                    parent, "DNS_NAME", parent=event, context=f"speculated parent {{event.type}}: {{event.data}}"
+                    parent, "DNS_NAME", parent=event, context="speculated parent {event.type}: {event.data}"
                 )
 
         # URL --> OPEN_TCP_PORT

bbot/modules/ipneighbor.py

@@ -31,7 +31,7 @@ class ipneighbor(BaseModule):
         netmask = main_ip.max_prefixlen - min(main_ip.max_prefixlen, self.num_bits)
         network = ipaddress.ip_network(f"{main_ip}/{netmask}", strict=False)
         subnet_hash = hash(network)
-        if not subnet_hash in self.processed:
+        if subnet_hash not in self.processed:
             self.processed.add(subnet_hash)
             for ip in network:
                 if ip != main_ip:

bbot/modules/jadx.py

@@ -43,7 +43,7 @@ class jadx(BaseModule):
 
     async def filter_event(self, event):
         if "file" in event.tags:
-            if not event.data["magic_description"].lower() in self.allowed_file_types:
+            if event.data["magic_description"].lower() not in self.allowed_file_types:
                 return False, f"Jadx is not able to decompile this file type: {event.data['magic_description']}"
         else:
             return False, "Event is not a file"

bbot/modules/newsletters.py

@@ -46,11 +46,11 @@ class newsletters(BaseModule):
                 body = _event.data["body"]
                 soup = self.helpers.beautifulsoup(body, "html.parser")
                 if soup is False:
-                    self.debug(f"BeautifulSoup returned False")
+                    self.debug("BeautifulSoup returned False")
                     return
                 result = self.find_type(soup)
                 if result:
-                    description = f"Found a Newsletter Submission Form that could be used for email bombing attacks"
+                    description = "Found a Newsletter Submission Form that could be used for email bombing attacks"
                     data = {"host": str(_event.host), "description": description, "url": _event.data["url"]}
                     await self.emit_event(
                         data,

bbot/modules/output/asset_inventory.py

@@ -91,15 +91,15 @@ class asset_inventory(CSV):
             self.assets[hostkey].absorb_event(event)
 
     async def report(self):
-        stats = dict()
-        totals = dict()
+        stats = {}
+        totals = {}
 
         def increment_stat(stat, value):
             try:
                 totals[stat] += 1
             except KeyError:
                 totals[stat] = 1
-            if not stat in stats:
+            if stat not in stats:
                 stats[stat] = {}
             try:
                 stats[stat][value] += 1
@@ -263,13 +263,13 @@ class Asset:
         if not self.recheck:
             # ports
             ports = [i.strip() for i in row.get("Open Ports", "").split(",")]
-            self.ports.update(set(i for i in ports if i and is_port(i)))
+            self.ports.update({i for i in ports if i and is_port(i)})
             # findings
             findings = [i.strip() for i in row.get("Findings", "").splitlines()]
-            self.findings.update(set(i for i in findings if i))
+            self.findings.update({i for i in findings if i})
             # technologies
             technologies = [i.strip() for i in row.get("Technologies", "").splitlines()]
-            self.technologies.update(set(i for i in technologies if i))
+            self.technologies.update({i for i in technologies if i})
             # risk rating
             risk_rating = row.get("Risk Rating", "").strip()
             if risk_rating and risk_rating.isdigit() and int(risk_rating) > self.risk_rating:

bbot/modules/output/base.py

@@ -24,7 +24,7 @@ class BaseOutputModule(BaseModule):
         if event.type in ("FINISHED",):
             return True, "its type is FINISHED"
         if self.errored:
-            return False, f"module is in error state"
+            return False, "module is in error state"
         # exclude non-watched types
         if not any(t in self.get_watched_events() for t in ("*", event.type)):
             return False, "its type is not in watched_events"

bbot/modules/output/csv.py

@@ -64,7 +64,7 @@ class CSV(BaseOutputModule):
                 ),
                 "Source Module": str(getattr(event, "module_sequence", "")),
                 "Scope Distance": str(getattr(event, "scope_distance", "")),
-                "Event Tags": ",".join(sorted(list(getattr(event, "tags", [])))),
+                "Event Tags": ",".join(sorted(getattr(event, "tags", []))),
                 "Discovery Path": " --> ".join(discovery_path),
             }
         )

bbot/modules/output/stdout.py

@@ -20,7 +20,7 @@ class Stdout(BaseOutputModule):
 
     async def setup(self):
         self.text_format = self.config.get("format", "text").strip().lower()
-        if not self.text_format in self.format_choices:
+        if self.text_format not in self.format_choices:
             return (
                 False,
                 f'Invalid text format choice, "{self.text_format}" (choices: {",".join(self.format_choices)})',
@@ -33,7 +33,7 @@ class Stdout(BaseOutputModule):
 
     async def filter_event(self, event):
         if self.accept_event_types:
-            if not event.type in self.accept_event_types:
+            if event.type not in self.accept_event_types:
                 return False, f'Event type "{event.type}" is not in the allowed event_types'
         return True
 

bbot/modules/paramminer_headers.py

@@ -82,7 +82,6 @@ class paramminer_headers(BaseModule):
     header_regex = re.compile(r"^[!#$%&\'*+\-.^_`|~0-9a-zA-Z]+: [^\r\n]+$")
 
     async def setup(self):
-
         self.recycle_words = self.config.get("recycle_words", True)
         self.event_dict = {}
         self.already_checked = set()
@@ -90,11 +89,11 @@ class paramminer_headers(BaseModule):
         if not wordlist:
             wordlist = f"{self.helpers.wordlist_dir}/{self.default_wordlist}"
         self.debug(f"Using wordlist: [{wordlist}]")
-        self.wl = set(
+        self.wl = {
             h.strip().lower()
             for h in self.helpers.read_file(await self.helpers.wordlist(wordlist))
             if len(h) > 0 and "%" not in h
-        )
+        }
 
         # check against the boring list (if the option is set)
         if self.config.get("skip_boring_words", True):
@@ -157,7 +156,6 @@ class paramminer_headers(BaseModule):
             )
 
     async def handle_event(self, event):
-
         # If recycle words is enabled, we will collect WEB_PARAMETERS we find to build our list in finish()
         # We also collect any parameters of type "SPECULATIVE"
         if event.type == "WEB_PARAMETER":
@@ -201,7 +199,7 @@ class paramminer_headers(BaseModule):
             return
         for count, args, kwargs in self.gen_count_args(url):
             r = await self.helpers.request(*args, **kwargs)
-            if r is not None and not ((str(r.status_code)[0] in ("4", "5"))):
+            if r is not None and not (str(r.status_code)[0] in ("4", "5")):
                 return count
 
     def gen_count_args(self, url):
@@ -240,8 +238,7 @@ class paramminer_headers(BaseModule):
         return await compare_helper.compare(url, headers=test_headers, check_reflection=(len(header_list) == 1))
 
     async def finish(self):
-
-        untested_matches = sorted(list(self.extracted_words_master.copy()))
+        untested_matches = sorted(self.extracted_words_master.copy())
         for url, (event, batch_size) in list(self.event_dict.items()):
             try:
                 compare_helper = self.helpers.http_compare(url)