bbot 2.3.0.5482rc0__py3-none-any.whl → 2.3.0.5489rc0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of bbot might be problematic. Click here for more details.
- bbot/__init__.py +1 -1
- bbot/core/event/base.py +22 -1
- bbot/modules/trufflehog.py +1 -1
- bbot/scanner/target.py +15 -1
- bbot/test/test_step_1/test_events.py +39 -0
- bbot/test/test_step_1/test_presets.py +2 -2
- {bbot-2.3.0.5482rc0.dist-info → bbot-2.3.0.5489rc0.dist-info}/METADATA +6 -1
- {bbot-2.3.0.5482rc0.dist-info → bbot-2.3.0.5489rc0.dist-info}/RECORD +11 -11
- {bbot-2.3.0.5482rc0.dist-info → bbot-2.3.0.5489rc0.dist-info}/LICENSE +0 -0
- {bbot-2.3.0.5482rc0.dist-info → bbot-2.3.0.5489rc0.dist-info}/WHEEL +0 -0
- {bbot-2.3.0.5482rc0.dist-info → bbot-2.3.0.5489rc0.dist-info}/entry_points.txt +0 -0
bbot/__init__.py
CHANGED
bbot/core/event/base.py
CHANGED
|
@@ -14,8 +14,8 @@ from pathlib import Path
|
|
|
14
14
|
from typing import Optional
|
|
15
15
|
from contextlib import suppress
|
|
16
16
|
from radixtarget import RadixTarget
|
|
17
|
-
from urllib.parse import urljoin, parse_qs
|
|
18
17
|
from pydantic import BaseModel, field_validator
|
|
18
|
+
from urllib.parse import urlparse, urljoin, parse_qs
|
|
19
19
|
|
|
20
20
|
|
|
21
21
|
from .helpers import *
|
|
@@ -1584,6 +1584,27 @@ class RAW_DNS_RECORD(DictHostEvent, DnsEvent):
|
|
|
1584
1584
|
class MOBILE_APP(DictEvent):
|
|
1585
1585
|
_always_emit = True
|
|
1586
1586
|
|
|
1587
|
+
def _sanitize_data(self, data):
|
|
1588
|
+
if isinstance(data, str):
|
|
1589
|
+
data = {"url": data}
|
|
1590
|
+
if "url" not in data:
|
|
1591
|
+
raise ValidationError("url is required for MOBILE_APP events")
|
|
1592
|
+
url = data["url"]
|
|
1593
|
+
# parse URL
|
|
1594
|
+
try:
|
|
1595
|
+
self.parsed_url = urlparse(url)
|
|
1596
|
+
except Exception as e:
|
|
1597
|
+
raise ValidationError(f"Error parsing URL {url}: {e}")
|
|
1598
|
+
if not "id" in data:
|
|
1599
|
+
# extract "id" getparam
|
|
1600
|
+
params = parse_qs(self.parsed_url.query)
|
|
1601
|
+
try:
|
|
1602
|
+
_id = params["id"][0]
|
|
1603
|
+
except Exception:
|
|
1604
|
+
raise ValidationError("id is required for MOBILE_APP events")
|
|
1605
|
+
data["id"] = _id
|
|
1606
|
+
return data
|
|
1607
|
+
|
|
1587
1608
|
def _pretty_string(self):
|
|
1588
1609
|
return self.data["url"]
|
|
1589
1610
|
|
bbot/modules/trufflehog.py
CHANGED
bbot/scanner/target.py
CHANGED
|
@@ -95,9 +95,9 @@ class BaseTarget(RadixTarget):
|
|
|
95
95
|
else:
|
|
96
96
|
event = self.make_event(target)
|
|
97
97
|
if event:
|
|
98
|
+
self.inputs.add(target)
|
|
98
99
|
_events = [event]
|
|
99
100
|
for event in _events:
|
|
100
|
-
self.inputs.add(event.data)
|
|
101
101
|
events.add(event)
|
|
102
102
|
|
|
103
103
|
# sort by host size to ensure consistency
|
|
@@ -140,6 +140,20 @@ class ScanSeeds(BaseTarget):
|
|
|
140
140
|
return [username_event]
|
|
141
141
|
return []
|
|
142
142
|
|
|
143
|
+
@special_target_type(r"^(?:FILESYSTEM|FILE|FOLDER|DIR|PATH):(.*)")
|
|
144
|
+
def handle_filesystem(self, match):
|
|
145
|
+
filesystem_event = self.make_event({"path": match.group(1)}, event_type="FILESYSTEM")
|
|
146
|
+
if filesystem_event:
|
|
147
|
+
return [filesystem_event]
|
|
148
|
+
return []
|
|
149
|
+
|
|
150
|
+
@special_target_type(r"^(?:MOBILE_APP|APK|IPA|APP):(.*)")
|
|
151
|
+
def handle_mobile_app(self, match):
|
|
152
|
+
mobile_app_event = self.make_event({"url": match.group(1)}, event_type="MOBILE_APP")
|
|
153
|
+
if mobile_app_event:
|
|
154
|
+
return [mobile_app_event]
|
|
155
|
+
return []
|
|
156
|
+
|
|
143
157
|
def get(self, event, single=True, **kwargs):
|
|
144
158
|
results = super().get(event, **kwargs)
|
|
145
159
|
if results and single:
|
|
@@ -979,6 +979,45 @@ def test_event_magic():
|
|
|
979
979
|
zip_file.unlink()
|
|
980
980
|
|
|
981
981
|
|
|
982
|
+
@pytest.mark.asyncio
|
|
983
|
+
async def test_mobile_app():
|
|
984
|
+
scan = Scanner()
|
|
985
|
+
with pytest.raises(ValidationError):
|
|
986
|
+
scan.make_event("com.evilcorp.app", "MOBILE_APP", parent=scan.root_event)
|
|
987
|
+
with pytest.raises(ValidationError):
|
|
988
|
+
scan.make_event({"id": "com.evilcorp.app"}, "MOBILE_APP", parent=scan.root_event)
|
|
989
|
+
with pytest.raises(ValidationError):
|
|
990
|
+
scan.make_event({"url": "https://play.google.com/store/apps/details"}, "MOBILE_APP", parent=scan.root_event)
|
|
991
|
+
mobile_app = scan.make_event(
|
|
992
|
+
{"url": "https://play.google.com/store/apps/details?id=com.evilcorp.app"}, "MOBILE_APP", parent=scan.root_event
|
|
993
|
+
)
|
|
994
|
+
assert sorted(mobile_app.data.items()) == [
|
|
995
|
+
("id", "com.evilcorp.app"),
|
|
996
|
+
("url", "https://play.google.com/store/apps/details?id=com.evilcorp.app"),
|
|
997
|
+
]
|
|
998
|
+
|
|
999
|
+
scan = Scanner("MOBILE_APP:https://play.google.com/store/apps/details?id=com.evilcorp.app")
|
|
1000
|
+
events = [e async for e in scan.async_start()]
|
|
1001
|
+
assert len(events) == 3
|
|
1002
|
+
mobile_app_event = [e for e in events if e.type == "MOBILE_APP"][0]
|
|
1003
|
+
assert mobile_app_event.type == "MOBILE_APP"
|
|
1004
|
+
assert sorted(mobile_app_event.data.items()) == [
|
|
1005
|
+
("id", "com.evilcorp.app"),
|
|
1006
|
+
("url", "https://play.google.com/store/apps/details?id=com.evilcorp.app"),
|
|
1007
|
+
]
|
|
1008
|
+
|
|
1009
|
+
|
|
1010
|
+
@pytest.mark.asyncio
|
|
1011
|
+
async def test_filesystem():
|
|
1012
|
+
scan = Scanner("FILESYSTEM:/tmp/asdf")
|
|
1013
|
+
events = [e async for e in scan.async_start()]
|
|
1014
|
+
assert len(events) == 3
|
|
1015
|
+
filesystem_events = [e for e in events if e.type == "FILESYSTEM"]
|
|
1016
|
+
assert len(filesystem_events) == 1
|
|
1017
|
+
assert filesystem_events[0].type == "FILESYSTEM"
|
|
1018
|
+
assert filesystem_events[0].data == {"path": "/tmp/asdf"}
|
|
1019
|
+
|
|
1020
|
+
|
|
982
1021
|
def test_event_hashing():
|
|
983
1022
|
scan = Scanner("example.com")
|
|
984
1023
|
url_event = scan.make_event("https://api.example.com/", "URL_UNVERIFIED", parent=scan.root_event)
|
|
@@ -272,13 +272,13 @@ def test_preset_scope():
|
|
|
272
272
|
}
|
|
273
273
|
assert preset_whitelist_baked.to_dict(include_target=True) == {
|
|
274
274
|
"target": ["evilcorp.org"],
|
|
275
|
-
"whitelist": ["1.2.3.
|
|
275
|
+
"whitelist": ["1.2.3.4/24", "http://evilcorp.net"],
|
|
276
276
|
"blacklist": ["bob@evilcorp.co.uk", "evilcorp.co.uk:443"],
|
|
277
277
|
"config": {"modules": {"secretsdb": {"api_key": "deadbeef", "otherthing": "asdf"}}},
|
|
278
278
|
}
|
|
279
279
|
assert preset_whitelist_baked.to_dict(include_target=True, redact_secrets=True) == {
|
|
280
280
|
"target": ["evilcorp.org"],
|
|
281
|
-
"whitelist": ["1.2.3.
|
|
281
|
+
"whitelist": ["1.2.3.4/24", "http://evilcorp.net"],
|
|
282
282
|
"blacklist": ["bob@evilcorp.co.uk", "evilcorp.co.uk:443"],
|
|
283
283
|
"config": {"modules": {"secretsdb": {"otherthing": "asdf"}}},
|
|
284
284
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: bbot
|
|
3
|
-
Version: 2.3.0.
|
|
3
|
+
Version: 2.3.0.5489rc0
|
|
4
4
|
Summary: OSINT automation for hackers.
|
|
5
5
|
Home-page: https://github.com/blacklanternsecurity/bbot
|
|
6
6
|
License: GPL-3.0
|
|
@@ -372,6 +372,11 @@ Targets can be any of the following:
|
|
|
372
372
|
- `IP_RANGE` (`1.2.3.0/24`)
|
|
373
373
|
- `OPEN_TCP_PORT` (`192.168.0.1:80`)
|
|
374
374
|
- `URL` (`https://www.evilcorp.com`)
|
|
375
|
+
- `EMAIL_ADDRESS` (`bob@evilcorp.com`)
|
|
376
|
+
- `ORG_STUB` (`ORG:evilcorp`)
|
|
377
|
+
- `USER_STUB` (`USER:bobsmith`)
|
|
378
|
+
- `FILESYSTEM` (`FILESYSTEM:/tmp/asdf`)
|
|
379
|
+
- `MOBILE_APP` (`MOBILE_APP:https://play.google.com/store/apps/details?id=com.evilcorp.app`)
|
|
375
380
|
|
|
376
381
|
For more information, see [Targets](https://www.blacklanternsecurity.com/bbot/Stable/scanning/#targets-t). To learn how BBOT handles scope, see [Scope](https://www.blacklanternsecurity.com/bbot/Stable/scanning/#scope).
|
|
377
382
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
bbot/__init__.py,sha256=
|
|
1
|
+
bbot/__init__.py,sha256=2i439UrdrmNdnUnbGMyYNiH9L1fMmHNYSRfZh7W-OK4,130
|
|
2
2
|
bbot/cli.py,sha256=SUEd4CcI-9QzFnqXpezza1sq_TNPcfDtJaSwL4MAl9g,10717
|
|
3
3
|
bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
|
|
4
4
|
bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
|
|
@@ -7,7 +7,7 @@ bbot/core/config/logger.py,sha256=FzQ7Myl0MVqBi7gpn9LOnbuL-UTXxSKpl11xuEGxS5I,10
|
|
|
7
7
|
bbot/core/core.py,sha256=V0G3dKPN5xCbXOoFeBRkh-BZb6A3kSNA060De01LiTU,7065
|
|
8
8
|
bbot/core/engine.py,sha256=uauGZgd7zAnJwNmVVPDicwHbUVCa8pV_pif49lgYeWk,29364
|
|
9
9
|
bbot/core/event/__init__.py,sha256=8ut88ZUg0kbtWkOx2j3XzNr_3kTfgoM-3UdiWHFA_ag,56
|
|
10
|
-
bbot/core/event/base.py,sha256=
|
|
10
|
+
bbot/core/event/base.py,sha256=m7wA9IOmWNyLZfv3A-hmHEWYwsv0vVFrnXM3v4DxHUQ,62195
|
|
11
11
|
bbot/core/event/helpers.py,sha256=PUN4Trq5_wpKVuhmwUQWAr40apgMXhJ9Gz-VfZ0j3lA,1554
|
|
12
12
|
bbot/core/flags.py,sha256=Ltvm8Bc4D65I55HuU5bzyjO1R3yMDNpVmreGU83ZBXE,1266
|
|
13
13
|
bbot/core/helpers/__init__.py,sha256=0UNwcZjNsX41hbHdo3yZPuARkYWch-okI68DScexve4,86
|
|
@@ -191,7 +191,7 @@ bbot/modules/templates/sql.py,sha256=o-CdyyoJvHJdJBKkj3CIGXYxUta4w2AB_2Vr-k7cDDU
|
|
|
191
191
|
bbot/modules/templates/subdomain_enum.py,sha256=SJmQKbWpymgSV_CYXDLlARhDCFxonzhhpvO_gIFaHnM,8396
|
|
192
192
|
bbot/modules/templates/webhook.py,sha256=Ch7Xrq8DuIBSYaIUWsSGqg8irtDsyk6LVKhsRHTpTh0,3706
|
|
193
193
|
bbot/modules/trickest.py,sha256=MRgLW0YiDWzlWdAjyqfPPLFb-a51r-Ffn_dphiJI_gA,1550
|
|
194
|
-
bbot/modules/trufflehog.py,sha256=
|
|
194
|
+
bbot/modules/trufflehog.py,sha256=yNUJkb-zLq0_g4OHbOppMClVCwQcrAsp0At_Q7_Rq1k,8553
|
|
195
195
|
bbot/modules/url_manipulation.py,sha256=4J3oFkqTSJPPmbKEKAHJg2Q2w4QNKtQhiN03ZJq5VtI,4326
|
|
196
196
|
bbot/modules/urlscan.py,sha256=-w_3Bm6smyG2GLQyIbnMUkKmeQVauo-V6F4_kJDYG7s,3740
|
|
197
197
|
bbot/modules/viewdns.py,sha256=2SjNZNjQL1tko58tPAjP-CGYDmP-zZ1HpY-vACGa9UI,2595
|
|
@@ -228,7 +228,7 @@ bbot/scanner/preset/path.py,sha256=Q29MO8cOEn690yW6bB08P72kbZ3C-H_TOEoXuwWnFM8,2
|
|
|
228
228
|
bbot/scanner/preset/preset.py,sha256=u4GpuydOZov1tEZpshQAB-LL8bZLJ3nyu-NmkBEBvEY,40070
|
|
229
229
|
bbot/scanner/scanner.py,sha256=9Lpl7N7lAurMB1gWknbxv3Ph28QQWoZlGmcwTQarHJY,54129
|
|
230
230
|
bbot/scanner/stats.py,sha256=re93sArKXZSiD0Owgqk2J3Kdvfm3RL4Y9Qy_VOcaVk8,3623
|
|
231
|
-
bbot/scanner/target.py,sha256=
|
|
231
|
+
bbot/scanner/target.py,sha256=EQwtFZLDeNlqt8JupyBEksqeQ_c_i3NARSWf3mQQC4k,12128
|
|
232
232
|
bbot/scripts/docs.py,sha256=ZLY9-O6OeEElzOUvTglO5EMkRv1s4aEuxJb2CthCVsI,10782
|
|
233
233
|
bbot/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
234
234
|
bbot/test/bbot_fixtures.py,sha256=PNIycAMcNWM8oZ6BvvQmSbif1sztdOgyQ_e9lfQA6gA,9981
|
|
@@ -250,13 +250,13 @@ bbot/test/test_step_1/test_depsinstaller.py,sha256=zr9f-wJDotD1ZvKXGEuDRWzFYMAYB
|
|
|
250
250
|
bbot/test/test_step_1/test_dns.py,sha256=SjefP-8GGyx9q-PWotCWu4esF0dRhWJRrS-J5MGNi6w,32153
|
|
251
251
|
bbot/test/test_step_1/test_docs.py,sha256=YWVGNRfzcrvDmFekX0Cq9gutQplsqvhKTpZ0XK4tWvo,82
|
|
252
252
|
bbot/test/test_step_1/test_engine.py,sha256=3HkCPtYhUxiZzfA-BRHpLsyaRj9wIXKbb49BCk9dILM,4267
|
|
253
|
-
bbot/test/test_step_1/test_events.py,sha256=
|
|
253
|
+
bbot/test/test_step_1/test_events.py,sha256=d801YobkGGxolHx6H1qUZTo6ZedVJ1DGDxCfgdEf-0Y,50555
|
|
254
254
|
bbot/test/test_step_1/test_files.py,sha256=5Q_3jPpMXULxDHsanSDUaj8zF8bXzKdiJZHOmoYpLhQ,699
|
|
255
255
|
bbot/test/test_step_1/test_helpers.py,sha256=6WG2rqnI7Jt0Z7Dc5AyqTDcL16QM0_WJ3CXE1M-xSMc,39506
|
|
256
256
|
bbot/test/test_step_1/test_manager_deduplication.py,sha256=hZQpDXzg6zvzxFolVOcJuY-ME8NXjZUsqS70BRNXp8A,15594
|
|
257
257
|
bbot/test/test_step_1/test_manager_scope_accuracy.py,sha256=JV1bQHt9EIM0GmGS4T4Brz_L2lfcwTxtNC06cfv7r64,79763
|
|
258
258
|
bbot/test/test_step_1/test_modules_basic.py,sha256=hxXdsrBwme5elGQtvyvA52-KzahyQC3FlWQZ3T0EheA,19989
|
|
259
|
-
bbot/test/test_step_1/test_presets.py,sha256=
|
|
259
|
+
bbot/test/test_step_1/test_presets.py,sha256=Y5Bbz1qKk5yiQt3LdZ_R_M4gcInCSX4XP2vm-Jpv28E,38209
|
|
260
260
|
bbot/test/test_step_1/test_python_api.py,sha256=GM5Kp2AAFl92ozo1kL6axsM87F8Gdq2_mWQvRnbXW_0,5503
|
|
261
261
|
bbot/test/test_step_1/test_regexes.py,sha256=34-BHzDE5qdltE-sQIzkrTmJTL49QUYoTn2uT1DZLwI,14356
|
|
262
262
|
bbot/test/test_step_1/test_scan.py,sha256=h3JP5RXnOUH8dqqq2Q_7yLpx1LCAEvqfE1bpHL7bDS0,5756
|
|
@@ -416,8 +416,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ZSIVebs7ptMvHx
|
|
|
416
416
|
bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
|
|
417
417
|
bbot/wordlists/valid_url_schemes.txt,sha256=0B_VAr9Dv7aYhwi6JSBDU-3M76vNtzN0qEC_RNLo7HE,3310
|
|
418
418
|
bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
|
|
419
|
-
bbot-2.3.0.
|
|
420
|
-
bbot-2.3.0.
|
|
421
|
-
bbot-2.3.0.
|
|
422
|
-
bbot-2.3.0.
|
|
423
|
-
bbot-2.3.0.
|
|
419
|
+
bbot-2.3.0.5489rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
|
|
420
|
+
bbot-2.3.0.5489rc0.dist-info/METADATA,sha256=y_xqx4nhbAp0Daqx5AQ3wbpHJLw5Gi-REluIFj2P3ZE,18213
|
|
421
|
+
bbot-2.3.0.5489rc0.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
|
|
422
|
+
bbot-2.3.0.5489rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
|
|
423
|
+
bbot-2.3.0.5489rc0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|