bbot 2.3.0.5546rc0__py3-none-any.whl → 2.3.1.5815rc0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of bbot might be problematic. Click here for more details.

Files changed (116) hide show
  1. bbot/__init__.py +1 -1
  2. bbot/cli.py +1 -1
  3. bbot/core/engine.py +1 -1
  4. bbot/core/event/base.py +7 -5
  5. bbot/core/helpers/async_helpers.py +7 -1
  6. bbot/core/helpers/depsinstaller/installer.py +7 -2
  7. bbot/core/helpers/diff.py +13 -4
  8. bbot/core/helpers/dns/brute.py +8 -2
  9. bbot/core/helpers/dns/engine.py +3 -2
  10. bbot/core/helpers/ratelimiter.py +8 -2
  11. bbot/core/helpers/regexes.py +5 -2
  12. bbot/core/helpers/web/engine.py +1 -1
  13. bbot/core/helpers/web/web.py +1 -1
  14. bbot/core/shared_deps.py +14 -0
  15. bbot/defaults.yml +44 -0
  16. bbot/modules/ajaxpro.py +64 -37
  17. bbot/modules/baddns.py +23 -15
  18. bbot/modules/baddns_direct.py +2 -2
  19. bbot/modules/badsecrets.py +2 -2
  20. bbot/modules/base.py +49 -15
  21. bbot/modules/censys.py +1 -1
  22. bbot/modules/deadly/dastardly.py +3 -3
  23. bbot/modules/deadly/nuclei.py +1 -1
  24. bbot/modules/dehashed.py +2 -2
  25. bbot/modules/dnsbrute_mutations.py +3 -1
  26. bbot/modules/docker_pull.py +1 -1
  27. bbot/modules/dockerhub.py +2 -2
  28. bbot/modules/dotnetnuke.py +12 -12
  29. bbot/modules/extractous.py +1 -1
  30. bbot/modules/ffuf_shortnames.py +107 -48
  31. bbot/modules/filedownload.py +6 -0
  32. bbot/modules/generic_ssrf.py +54 -40
  33. bbot/modules/github_codesearch.py +2 -2
  34. bbot/modules/github_org.py +16 -20
  35. bbot/modules/github_workflows.py +6 -2
  36. bbot/modules/gowitness.py +6 -0
  37. bbot/modules/hunt.py +1 -1
  38. bbot/modules/hunterio.py +1 -1
  39. bbot/modules/iis_shortnames.py +23 -7
  40. bbot/modules/internal/excavate.py +5 -3
  41. bbot/modules/internal/unarchive.py +82 -0
  42. bbot/modules/jadx.py +2 -2
  43. bbot/modules/output/asset_inventory.py +1 -1
  44. bbot/modules/output/base.py +1 -1
  45. bbot/modules/output/discord.py +2 -1
  46. bbot/modules/output/slack.py +2 -1
  47. bbot/modules/output/teams.py +10 -25
  48. bbot/modules/output/web_parameters.py +55 -0
  49. bbot/modules/paramminer_headers.py +15 -10
  50. bbot/modules/portfilter.py +41 -0
  51. bbot/modules/portscan.py +1 -22
  52. bbot/modules/postman.py +61 -43
  53. bbot/modules/postman_download.py +10 -147
  54. bbot/modules/sitedossier.py +1 -1
  55. bbot/modules/skymem.py +1 -1
  56. bbot/modules/templates/postman.py +163 -1
  57. bbot/modules/templates/subdomain_enum.py +1 -1
  58. bbot/modules/templates/webhook.py +17 -26
  59. bbot/modules/trufflehog.py +3 -3
  60. bbot/modules/wappalyzer.py +1 -1
  61. bbot/modules/zoomeye.py +1 -1
  62. bbot/presets/kitchen-sink.yml +1 -1
  63. bbot/presets/nuclei/nuclei-budget.yml +19 -0
  64. bbot/presets/nuclei/nuclei-intense.yml +28 -0
  65. bbot/presets/nuclei/nuclei-technology.yml +23 -0
  66. bbot/presets/nuclei/nuclei.yml +34 -0
  67. bbot/presets/spider-intense.yml +13 -0
  68. bbot/scanner/preset/args.py +29 -3
  69. bbot/scanner/preset/preset.py +43 -24
  70. bbot/scanner/scanner.py +17 -7
  71. bbot/test/bbot_fixtures.py +7 -7
  72. bbot/test/test_step_1/test_bloom_filter.py +2 -2
  73. bbot/test/test_step_1/test_cli.py +5 -5
  74. bbot/test/test_step_1/test_dns.py +33 -0
  75. bbot/test/test_step_1/test_events.py +15 -5
  76. bbot/test/test_step_1/test_modules_basic.py +21 -21
  77. bbot/test/test_step_1/test_presets.py +94 -4
  78. bbot/test/test_step_1/test_regexes.py +13 -13
  79. bbot/test/test_step_1/test_scan.py +78 -0
  80. bbot/test/test_step_1/test_web.py +4 -4
  81. bbot/test/test_step_2/module_tests/test_module_ajaxpro.py +43 -23
  82. bbot/test/test_step_2/module_tests/test_module_azure_realm.py +3 -3
  83. bbot/test/test_step_2/module_tests/test_module_baddns.py +3 -3
  84. bbot/test/test_step_2/module_tests/test_module_bucket_amazon.py +6 -6
  85. bbot/test/test_step_2/module_tests/test_module_bufferoverrun.py +3 -3
  86. bbot/test/test_step_2/module_tests/test_module_cloudcheck.py +3 -3
  87. bbot/test/test_step_2/module_tests/test_module_dnsbimi.py +3 -3
  88. bbot/test/test_step_2/module_tests/test_module_dnscaa.py +6 -6
  89. bbot/test/test_step_2/module_tests/test_module_dnscommonsrv.py +9 -9
  90. bbot/test/test_step_2/module_tests/test_module_dnstlsrpt.py +12 -12
  91. bbot/test/test_step_2/module_tests/test_module_excavate.py +15 -15
  92. bbot/test/test_step_2/module_tests/test_module_extractous.py +3 -3
  93. bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py +8 -8
  94. bbot/test/test_step_2/module_tests/test_module_generic_ssrf.py +3 -1
  95. bbot/test/test_step_2/module_tests/test_module_github_codesearch.py +3 -3
  96. bbot/test/test_step_2/module_tests/test_module_gowitness.py +9 -9
  97. bbot/test/test_step_2/module_tests/test_module_iis_shortnames.py +1 -1
  98. bbot/test/test_step_2/module_tests/test_module_paramminer_getparams.py +35 -1
  99. bbot/test/test_step_2/module_tests/test_module_paramminer_headers.py +3 -3
  100. bbot/test/test_step_2/module_tests/test_module_portfilter.py +48 -0
  101. bbot/test/test_step_2/module_tests/test_module_postman.py +338 -3
  102. bbot/test/test_step_2/module_tests/test_module_postman_download.py +4 -161
  103. bbot/test/test_step_2/module_tests/test_module_securitytxt.py +12 -12
  104. bbot/test/test_step_2/module_tests/test_module_teams.py +10 -1
  105. bbot/test/test_step_2/module_tests/test_module_trufflehog.py +1 -1
  106. bbot/test/test_step_2/module_tests/test_module_unarchive.py +229 -0
  107. bbot/test/test_step_2/module_tests/test_module_viewdns.py +3 -3
  108. bbot/test/test_step_2/module_tests/test_module_web_parameters.py +59 -0
  109. bbot/test/test_step_2/module_tests/test_module_websocket.py +5 -4
  110. {bbot-2.3.0.5546rc0.dist-info → bbot-2.3.1.5815rc0.dist-info}/METADATA +7 -7
  111. {bbot-2.3.0.5546rc0.dist-info → bbot-2.3.1.5815rc0.dist-info}/RECORD +115 -105
  112. {bbot-2.3.0.5546rc0.dist-info → bbot-2.3.1.5815rc0.dist-info}/WHEEL +1 -1
  113. bbot/wordlists/ffuf_shortname_candidates.txt +0 -107982
  114. /bbot/presets/{baddns-thorough.yml → baddns-intense.yml} +0 -0
  115. {bbot-2.3.0.5546rc0.dist-info → bbot-2.3.1.5815rc0.dist-info}/LICENSE +0 -0
  116. {bbot-2.3.0.5546rc0.dist-info → bbot-2.3.1.5815rc0.dist-info}/entry_points.txt +0 -0
bbot/test/test_step_2/module_tests/test_module_postman.py CHANGED
@@ -2,14 +2,50 @@ from .base import ModuleTestBase
2
2
 
3
3
 
4
4
  class TestPostman(ModuleTestBase):
5
+ config_overrides = {"modules": {"postman": {"api_key": "asdf"}}}
5
6
  modules_overrides = ["postman", "speculate"]
6
7
 
8
+ async def setup_before_prep(self, module_test):
9
+ module_test.httpx_mock.add_response(
10
+ url="https://api.getpostman.com/me",
11
+ match_headers={"X-Api-Key": "asdf"},
12
+ json={
13
+ "user": {
14
+ "id": 000000,
15
+ "username": "test_key",
16
+ "email": "blacklanternsecurity@test.com",
17
+ "fullName": "Test Key",
18
+ "avatar": "",
19
+ "isPublic": True,
20
+ "teamId": 0,
21
+ "teamDomain": "",
22
+ "roles": ["user"],
23
+ },
24
+ "operations": [
25
+ {"name": "api_object_usage", "limit": 3, "usage": 0, "overage": 0},
26
+ {"name": "collection_run_limit", "limit": 25, "usage": 0, "overage": 0},
27
+ {"name": "file_storage_limit", "limit": 20, "usage": 0, "overage": 0},
28
+ {"name": "flow_count", "limit": 5, "usage": 0, "overage": 0},
29
+ {"name": "flow_requests", "limit": 5000, "usage": 0, "overage": 0},
30
+ {"name": "performance_test_limit", "limit": 25, "usage": 0, "overage": 0},
31
+ {"name": "postbot_calls", "limit": 50, "usage": 0, "overage": 0},
32
+ {"name": "reusable_packages", "limit": 3, "usage": 0, "overage": 0},
33
+ {"name": "test_data_retrieval", "limit": 1000, "usage": 0, "overage": 0},
34
+ {"name": "test_data_storage", "limit": 10, "usage": 0, "overage": 0},
35
+ {"name": "mock_usage", "limit": 1000, "usage": 0, "overage": 0},
36
+ {"name": "monitor_request_runs", "limit": 1000, "usage": 0, "overage": 0},
37
+ {"name": "api_usage", "limit": 1000, "usage": 0, "overage": 0},
38
+ ],
39
+ },
40
+ )
41
+
7
42
  async def setup_after_prep(self, module_test):
8
43
  await module_test.mock_dns(
9
44
  {"blacklanternsecurity.com": {"A": ["127.0.0.99"]}, "github.com": {"A": ["127.0.0.99"]}}
10
45
  )
11
46
  module_test.httpx_mock.add_response(
12
47
  url="https://www.postman.com/_api/ws/proxy",
48
+ match_content=b'{"service": "search", "method": "POST", "path": "/search-all", "body": {"queryIndices": ["collaboration.workspace"], "queryText": "blacklanternsecurity", "size": 25, "from": 0, "clientTraceId": "", "requestOrigin": "srp", "mergeEntities": "true", "nonNestedRequests": "true", "domain": "public"}}',
13
49
  json={
14
50
  "data": [
15
51
  {
@@ -62,14 +98,65 @@ class TestPostman(ModuleTestBase):
62
98
  "documentType": "workspace",
63
99
  },
64
100
  "highlight": {"summary": "<b>BLS</b> BBOT api test."},
65
- }
101
+ },
102
+ {
103
+ "score": 611.41156,
104
+ "normalizedScore": 23,
105
+ "document": {
106
+ "watcherCount": 6,
107
+ "apiCount": 0,
108
+ "forkCount": 0,
109
+ "isblacklisted": "false",
110
+ "createdAt": "2021-06-15T14:03:51",
111
+ "publishertype": "team",
112
+ "publisherHandle": "testteam",
113
+ "id": "11498add-357d-4bc5-a008-0a2d44fb8829",
114
+ "slug": "testing-bbot-api",
115
+ "updatedAt": "2024-07-30T11:00:35",
116
+ "entityType": "workspace",
117
+ "visibilityStatus": "public",
118
+ "forkcount": "0",
119
+ "tags": [],
120
+ "createdat": "2021-06-15T14:03:51",
121
+ "forkLabel": "",
122
+ "publisherName": "testteam",
123
+ "name": "Test BlackLanternSecurity API Team Workspace",
124
+ "dependencyCount": 7,
125
+ "collectionCount": 6,
126
+ "warehouse__updated_at": "2024-07-30 11:00:00",
127
+ "privateNetworkFolders": [],
128
+ "isPublisherVerified": False,
129
+ "publisherType": "team",
130
+ "curatedInList": [],
131
+ "creatorId": "6900157",
132
+ "description": "",
133
+ "forklabel": "",
134
+ "publisherId": "299401",
135
+ "publisherLogo": "",
136
+ "popularity": 5,
137
+ "isPublic": True,
138
+ "categories": [],
139
+ "universaltags": "",
140
+ "views": 5788,
141
+ "summary": "Private test of BBOTs public API",
142
+ "memberCount": 2,
143
+ "isBlacklisted": False,
144
+ "publisherid": "299401",
145
+ "isPrivateNetworkEntity": False,
146
+ "isDomainNonTrivial": True,
147
+ "privateNetworkMeta": "",
148
+ "updatedat": "2021-10-20T16:19:29",
149
+ "documentType": "workspace",
150
+ },
151
+ "highlight": {"summary": "Private test of BBOTs Public API"},
152
+ },
66
153
  ],
67
154
  "meta": {
68
155
  "queryText": "blacklanternsecurity",
69
156
  "total": {
70
157
  "collection": 0,
71
158
  "request": 0,
72
- "workspace": 1,
159
+ "workspace": 2,
73
160
  "api": 0,
74
161
  "team": 0,
75
162
  "user": 0,
@@ -78,7 +165,7 @@ class TestPostman(ModuleTestBase):
78
165
  "privateNetworkFolder": 0,
79
166
  },
80
167
  "state": "AQ4",
81
- "spellCorrection": {"count": {"all": 1, "workspace": 1}, "correctedQueryText": None},
168
+ "spellCorrection": {"count": {"all": 2, "workspace": 2}, "correctedQueryText": None},
82
169
  "featureFlags": {
83
170
  "enabledPublicResultCuration": True,
84
171
  "boostByPopularity": True,
@@ -88,6 +175,253 @@ class TestPostman(ModuleTestBase):
88
175
  },
89
176
  },
90
177
  )
178
+ module_test.httpx_mock.add_response(
179
+ url="https://www.postman.com/_api/ws/proxy",
180
+ match_content=b'{"service": "workspaces", "method": "GET", "path": "/workspaces?handle=blacklanternsecurity&slug=bbot-public"}',
181
+ json={
182
+ "meta": {"model": "workspace", "action": "find", "nextCursor": ""},
183
+ "data": [
184
+ {
185
+ "id": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
186
+ "name": "BlackLanternSecurity BBOT [Public]",
187
+ "description": None,
188
+ "summary": "BLS public workspaces.",
189
+ "createdBy": "299401",
190
+ "updatedBy": "299401",
191
+ "team": None,
192
+ "createdAt": "2021-10-20T16:19:29",
193
+ "updatedAt": "2021-10-20T16:19:29",
194
+ "visibilityStatus": "public",
195
+ "profileInfo": {
196
+ "slug": "bbot-public",
197
+ "profileType": "team",
198
+ "profileId": "000000",
199
+ "publicHandle": "https://www.postman.com/blacklanternsecurity",
200
+ "publicImageURL": "",
201
+ "publicName": "BlackLanternSecurity",
202
+ "isVerified": False,
203
+ },
204
+ }
205
+ ],
206
+ },
207
+ )
208
+ module_test.httpx_mock.add_response(
209
+ url="https://www.postman.com/_api/ws/proxy",
210
+ match_content=b'{"service": "workspaces", "method": "GET", "path": "/workspaces?handle=testteam&slug=testing-bbot-api"}',
211
+ json={
212
+ "meta": {"model": "workspace", "action": "find", "nextCursor": ""},
213
+ "data": [
214
+ {
215
+ "id": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
216
+ "name": "Test BlackLanternSecurity API Team Workspace",
217
+ "description": None,
218
+ "summary": "Private test of BBOTs public API",
219
+ "createdBy": "299401",
220
+ "updatedBy": "299401",
221
+ "team": None,
222
+ "createdAt": "2021-10-20T16:19:29",
223
+ "updatedAt": "2021-10-20T16:19:29",
224
+ "visibilityStatus": "public",
225
+ "profileInfo": {
226
+ "slug": "bbot-public",
227
+ "profileType": "team",
228
+ "profileId": "000000",
229
+ "publicHandle": "https://www.postman.com/testteam",
230
+ "publicImageURL": "",
231
+ "publicName": "testteam",
232
+ "isVerified": False,
233
+ },
234
+ }
235
+ ],
236
+ },
237
+ )
238
+ module_test.httpx_mock.add_response(
239
+ url="https://api.getpostman.com/workspaces/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
240
+ match_headers={"X-Api-Key": "asdf"},
241
+ json={
242
+ "workspace": {
243
+ "id": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
244
+ "name": "BlackLanternSecurity BBOT [Public]",
245
+ "type": "personal",
246
+ "description": None,
247
+ "visibility": "public",
248
+ "createdBy": "00000000",
249
+ "updatedBy": "00000000",
250
+ "createdAt": "2021-11-17T06:09:01.000Z",
251
+ "updatedAt": "2021-11-17T08:57:16.000Z",
252
+ "collections": [
253
+ {
254
+ "id": "2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
255
+ "name": "BBOT Public",
256
+ "uid": "10197090-2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
257
+ },
258
+ ],
259
+ "environments": [
260
+ {
261
+ "id": "f770f816-9c6a-40f7-bde3-c0855d2a1089",
262
+ "name": "BBOT Test",
263
+ "uid": "10197090-f770f816-9c6a-40f7-bde3-c0855d2a1089",
264
+ }
265
+ ],
266
+ "apis": [],
267
+ }
268
+ },
269
+ )
270
+ module_test.httpx_mock.add_response(
271
+ url="https://api.getpostman.com/workspaces/a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
272
+ json={
273
+ "workspace": {
274
+ "id": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
275
+ "name": "Test BlackLanternSecurity API Team Workspace",
276
+ "type": "personal",
277
+ "description": None,
278
+ "visibility": "public",
279
+ "createdBy": "00000000",
280
+ "updatedBy": "00000000",
281
+ "createdAt": "2021-11-17T06:09:01.000Z",
282
+ "updatedAt": "2021-11-17T08:57:16.000Z",
283
+ "collections": [
284
+ {
285
+ "id": "f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
286
+ "name": "BBOT Public",
287
+ "uid": "10197090-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
288
+ },
289
+ ],
290
+ "environments": [],
291
+ "apis": [],
292
+ }
293
+ },
294
+ )
295
+ module_test.httpx_mock.add_response(
296
+ url="https://www.postman.com/_api/workspace/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b/globals",
297
+ json={
298
+ "model_id": "8be7574b-219f-49e0-8d25-da447a882e4e",
299
+ "meta": {"model": "globals", "action": "find"},
300
+ "data": {
301
+ "workspace": "3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
302
+ "lastUpdatedBy": "00000000",
303
+ "lastRevision": 1637239113000,
304
+ "id": "8be7574b-219f-49e0-8d25-da447a882e4e",
305
+ "values": [
306
+ {
307
+ "key": "endpoint_url",
308
+ "value": "https://api.blacklanternsecurity.com/",
309
+ "enabled": True,
310
+ },
311
+ ],
312
+ "createdAt": "2021-11-17T06:09:01.000Z",
313
+ "updatedAt": "2021-11-18T12:38:33.000Z",
314
+ },
315
+ },
316
+ )
317
+ module_test.httpx_mock.add_response(
318
+ url="https://www.postman.com/_api/workspace/a4dfe981-2593-4f0b-b4c3-5145e8640f7d/globals",
319
+ json={
320
+ "model_id": "8be7574b-219f-49e0-8d25-da447a882e4e",
321
+ "meta": {"model": "globals", "action": "find"},
322
+ "data": {
323
+ "workspace": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
324
+ "lastUpdatedBy": "00000000",
325
+ "lastRevision": 1637239113000,
326
+ "id": "8be7574b-219f-49e0-8d25-da447a882e4e",
327
+ "values": [],
328
+ "createdAt": "2021-11-17T06:09:01.000Z",
329
+ "updatedAt": "2021-11-18T12:38:33.000Z",
330
+ },
331
+ },
332
+ )
333
+ module_test.httpx_mock.add_response(
334
+ url="https://api.getpostman.com/environments/10197090-f770f816-9c6a-40f7-bde3-c0855d2a1089",
335
+ match_headers={"X-Api-Key": "asdf"},
336
+ json={
337
+ "environment": {
338
+ "id": "f770f816-9c6a-40f7-bde3-c0855d2a1089",
339
+ "name": "BBOT Test",
340
+ "owner": "00000000",
341
+ "createdAt": "2021-11-17T06:29:54.000Z",
342
+ "updatedAt": "2021-11-23T07:06:53.000Z",
343
+ "values": [
344
+ {
345
+ "key": "temp_session_endpoint",
346
+ "value": "https://api.blacklanternsecurity.com/",
347
+ "enabled": True,
348
+ },
349
+ ],
350
+ "isPublic": True,
351
+ }
352
+ },
353
+ )
354
+ module_test.httpx_mock.add_response(
355
+ url="https://api.getpostman.com/collections/10197090-2aab9fd0-3715-4abe-8bb0-8cb0264d023f",
356
+ match_headers={"X-Api-Key": "asdf"},
357
+ json={
358
+ "collection": {
359
+ "info": {
360
+ "_postman_id": "62b91565-d2e2-4bcd-8248-4dba2e3452f0",
361
+ "name": "BBOT Public",
362
+ "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
363
+ "updatedAt": "2021-11-17T07:13:16.000Z",
364
+ "createdAt": "2021-11-17T07:13:15.000Z",
365
+ "lastUpdatedBy": "00000000",
366
+ "uid": "00000000-62b91565-d2e2-4bcd-8248-4dba2e3452f0",
367
+ },
368
+ "item": [
369
+ {
370
+ "name": "Generate API Session",
371
+ "id": "c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
372
+ "protocolProfileBehavior": {"disableBodyPruning": True},
373
+ "request": {
374
+ "method": "POST",
375
+ "header": [{"key": "Content-Type", "value": "application/json"}],
376
+ "body": {
377
+ "mode": "raw",
378
+ "raw": '{"username": "test", "password": "Test"}',
379
+ },
380
+ "url": {"raw": "{{endpoint_url}}", "host": ["{{endpoint_url}}"]},
381
+ "description": "",
382
+ },
383
+ "response": [],
384
+ "uid": "10197090-c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
385
+ },
386
+ ],
387
+ }
388
+ },
389
+ )
390
+ module_test.httpx_mock.add_response(
391
+ url="https://api.getpostman.com/collections/10197090-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
392
+ json={
393
+ "collection": {
394
+ "info": {
395
+ "_postman_id": "f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
396
+ "name": "BBOT Public",
397
+ "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
398
+ "updatedAt": "2021-11-17T07:13:16.000Z",
399
+ "createdAt": "2021-11-17T07:13:15.000Z",
400
+ "lastUpdatedBy": "00000000",
401
+ "uid": "00000000-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
402
+ },
403
+ "item": [
404
+ {
405
+ "name": "Out of Scope API request",
406
+ "id": "c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
407
+ "protocolProfileBehavior": {"disableBodyPruning": True},
408
+ "request": {
409
+ "method": "POST",
410
+ "header": [{"key": "Content-Type", "value": "application/json"}],
411
+ "body": {
412
+ "mode": "raw",
413
+ "raw": '{"username": "test", "password": "Test"}',
414
+ },
415
+ "url": {"raw": "https://www.outofscope.com", "host": ["www.outofscope.com"]},
416
+ "description": "",
417
+ },
418
+ "response": [],
419
+ "uid": "10197090-c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
420
+ },
421
+ ],
422
+ }
423
+ },
424
+ )
91
425
 
92
426
  def check(self, module_test, events):
93
427
  assert len(events) == 5
@@ -101,6 +435,7 @@ class TestPostman(ModuleTestBase):
101
435
  assert 1 == len(
102
436
  [e for e in events if e.type == "ORG_STUB" and e.data == "blacklanternsecurity" and e.scope_distance == 0]
103
437
  ), "Failed to find ORG_STUB"
438
+ # Find only 1 in-scope workspace the other will be out of scope
104
439
  assert 1 == len(
105
440
  [
106
441
  e
bbot/test/test_step_2/module_tests/test_module_postman_download.py CHANGED
@@ -45,7 +45,7 @@ class TestPostman_Download(ModuleTestBase):
45
45
  )
46
46
  module_test.httpx_mock.add_response(
47
47
  url="https://www.postman.com/_api/ws/proxy",
48
- match_content=b'{"service": "search", "method": "POST", "path": "/search-all", "body": {"queryIndices": ["collaboration.workspace"], "queryText": "blacklanternsecurity", "size": 100, "from": 0, "clientTraceId": "", "requestOrigin": "srp", "mergeEntities": "true", "nonNestedRequests": "true", "domain": "public"}}',
48
+ match_content=b'{"service": "search", "method": "POST", "path": "/search-all", "body": {"queryIndices": ["collaboration.workspace"], "queryText": "blacklanternsecurity", "size": 25, "from": 0, "clientTraceId": "", "requestOrigin": "srp", "mergeEntities": "true", "nonNestedRequests": "true", "domain": "public"}}',
49
49
  json={
50
50
  "data": [
51
51
  {
@@ -99,64 +99,13 @@ class TestPostman_Download(ModuleTestBase):
99
99
  },
100
100
  "highlight": {"summary": "<b>BLS</b> BBOT api test."},
101
101
  },
102
- {
103
- "score": 611.41156,
104
- "normalizedScore": 23,
105
- "document": {
106
- "watcherCount": 6,
107
- "apiCount": 0,
108
- "forkCount": 0,
109
- "isblacklisted": "false",
110
- "createdAt": "2021-06-15T14:03:51",
111
- "publishertype": "team",
112
- "publisherHandle": "testteam",
113
- "id": "11498add-357d-4bc5-a008-0a2d44fb8829",
114
- "slug": "testing-bbot-api",
115
- "updatedAt": "2024-07-30T11:00:35",
116
- "entityType": "workspace",
117
- "visibilityStatus": "public",
118
- "forkcount": "0",
119
- "tags": [],
120
- "createdat": "2021-06-15T14:03:51",
121
- "forkLabel": "",
122
- "publisherName": "testteam",
123
- "name": "Test BlackLanternSecurity API Team Workspace",
124
- "dependencyCount": 7,
125
- "collectionCount": 6,
126
- "warehouse__updated_at": "2024-07-30 11:00:00",
127
- "privateNetworkFolders": [],
128
- "isPublisherVerified": False,
129
- "publisherType": "team",
130
- "curatedInList": [],
131
- "creatorId": "6900157",
132
- "description": "",
133
- "forklabel": "",
134
- "publisherId": "299401",
135
- "publisherLogo": "",
136
- "popularity": 5,
137
- "isPublic": True,
138
- "categories": [],
139
- "universaltags": "",
140
- "views": 5788,
141
- "summary": "Private test of BBOTs public API",
142
- "memberCount": 2,
143
- "isBlacklisted": False,
144
- "publisherid": "299401",
145
- "isPrivateNetworkEntity": False,
146
- "isDomainNonTrivial": True,
147
- "privateNetworkMeta": "",
148
- "updatedat": "2021-10-20T16:19:29",
149
- "documentType": "workspace",
150
- },
151
- "highlight": {"summary": "Private test of BBOTs Public API"},
152
- },
153
102
  ],
154
103
  "meta": {
155
104
  "queryText": "blacklanternsecurity",
156
105
  "total": {
157
106
  "collection": 0,
158
107
  "request": 0,
159
- "workspace": 2,
108
+ "workspace": 1,
160
109
  "api": 0,
161
110
  "team": 0,
162
111
  "user": 0,
@@ -165,7 +114,7 @@ class TestPostman_Download(ModuleTestBase):
165
114
  "privateNetworkFolder": 0,
166
115
  },
167
116
  "state": "AQ4",
168
- "spellCorrection": {"count": {"all": 2, "workspace": 2}, "correctedQueryText": None},
117
+ "spellCorrection": {"count": {"all": 1, "workspace": 1}, "correctedQueryText": None},
169
118
  "featureFlags": {
170
119
  "enabledPublicResultCuration": True,
171
120
  "boostByPopularity": True,
@@ -205,36 +154,6 @@ class TestPostman_Download(ModuleTestBase):
205
154
  ],
206
155
  },
207
156
  )
208
- module_test.httpx_mock.add_response(
209
- url="https://www.postman.com/_api/ws/proxy",
210
- match_content=b'{"service": "workspaces", "method": "GET", "path": "/workspaces?handle=testteam&slug=testing-bbot-api"}',
211
- json={
212
- "meta": {"model": "workspace", "action": "find", "nextCursor": ""},
213
- "data": [
214
- {
215
- "id": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
216
- "name": "Test BlackLanternSecurity API Team Workspace",
217
- "description": None,
218
- "summary": "Private test of BBOTs public API",
219
- "createdBy": "299401",
220
- "updatedBy": "299401",
221
- "team": None,
222
- "createdAt": "2021-10-20T16:19:29",
223
- "updatedAt": "2021-10-20T16:19:29",
224
- "visibilityStatus": "public",
225
- "profileInfo": {
226
- "slug": "bbot-public",
227
- "profileType": "team",
228
- "profileId": "000000",
229
- "publicHandle": "https://www.postman.com/testteam",
230
- "publicImageURL": "",
231
- "publicName": "testteam",
232
- "isVerified": False,
233
- },
234
- }
235
- ],
236
- },
237
- )
238
157
  module_test.httpx_mock.add_response(
239
158
  url="https://api.getpostman.com/workspaces/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b",
240
159
  match_headers={"X-Api-Key": "asdf"},
@@ -267,31 +186,6 @@ class TestPostman_Download(ModuleTestBase):
267
186
  }
268
187
  },
269
188
  )
270
- module_test.httpx_mock.add_response(
271
- url="https://api.getpostman.com/workspaces/a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
272
- json={
273
- "workspace": {
274
- "id": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
275
- "name": "Test BlackLanternSecurity API Team Workspace",
276
- "type": "personal",
277
- "description": None,
278
- "visibility": "public",
279
- "createdBy": "00000000",
280
- "updatedBy": "00000000",
281
- "createdAt": "2021-11-17T06:09:01.000Z",
282
- "updatedAt": "2021-11-17T08:57:16.000Z",
283
- "collections": [
284
- {
285
- "id": "f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
286
- "name": "BBOT Public",
287
- "uid": "10197090-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
288
- },
289
- ],
290
- "environments": [],
291
- "apis": [],
292
- }
293
- },
294
- )
295
189
  module_test.httpx_mock.add_response(
296
190
  url="https://www.postman.com/_api/workspace/3a7e4bdc-7ff7-4dd4-8eaa-61ddce1c3d1b/globals",
297
191
  json={
@@ -314,22 +208,6 @@ class TestPostman_Download(ModuleTestBase):
314
208
  },
315
209
  },
316
210
  )
317
- module_test.httpx_mock.add_response(
318
- url="https://www.postman.com/_api/workspace/a4dfe981-2593-4f0b-b4c3-5145e8640f7d/globals",
319
- json={
320
- "model_id": "8be7574b-219f-49e0-8d25-da447a882e4e",
321
- "meta": {"model": "globals", "action": "find"},
322
- "data": {
323
- "workspace": "a4dfe981-2593-4f0b-b4c3-5145e8640f7d",
324
- "lastUpdatedBy": "00000000",
325
- "lastRevision": 1637239113000,
326
- "id": "8be7574b-219f-49e0-8d25-da447a882e4e",
327
- "values": [],
328
- "createdAt": "2021-11-17T06:09:01.000Z",
329
- "updatedAt": "2021-11-18T12:38:33.000Z",
330
- },
331
- },
332
- )
333
211
  module_test.httpx_mock.add_response(
334
212
  url="https://api.getpostman.com/environments/10197090-f770f816-9c6a-40f7-bde3-c0855d2a1089",
335
213
  match_headers={"X-Api-Key": "asdf"},
@@ -387,44 +265,9 @@ class TestPostman_Download(ModuleTestBase):
387
265
  }
388
266
  },
389
267
  )
390
- module_test.httpx_mock.add_response(
391
- url="https://api.getpostman.com/collections/10197090-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
392
- json={
393
- "collection": {
394
- "info": {
395
- "_postman_id": "f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
396
- "name": "BBOT Public",
397
- "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
398
- "updatedAt": "2021-11-17T07:13:16.000Z",
399
- "createdAt": "2021-11-17T07:13:15.000Z",
400
- "lastUpdatedBy": "00000000",
401
- "uid": "00000000-f46bebfd-420a-4adf-97d1-6fb5a02cf7fc",
402
- },
403
- "item": [
404
- {
405
- "name": "Out of Scope API request",
406
- "id": "c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
407
- "protocolProfileBehavior": {"disableBodyPruning": True},
408
- "request": {
409
- "method": "POST",
410
- "header": [{"key": "Content-Type", "value": "application/json"}],
411
- "body": {
412
- "mode": "raw",
413
- "raw": '{"username": "test", "password": "Test"}',
414
- },
415
- "url": {"raw": "https://www.outofscope.com", "host": ["www.outofscope.com"]},
416
- "description": "",
417
- },
418
- "response": [],
419
- "uid": "10197090-c1bac38c-dfc9-4cc0-9c19-828cbc8543b1",
420
- },
421
- ],
422
- }
423
- },
424
- )
425
268
 
426
269
  def check(self, module_test, events):
427
- assert 2 == len(
270
+ assert 1 == len(
428
271
  [e for e in events if e.type == "CODE_REPOSITORY" and "postman" in e.tags and e.scope_distance == 1]
429
272
  ), "Failed to find blacklanternsecurity postman workspace"
430
273
  assert 1 == len(
bbot/test/test_step_2/module_tests/test_module_securitytxt.py CHANGED
@@ -21,9 +21,9 @@ class TestSecurityTxt(ModuleTestBase):
21
21
  )
22
22
 
23
23
  def check(self, module_test, events):
24
- assert any(
25
- e.type == "EMAIL_ADDRESS" and e.data == "joe.smith@blacklanternsecurity.notreal" for e in events
26
- ), "Failed to detect email address"
24
+ assert any(e.type == "EMAIL_ADDRESS" and e.data == "joe.smith@blacklanternsecurity.notreal" for e in events), (
25
+ "Failed to detect email address"
26
+ )
27
27
  assert not any(
28
28
  e.type == "URL_UNVERIFIED" and e.data == "https://blacklanternsecurity.notreal/.well-known/security.txt"
29
29
  for e in events
@@ -39,12 +39,12 @@ class TestSecurityTxtEmailsFalse(TestSecurityTxt):
39
39
 
40
40
  def check(self, module_test, events):
41
41
  assert not any(e.type == "EMAIL_ADDRESS" for e in events), "Detected email address when emails=False"
42
- assert any(
43
- e.type == "URL_UNVERIFIED" and e.data == "https://vdp.example.com/" for e in events
44
- ), "Failed to detect URL"
45
- assert any(
46
- e.type == "URL_UNVERIFIED" and e.data == "https://example.com/cert" for e in events
47
- ), "Failed to detect URL"
48
- assert any(
49
- e.type == "URL_UNVERIFIED" and e.data == "https://www.careers.example.com/" for e in events
50
- ), "Failed to detect URL"
42
+ assert any(e.type == "URL_UNVERIFIED" and e.data == "https://vdp.example.com/" for e in events), (
43
+ "Failed to detect URL"
44
+ )
45
+ assert any(e.type == "URL_UNVERIFIED" and e.data == "https://example.com/cert" for e in events), (
46
+ "Failed to detect URL"
47
+ )
48
+ assert any(e.type == "URL_UNVERIFIED" and e.data == "https://www.careers.example.com/" for e in events), (
49
+ "Failed to detect URL"
50
+ )