bbot 2.3.0.5546rc0__py3-none-any.whl → 2.3.1__py3-none-any.whl

bbot/test/test_step_2/module_tests/test_module_teams.py

@@ -7,7 +7,7 @@ class TestTeams(DiscordBase):
     modules_overrides = ["teams", "excavate", "badsecrets", "httpx"]
 
     webhook_url = "https://evilcorp.webhook.office.com/webhookb2/deadbeef@deadbeef/IncomingWebhook/deadbeef/deadbeef"
-    config_overrides = {"modules": {"teams": {"webhook_url": webhook_url}}}
+    config_overrides = {"modules": {"teams": {"webhook_url": webhook_url, "retries": 5}}}
 
     async def setup_after_prep(self, module_test):
         self.custom_setup(module_test)
@@ -15,6 +15,8 @@ class TestTeams(DiscordBase):
         def custom_response(request: httpx.Request):
             module_test.request_count += 1
             if module_test.request_count == 2:
+                return httpx.Response(status_code=429, headers={"Retry-After": "0.01"})
+            elif module_test.request_count == 3:
                 return httpx.Response(
                     status_code=400,
                     json={
@@ -28,3 +30,10 @@ class TestTeams(DiscordBase):
                 return httpx.Response(status_code=200)
 
         module_test.httpx_mock.add_callback(custom_response, url=self.webhook_url)
+
+    def check(self, module_test, events):
+        vulns = [e for e in events if e.type == "VULNERABILITY"]
+        findings = [e for e in events if e.type == "FINDING"]
+        assert len(findings) == 1
+        assert len(vulns) == 2
+        assert module_test.request_count == 5

bbot/test/test_step_2/module_tests/test_module_trufflehog.py

@@ -848,7 +848,7 @@ class TestTrufflehog(ModuleTestBase):
     async def setup_after_prep(self, module_test):
         module_test.httpx_mock.add_response(
             url="https://www.postman.com/_api/ws/proxy",
-            match_content=b'{"service": "search", "method": "POST", "path": "/search-all", "body": {"queryIndices": ["collaboration.workspace"], "queryText": "blacklanternsecurity", "size": 100, "from": 0, "clientTraceId": "", "requestOrigin": "srp", "mergeEntities": "true", "nonNestedRequests": "true", "domain": "public"}}',
+            match_content=b'{"service": "search", "method": "POST", "path": "/search-all", "body": {"queryIndices": ["collaboration.workspace"], "queryText": "blacklanternsecurity", "size": 25, "from": 0, "clientTraceId": "", "requestOrigin": "srp", "mergeEntities": "true", "nonNestedRequests": "true", "domain": "public"}}',
             json={
                 "data": [
                     {

bbot/test/test_step_2/module_tests/test_module_unarchive.py

@@ -0,0 +1,229 @@
+import asyncio
+
+from pathlib import Path
+from .base import ModuleTestBase
+
+
+class TestUnarchive(ModuleTestBase):
+    targets = ["http://127.0.0.1:8888"]
+    modules_overrides = ["filedownload", "httpx", "excavate", "speculate", "unarchive"]
+
+    async def setup_after_prep(self, module_test):
+        temp_path = Path("/tmp/.bbot_test")
+
+        # Create a text file to compress
+        text_file = temp_path / "test.txt"
+        with open(text_file, "w") as f:
+            f.write("This is a test file")
+        zip_file = temp_path / "test.zip"
+        zip_zip_file = temp_path / "test_zip.zip"
+        bz2_file = temp_path / "test.bz2"
+        xz_file = temp_path / "test.xz"
+        zip7_file = temp_path / "test.7z"
+        # lzma_file = temp_path / "test.lzma"
+        tar_file = temp_path / "test.tar"
+        tgz_file = temp_path / "test.tgz"
+        commands = [
+            ("7z", "a", '-p""', "-aoa", f"{zip_file}", f"{text_file}"),
+            ("7z", "a", '-p""', "-aoa", f"{zip_zip_file}", f"{zip_file}"),
+            ("tar", "-C", f"{temp_path}", "-cvjf", f"{bz2_file}", f"{text_file.name}"),
+            ("tar", "-C", f"{temp_path}", "-cvJf", f"{xz_file}", f"{text_file.name}"),
+            ("7z", "a", '-p""', "-aoa", f"{zip7_file}", f"{text_file}"),
+            # ("tar", "-C", f"{temp_path}", "--lzma", "-cvf", f"{lzma_file}", f"{text_file.name}"),
+            ("tar", "-C", f"{temp_path}", "-cvf", f"{tar_file}", f"{text_file.name}"),
+            ("tar", "-C", f"{temp_path}", "-cvzf", f"{tgz_file}", f"{text_file.name}"),
+        ]
+
+        for command in commands:
+            process = await asyncio.create_subprocess_exec(
+                *command, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
+            )
+            stdout, stderr = await process.communicate()
+            assert process.returncode == 0, f"Command {command} failed with error: {stderr.decode()}"
+
+        module_test.set_expect_requests(
+            dict(uri="/"),
+            dict(
+                response_data="""<a href="/test.zip">
+                <a href="/test-zip.zip">
+                <a href="/test.bz2">
+                <a href="/test.xz">
+                <a href="/test.7z">
+                <a href="/test.tar">
+                <a href="/test.tgz">""",
+            ),
+        )
+        (
+            module_test.set_expect_requests(
+                dict(uri="/test.zip"),
+                dict(
+                    response_data=zip_file.read_bytes(),
+                    headers={"Content-Type": "application/zip"},
+                ),
+            ),
+        )
+        (
+            module_test.set_expect_requests(
+                dict(uri="/test-zip.zip"),
+                dict(
+                    response_data=zip_zip_file.read_bytes(),
+                    headers={"Content-Type": "application/zip"},
+                ),
+            ),
+        )
+        (
+            module_test.set_expect_requests(
+                dict(uri="/test.bz2"),
+                dict(
+                    response_data=bz2_file.read_bytes(),
+                    headers={"Content-Type": "application/x-bzip2"},
+                ),
+            ),
+        )
+        (
+            module_test.set_expect_requests(
+                dict(uri="/test.xz"),
+                dict(
+                    response_data=xz_file.read_bytes(),
+                    headers={"Content-Type": "application/x-xz"},
+                ),
+            ),
+        )
+        (
+            module_test.set_expect_requests(
+                dict(uri="/test.7z"),
+                dict(
+                    response_data=zip7_file.read_bytes(),
+                    headers={"Content-Type": "application/x-7z-compressed"},
+                ),
+            ),
+        )
+        # (
+        #     module_test.set_expect_requests(
+        #         dict(uri="/test.rar"),
+        #         dict(
+        #             response_data=b"Rar!\x1a\x07\x01\x003\x92\xb5\xe5\n\x01\x05\x06\x00\x05\x01\x01\x80\x80\x00\xa2N\x8ec&\x02\x03\x0b\x93\x00\x04\x93\x00\xa4\x83\x02\xc9\x11f\x06\x80\x00\x01\x08test.txt\n\x03\x13S\x96ug\x96\xf3\x1b\x06This is a test file\x1dwVQ\x03\x05\x04\x00",
+        #             headers={"Content-Type": "application/vnd.rar"},
+        #         ),
+        #     ),
+        # )
+        # (
+        #     module_test.set_expect_requests(
+        #         dict(uri="/test.lzma"),
+        #         dict(
+        #             response_data=lzma_file.read_bytes(),
+        #             headers={"Content-Type": "application/x-lzma"},
+        #         ),
+        #     ),
+        # )
+        (
+            module_test.set_expect_requests(
+                dict(uri="/test.tar"),
+                dict(
+                    response_data=tar_file.read_bytes(),
+                    headers={"Content-Type": "application/x-tar"},
+                ),
+            ),
+        )
+        (
+            module_test.set_expect_requests(
+                dict(uri="/test.tgz"),
+                dict(
+                    response_data=tgz_file.read_bytes(),
+                    headers={"Content-Type": "application/x-tgz"},
+                ),
+            ),
+        )
+
+    def check(self, module_test, events):
+        filesystem_events = [e for e in events if e.type == "FILESYSTEM"]
+
+        # ZIP
+        zip_file_event = [e for e in filesystem_events if "test.zip" in e.data["path"]]
+        assert 1 == len(zip_file_event), "No zip file found"
+        file = Path(zip_file_event[0].data["path"])
+        assert file.is_file(), f"File not found at {file}"
+        extract_event = [e for e in filesystem_events if "test_zip" in e.data["path"] and "folder" in e.tags]
+        assert 1 == len(extract_event), "Failed to extract zip"
+        extract_path = Path(extract_event[0].data["path"]) / "test.txt"
+        assert extract_path.is_file(), "Failed to extract the test file"
+
+        # Recursive ZIP
+        zip_zip_file_event = [e for e in filesystem_events if "test-zip.zip" in e.data["path"]]
+        assert 1 == len(zip_zip_file_event), "No recursive file found"
+        file = Path(zip_zip_file_event[0].data["path"])
+        assert file.is_file(), f"File not found at {file}"
+        extract_event = [e for e in filesystem_events if "test-zip_zip" in e.data["path"] and "folder" in e.tags]
+        assert 1 == len(extract_event), "Failed to extract zip"
+        extract_path = Path(extract_event[0].data["path"]) / "test" / "test.txt"
+        assert extract_path.is_file(), "Failed to extract the test file"
+
+        # BZ2
+        bz2_file_event = [e for e in filesystem_events if "test.bz2" in e.data["path"]]
+        assert 1 == len(bz2_file_event), "No bz2 file found"
+        file = Path(bz2_file_event[0].data["path"])
+        assert file.is_file(), f"File not found at {file}"
+        extract_event = [e for e in filesystem_events if "test_bz2" in e.data["path"] and "folder" in e.tags]
+        assert 1 == len(extract_event), "Failed to extract bz2"
+        extract_path = Path(extract_event[0].data["path"]) / "test.txt"
+        assert extract_path.is_file(), "Failed to extract the test file"
+
+        # XZ
+        xz_file_event = [e for e in filesystem_events if "test.xz" in e.data["path"]]
+        assert 1 == len(xz_file_event), "No xz file found"
+        file = Path(xz_file_event[0].data["path"])
+        assert file.is_file(), f"File not found at {file}"
+        extract_event = [e for e in filesystem_events if "test_xz" in e.data["path"] and "folder" in e.tags]
+        assert 1 == len(extract_event), "Failed to extract xz"
+        extract_path = Path(extract_event[0].data["path"]) / "test.txt"
+        assert extract_path.is_file(), "Failed to extract the test file"
+
+        # 7z
+        zip7_file_event = [e for e in filesystem_events if "test.7z" in e.data["path"]]
+        assert 1 == len(zip7_file_event), "No 7z file found"
+        file = Path(zip7_file_event[0].data["path"])
+        assert file.is_file(), f"File not found at {file}"
+        extract_event = [e for e in filesystem_events if "test_7z" in e.data["path"] and "folder" in e.tags]
+        assert 1 == len(extract_event), "Failed to extract 7z"
+        extract_path = Path(extract_event[0].data["path"]) / "test.txt"
+        assert extract_path.is_file(), "Failed to extract the test file"
+
+        # RAR
+        # rar_file_event = [e for e in filesystem_events if "test.rar" in e.data["path"]]
+        # assert 1 == len(rar_file_event), "No rar file found"
+        # file = Path(rar_file_event[0].data["path"])
+        # assert file.is_file(), f"File not found at {file}"
+        # extract_event = [e for e in filesystem_events if "test_rar" in e.data["path"] and "folder" in e.tags]
+        # assert 1 == len(extract_event), "Failed to extract rar"
+        # extract_path = Path(extract_event[0].data["path"]) / "test.txt"
+        # assert extract_path.is_file(), list(extract_path.parent.iterdir())
+
+        # LZMA
+        # lzma_file_event = [e for e in filesystem_events if "test.lzma" in e.data["path"]]
+        # assert 1 == len(lzma_file_event), "No lzma file found"
+        # file = Path(lzma_file_event[0].data["path"])
+        # assert file.is_file(), f"File not found at {file}"
+        # extract_event = [e for e in filesystem_events if "test_lzma" in e.data["path"] and "folder" in e.tags]
+        # assert 1 == len(extract_event), "Failed to extract lzma"
+        # extract_path = Path(extract_event[0].data["path"]) / "test.txt"
+        # assert extract_path.is_file(), "Failed to extract the test file"
+
+        # TAR
+        tar_file_event = [e for e in filesystem_events if "test.tar" in e.data["path"]]
+        assert 1 == len(tar_file_event), "No tar file found"
+        file = Path(tar_file_event[0].data["path"])
+        assert file.is_file(), f"File not found at {file}"
+        extract_event = [e for e in filesystem_events if "test_tar" in e.data["path"] and "folder" in e.tags]
+        assert 1 == len(extract_event), "Failed to extract tar"
+        extract_path = Path(extract_event[0].data["path"]) / "test.txt"
+        assert extract_path.is_file(), "Failed to extract the test file"
+
+        # TGZ
+        tgz_file_event = [e for e in filesystem_events if "test.tgz" in e.data["path"]]
+        assert 1 == len(tgz_file_event), "No tgz file found"
+        file = Path(tgz_file_event[0].data["path"])
+        assert file.is_file(), f"File not found at {file}"
+        extract_event = [e for e in filesystem_events if "test_tgz" in e.data["path"] and "folder" in e.tags]
+        assert 1 == len(extract_event), "Failed to extract tgz"
+        extract_path = Path(extract_event[0].data["path"]) / "test.txt"
+        assert extract_path.is_file(), "Failed to extract the test file"

bbot/test/test_step_2/module_tests/test_module_viewdns.py

@@ -9,9 +9,9 @@ class TestViewDNS(ModuleTestBase):
         )
 
     def check(self, module_test, events):
-        assert any(
-            e.data == "hyperloop.com" and "affiliate" in e.tags for e in events
-        ), "Failed to detect affiliate domain"
+        assert any(e.data == "hyperloop.com" and "affiliate" in e.tags for e in events), (
+            "Failed to detect affiliate domain"
+        )
 
 
 web_body = """<html>

bbot/test/test_step_2/module_tests/test_module_web_parameters.py

@@ -0,0 +1,59 @@
+from .test_module_excavate import TestExcavateParameterExtraction
+
+
+class TestWebParameters(TestExcavateParameterExtraction):
+    modules_overrides = ["excavate", "httpx", "web_parameters"]
+
+    def check(self, module_test, events):
+        parameters_file = module_test.scan.home / "web_parameters.txt"
+        with open(parameters_file) as f:
+            data = f.read()
+
+            assert "age" in data
+            assert "fit" in data
+            assert "id" in data
+            assert "jqueryget" in data
+            assert "jquerypost" in data
+            assert "size" in data
+
+            # after lightfuzz is merged uncomment these additional parameters
+            # assert "blog-post-author-display" in data
+            # assert "csrf" in data
+            # assert "q1" in data
+            # assert "q2" in data
+            # assert "q3" in data
+            # assert "test" in data
+
+
+class TestWebParameters_include_count(TestWebParameters):
+    config_overrides = {
+        "web": {"spider_distance": 1, "spider_depth": 1},
+        "modules": {"web_parameters": {"include_count": True}},
+    }
+
+    def check(self, module_test, events):
+        parameters_file = module_test.scan.home / "web_parameters.txt"
+        with open(parameters_file) as f:
+            data = f.read()
+            assert "2\tq" in data
+            assert "1\tage" in data
+            assert "1\tfit" in data
+            assert "1\tid" in data
+            assert "1\tjqueryget" in data
+            assert "1\tjquerypost" in data
+            assert "1\tsize" in data
+
+            # after lightfuzz is merged, these will be the correct parameters to check
+
+            # assert "3\ttest" in data
+            # assert "2\tblog-post-author-display" in data
+            # assert "2\tcsrf" in data
+            # assert "2\tq2" in data
+            # assert "1\tage" in data
+            # assert "1\tfit" in data
+            # assert "1\tid" in data
+            # assert "1\tjqueryget" in data
+            # assert "1\tjquerypost" in data
+            # assert "1\tq1" in data
+            # assert "1\tq3" in data
+            # assert "1\tsize" in data

bbot/test/test_step_2/module_tests/test_module_websocket.py

@@ -2,6 +2,7 @@ import json
 import asyncio
 import logging
 import websockets
+from websockets.asyncio.server import serve
 
 from .base import ModuleTestBase
 
@@ -10,16 +11,16 @@ log = logging.getLogger("bbot.testing")
 results = {"events": []}
 
 
-async def websocket_handler(websocket, path):
-    results["path"] = path
+async def websocket_handler(websocket):
+    results["path"] = websocket.request.path
     async for message in websocket:
         results["events"].append(message)
 
 
 # Define a coroutine for the server
 async def server_coroutine():
-    async with websockets.serve(websocket_handler, "127.0.0.1", 8765):
-        await asyncio.Future()  # run forever
+    async with serve(websocket_handler, "127.0.0.1", 8765) as server:
+        await server.serve_forever()
 
 
 class TestWebsocket(ModuleTestBase):

{bbot-2.3.0.5546rc0.dist-info → bbot-2.3.1.dist-info}/METADATA

@@ -1,8 +1,7 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.3
 Name: bbot
-Version: 2.3.0.5546rc0
+Version: 2.3.1
 Summary: OSINT automation for hackers.
-Home-page: https://github.com/blacklanternsecurity/bbot
 License: GPL-3.0
 Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool
 Author: TheTechromancer
@@ -21,7 +20,7 @@ Requires-Dist: ansible-runner (>=2.3.2,<3.0.0)
 Requires-Dist: beautifulsoup4 (>=4.12.2,<5.0.0)
 Requires-Dist: cachetools (>=5.3.2,<6.0.0)
 Requires-Dist: cloudcheck (>=7.0.12,<8.0.0)
-Requires-Dist: deepdiff (>=6.2.3,<8.0.0)
+Requires-Dist: deepdiff (>=8.0.0,<9.0.0)
 Requires-Dist: dnspython (>=2.4.2,<3.0.0)
 Requires-Dist: httpx (>=0.27.0,<0.28.0)
 Requires-Dist: idna (>=3.4,<4.0)
@@ -33,7 +32,7 @@ Requires-Dist: orjson (>=3.10.12,<4.0.0)
 Requires-Dist: psutil (>=5.9.4,<7.0.0)
 Requires-Dist: puremagic (>=1.28,<2.0)
 Requires-Dist: pycryptodome (>=3.17,<4.0)
-Requires-Dist: pydantic (>=2.4.2,<3.0.0)
+Requires-Dist: pydantic (>=2.9.2,<3.0.0)
 Requires-Dist: pyjwt (>=2.7.0,<3.0.0)
 Requires-Dist: pyzmq (>=26.0.3,<27.0.0)
 Requires-Dist: radixtarget (>=3.0.13,<4.0.0)
@@ -43,13 +42,14 @@ Requires-Dist: socksio (>=1.0.0,<2.0.0)
 Requires-Dist: tabulate (==0.8.10)
 Requires-Dist: tldextract (>=5.1.1,<6.0.0)
 Requires-Dist: unidecode (>=1.3.8,<2.0.0)
-Requires-Dist: websockets (>=11.0.2,<13.0.0)
+Requires-Dist: websockets (>=11.0.2,<15.0.0)
 Requires-Dist: wordninja (>=2.0.0,<3.0.0)
 Requires-Dist: xmltojson (>=2.0.2,<3.0.0)
 Requires-Dist: yara-python (>=4.5.1,<5.0.0)
 Project-URL: Documentation, https://www.blacklanternsecurity.com/bbot/
 Project-URL: Discord, https://discord.com/invite/PZqkgxu5SA
 Project-URL: Docker Hub, https://hub.docker.com/r/blacklanternsecurity/bbot
+Project-URL: Homepage, https://github.com/blacklanternsecurity/bbot
 Project-URL: Repository, https://github.com/blacklanternsecurity/bbot
 Description-Content-Type: text/markdown
 
@@ -274,7 +274,7 @@ include:
   - paramminer
   - dirbust-light
   - web-screenshots
-  - baddns-thorough
+  - baddns-intense
 
 config:
   modules: