bbot 2.3.2.5841rc0__py3-none-any.whl → 2.3.2.5848rc0__py3-none-any.whl

bbot/__init__.py

@@ -1,4 +1,4 @@
 # version placeholder (replaced by poetry-dynamic-versioning)
-__version__ = "v2.3.2.5841rc"
+__version__ = "v2.3.2.5848rc"
 
 from .scanner import Scanner, Preset

bbot/modules/internal/excavate.py

@@ -9,7 +9,7 @@ from bbot.errors import ExcavateError
 import bbot.core.helpers.regexes as bbot_regexes
 from bbot.modules.base import BaseInterceptModule
 from bbot.modules.internal.base import BaseInternalModule
-from urllib.parse import urlparse, urljoin, parse_qs, urlunparse
+from urllib.parse import urlparse, urljoin, parse_qs, urlunparse, urldefrag
 
 
 def find_subclasses(obj, base_class):
@@ -736,7 +736,7 @@ class excavate(BaseInternalModule, BaseInterceptModule):
                             continue
                         unescaped_url = html.unescape(m.group(1))
                         source_url = event.parsed_url.geturl()
-                        final_url = urljoin(source_url, unescaped_url)
+                        final_url = urldefrag(urljoin(source_url, unescaped_url)).url
                         if not await self.helpers.re.search(self.full_url_regex_strict, final_url):
                             self.excavate.debug(
                                 f"Rejecting reconstructed URL [{final_url}] as did not match full_url_regex_strict"

bbot/modules/telerik.py

@@ -316,7 +316,7 @@ class telerik(BaseModule):
             # The standard behavior for the spellcheck handler without parameters is a 500
             if status_code == 500:
                 # Sometimes webapps will just return 500 for everything, so rule out the false positive
-                validate_result, _ = await self.test_detector(base_url, self.helpers.rand_string())
+                validate_result, _ = await self.test_detector(base_url, f"{self.helpers.rand_string()}.axd")
                 self.debug(validate_result)
                 validate_status_code = getattr(validate_result, "status_code", 0)
                 if validate_status_code not in (0, 500):

bbot/test/test_step_2/module_tests/test_module_excavate.py

@@ -30,6 +30,7 @@ class TestExcavate(ModuleTestBase):
         <a href="/a_relative.txt">
         <link href="/link_relative.txt">
         <a href="mailto:bob@evilcorp.org?subject=help">Help</a>
+        <li class="toctree-l3"><a class="reference internal" href="miscellaneous.html#x50-uart-driver">16x50 UART Driver</a></li>
         """
         expect_args = {"method": "GET", "uri": "/"}
         respond_args = {"response_data": response_data}
@@ -103,6 +104,11 @@ class TestExcavate(ModuleTestBase):
             for e in events
         )
 
+        assert any(
+            e.type == "URL_UNVERIFIED" and "miscellaneous.html" in e.data and "x50-uart-driver" not in e.data
+            for e in events
+        )
+
 
 class TestExcavate2(TestExcavate):
     targets = ["http://127.0.0.1:8888/", "test.notreal", "http://127.0.0.1:8888/subdir/"]

bbot/test/test_step_2/module_tests/test_module_telerik.py

@@ -33,6 +33,11 @@ class TestTelerik(ModuleTestBase):
         respond_args = {"status": 500}
         module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
 
+        # Simulate SpellCheckHandler false positive detection
+        expect_args = {"method": "GET", "uri": "/AAAAAAAAAAAAAA.axd"}
+        respond_args = {"status": 200}
+        module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
+
         # Simulate DialogHandler detection
         expect_args = {"method": "GET", "uri": "/App_Master/Telerik.Web.UI.DialogHandler.aspx"}
         respond_args = {
@@ -64,6 +69,7 @@ class TestTelerik(ModuleTestBase):
         module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
 
     async def setup_after_prep(self, module_test):
+        module_test.scan.modules["telerik"].helpers.rand_string = lambda *args, **kwargs: "AAAAAAAAAAAAAA"
         module_test.scan.modules["telerik"].telerikVersions = ["2014.2.724", "2014.3.1024", "2015.1.204"]
         module_test.scan.modules["telerik"].DialogHandlerUrls = [
             "Admin/ServerSide/Telerik.Web.UI.DialogHandler.aspx",

{bbot-2.3.2.5841rc0.dist-info → bbot-2.3.2.5848rc0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: bbot
-Version: 2.3.2.5841rc0
+Version: 2.3.2.5848rc0
 Summary: OSINT automation for hackers.
 License: GPL-3.0
 Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool

{bbot-2.3.2.5841rc0.dist-info → bbot-2.3.2.5848rc0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-bbot/__init__.py,sha256=n2RgOCWmB1ynIcuyyyEpMtwCjYK76nV7QIwQJAzWyas,130
+bbot/__init__.py,sha256=ox6rkWeutc59aKWLExzovvzHmcp-j1jQ4K-S3ieVcwM,130
 bbot/cli.py,sha256=hrzJX07sK3psSQWa461BXFuOxgCA94iztsw8syLdpNw,10830
 bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
 bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
@@ -122,7 +122,7 @@ bbot/modules/internal/aggregate.py,sha256=csWYIt2fUp9K_CRxP3bndUMIjpNIh8rmBubp5F
 bbot/modules/internal/base.py,sha256=BXO4Hc7XKaAOaLzolF3krJX1KibPxtek2GTQUgnCHk0,387
 bbot/modules/internal/cloudcheck.py,sha256=ay6MvZFbDvdhAlFPe_kEITM4wRsfRgQJf1DLBTcZ2jM,5138
 bbot/modules/internal/dnsresolve.py,sha256=1fwWChIGpSEIIkswueiIhEwIahQ7YngZ-njFK-RIsfU,15679
-bbot/modules/internal/excavate.py,sha256=yhPX8wr0TKwH2iQg0l9yGLighKzdNfj3ljikThxzxsk,51957
+bbot/modules/internal/excavate.py,sha256=D5IDS6IQIRS5v5q3IbpDnL7k6MyGtV02zx6HUm1ZbHE,51983
 bbot/modules/internal/speculate.py,sha256=NolqW2s8tokibc6gVM960KlrABkjhLB-7YlCdVx4O9s,9223
 bbot/modules/internal/unarchive.py,sha256=X5lG8lh8vbwWNhQDCEADAHBZVcror5EZDLTUnvcuAuM,3723
 bbot/modules/internetdb.py,sha256=Edg0Z84dH8dPTZMd7RlzvYBYNq8JHs_ns_ldnFxwRKo,5415
@@ -183,7 +183,7 @@ bbot/modules/social.py,sha256=SaXC8gK69k9aMNHS9y7b-Ag-w7U7DbeXqrZRx9CtXLw,2499
 bbot/modules/sslcert.py,sha256=83rf_rzlj4iku3gldx1_R1L_v3ZCGItGPay8JviUy9w,8211
 bbot/modules/subdomaincenter.py,sha256=aWjcIqGGWnAj2ePwcS4sgUJDUsq0trY3Klhr_lcc4dg,1424
 bbot/modules/subdomainradar.py,sha256=YlRNMtNGLpa13KZ7aksAMVZdSjxe1tkywU5RXlwXpPc,6784
-bbot/modules/telerik.py,sha256=9F7-MrAiulM5W26JxydAJ6nqD_Di7_X6RoTpCb3S5FI,18930
+bbot/modules/telerik.py,sha256=lZQUf0mGFonNpOnvlS9315d9GiwqzWqL01HGlugZXh0,18939
 bbot/modules/templates/bucket.py,sha256=muLPpfAGtcNhL0tLU-qHTlTNIz4yncRcVjdZMqVRtUI,7153
 bbot/modules/templates/github.py,sha256=n6cVjf62ezkztCRAcXNnlxfCkB0VRWqn138mOOt6T08,1454
 bbot/modules/templates/postman.py,sha256=MIpz2q_r6LP0kIEgByo7oX5qHhMZLOhr7oKzJI9Beec,6959
@@ -322,7 +322,7 @@ bbot/test/test_step_2/module_tests/test_module_dockerhub.py,sha256=9T8CFcFP32MOp
 bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=voi1C_v7VeaRe_-yzCybO9FUxnFf9qzWkoUY66KYiGI,8114
 bbot/test/test_step_2/module_tests/test_module_emailformat.py,sha256=cKxBPnEQ4AiRKV_-hSYEE6756ypst3hi6MN0L5RTukY,461
 bbot/test/test_step_2/module_tests/test_module_emails.py,sha256=bZjtO8N3GG2_g6SUEYprAFLcsi7SlwNPJJ0nODfrWYU,944
-bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=DRqpCl6IQ2aeOkFzNejVjyQBJ7Q3GlShcuzv1HRWoyE,43305
+bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=eROTkAHYo5lLqJVAVpSl-wprp2-YNQkT9hcaqHEEf7I,43604
 bbot/test/test_step_2/module_tests/test_module_extractous.py,sha256=PuTE5rkEIFPwU9lhCYpTgNSkrVjcXm8PClbfOkfRS84,17973
 bbot/test/test_step_2/module_tests/test_module_ffuf.py,sha256=aSB49aN77sw-2LNTDHckiEEaHAn_85xCJno1shdOwus,2964
 bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py,sha256=1KVSl_gQSud4ITgFHF4uh37WcIl4wnp7vqbOlrRsB88,7635
@@ -391,7 +391,7 @@ bbot/test/test_step_2/module_tests/test_module_subdomaincenter.py,sha256=KXprbHa
 bbot/test/test_step_2/module_tests/test_module_subdomainradar.py,sha256=c6aUKr4yrGJqrQP0hOaP6Ao4-PQn1N_IlaqSw6E-xW8,10672
 bbot/test/test_step_2/module_tests/test_module_subdomains.py,sha256=r1zCmw5ZZ_0wA7L7cDg9dpgdpRigjQXhf-Zm7P4ya9Q,1108
 bbot/test/test_step_2/module_tests/test_module_teams.py,sha256=r91ZZxhj3pEhKnjr1jGwhcqOPXTqNJNupC1CDKccfH8,1638
-bbot/test/test_step_2/module_tests/test_module_telerik.py,sha256=fnOzpw9VbqSj1o7ERpq9cS1UJqE0BYxM2GHzILwyFPs,10742
+bbot/test/test_step_2/module_tests/test_module_telerik.py,sha256=HnwXH-ql75RyxRbjPoOUmaqbBHPrPsgVnV_vLZR_zc0,11113
 bbot/test/test_step_2/module_tests/test_module_trickest.py,sha256=6mTYH6fIah-WbKnFI-_WZBwRdKFi-oeWyVtl1n0nVAU,1630
 bbot/test/test_step_2/module_tests/test_module_trufflehog.py,sha256=H8bvRfeUrDgIcJFxQIv3RyksSTKdjG8AsKOqK-2ISjU,95420
 bbot/test/test_step_2/module_tests/test_module_txt.py,sha256=R-EBfEZM0jwY2yuVyfYhoccDOl0Y2uQZSkXQ1HyinUA,247
@@ -422,8 +422,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ZSIVebs7ptMvHx
 bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
 bbot/wordlists/valid_url_schemes.txt,sha256=0B_VAr9Dv7aYhwi6JSBDU-3M76vNtzN0qEC_RNLo7HE,3310
 bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
-bbot-2.3.2.5841rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
-bbot-2.3.2.5841rc0.dist-info/METADATA,sha256=OMpVJcg6MVr5PXSNz1ZH3x2_jGgp4VYhEXEENfYMRK0,18224
-bbot-2.3.2.5841rc0.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
-bbot-2.3.2.5841rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
-bbot-2.3.2.5841rc0.dist-info/RECORD,,
+bbot-2.3.2.5848rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
+bbot-2.3.2.5848rc0.dist-info/METADATA,sha256=522S15zlGBhieGJp77Tjz3Jkrbj7ckBbYsLlpgMpiDI,18224
+bbot-2.3.2.5848rc0.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
+bbot-2.3.2.5848rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
+bbot-2.3.2.5848rc0.dist-info/RECORD,,