bbot 2.3.2.5841rc0__py3-none-any.whl → 2.3.2.5850rc0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of bbot might be problematic. Click here for more details.
- bbot/__init__.py +1 -1
- bbot/modules/internal/excavate.py +2 -2
- bbot/modules/telerik.py +1 -1
- bbot/presets/tech-detect.yml +11 -0
- bbot/test/test_step_2/module_tests/test_module_excavate.py +6 -0
- bbot/test/test_step_2/module_tests/test_module_telerik.py +6 -0
- {bbot-2.3.2.5841rc0.dist-info → bbot-2.3.2.5850rc0.dist-info}/METADATA +1 -1
- {bbot-2.3.2.5841rc0.dist-info → bbot-2.3.2.5850rc0.dist-info}/RECORD +11 -10
- {bbot-2.3.2.5841rc0.dist-info → bbot-2.3.2.5850rc0.dist-info}/LICENSE +0 -0
- {bbot-2.3.2.5841rc0.dist-info → bbot-2.3.2.5850rc0.dist-info}/WHEEL +0 -0
- {bbot-2.3.2.5841rc0.dist-info → bbot-2.3.2.5850rc0.dist-info}/entry_points.txt +0 -0
bbot/__init__.py
CHANGED
|
@@ -9,7 +9,7 @@ from bbot.errors import ExcavateError
|
|
|
9
9
|
import bbot.core.helpers.regexes as bbot_regexes
|
|
10
10
|
from bbot.modules.base import BaseInterceptModule
|
|
11
11
|
from bbot.modules.internal.base import BaseInternalModule
|
|
12
|
-
from urllib.parse import urlparse, urljoin, parse_qs, urlunparse
|
|
12
|
+
from urllib.parse import urlparse, urljoin, parse_qs, urlunparse, urldefrag
|
|
13
13
|
|
|
14
14
|
|
|
15
15
|
def find_subclasses(obj, base_class):
|
|
@@ -736,7 +736,7 @@ class excavate(BaseInternalModule, BaseInterceptModule):
|
|
|
736
736
|
continue
|
|
737
737
|
unescaped_url = html.unescape(m.group(1))
|
|
738
738
|
source_url = event.parsed_url.geturl()
|
|
739
|
-
final_url = urljoin(source_url, unescaped_url)
|
|
739
|
+
final_url = urldefrag(urljoin(source_url, unescaped_url)).url
|
|
740
740
|
if not await self.helpers.re.search(self.full_url_regex_strict, final_url):
|
|
741
741
|
self.excavate.debug(
|
|
742
742
|
f"Rejecting reconstructed URL [{final_url}] as did not match full_url_regex_strict"
|
bbot/modules/telerik.py
CHANGED
|
@@ -316,7 +316,7 @@ class telerik(BaseModule):
|
|
|
316
316
|
# The standard behavior for the spellcheck handler without parameters is a 500
|
|
317
317
|
if status_code == 500:
|
|
318
318
|
# Sometimes webapps will just return 500 for everything, so rule out the false positive
|
|
319
|
-
validate_result, _ = await self.test_detector(base_url, self.helpers.rand_string())
|
|
319
|
+
validate_result, _ = await self.test_detector(base_url, f"{self.helpers.rand_string()}.axd")
|
|
320
320
|
self.debug(validate_result)
|
|
321
321
|
validate_status_code = getattr(validate_result, "status_code", 0)
|
|
322
322
|
if validate_status_code not in (0, 500):
|
|
@@ -30,6 +30,7 @@ class TestExcavate(ModuleTestBase):
|
|
|
30
30
|
<a href="/a_relative.txt">
|
|
31
31
|
<link href="/link_relative.txt">
|
|
32
32
|
<a href="mailto:bob@evilcorp.org?subject=help">Help</a>
|
|
33
|
+
<li class="toctree-l3"><a class="reference internal" href="miscellaneous.html#x50-uart-driver">16x50 UART Driver</a></li>
|
|
33
34
|
"""
|
|
34
35
|
expect_args = {"method": "GET", "uri": "/"}
|
|
35
36
|
respond_args = {"response_data": response_data}
|
|
@@ -103,6 +104,11 @@ class TestExcavate(ModuleTestBase):
|
|
|
103
104
|
for e in events
|
|
104
105
|
)
|
|
105
106
|
|
|
107
|
+
assert any(
|
|
108
|
+
e.type == "URL_UNVERIFIED" and "miscellaneous.html" in e.data and "x50-uart-driver" not in e.data
|
|
109
|
+
for e in events
|
|
110
|
+
)
|
|
111
|
+
|
|
106
112
|
|
|
107
113
|
class TestExcavate2(TestExcavate):
|
|
108
114
|
targets = ["http://127.0.0.1:8888/", "test.notreal", "http://127.0.0.1:8888/subdir/"]
|
|
@@ -33,6 +33,11 @@ class TestTelerik(ModuleTestBase):
|
|
|
33
33
|
respond_args = {"status": 500}
|
|
34
34
|
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
35
35
|
|
|
36
|
+
# Simulate SpellCheckHandler false positive detection
|
|
37
|
+
expect_args = {"method": "GET", "uri": "/AAAAAAAAAAAAAA.axd"}
|
|
38
|
+
respond_args = {"status": 200}
|
|
39
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
40
|
+
|
|
36
41
|
# Simulate DialogHandler detection
|
|
37
42
|
expect_args = {"method": "GET", "uri": "/App_Master/Telerik.Web.UI.DialogHandler.aspx"}
|
|
38
43
|
respond_args = {
|
|
@@ -64,6 +69,7 @@ class TestTelerik(ModuleTestBase):
|
|
|
64
69
|
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
65
70
|
|
|
66
71
|
async def setup_after_prep(self, module_test):
|
|
72
|
+
module_test.scan.modules["telerik"].helpers.rand_string = lambda *args, **kwargs: "AAAAAAAAAAAAAA"
|
|
67
73
|
module_test.scan.modules["telerik"].telerikVersions = ["2014.2.724", "2014.3.1024", "2015.1.204"]
|
|
68
74
|
module_test.scan.modules["telerik"].DialogHandlerUrls = [
|
|
69
75
|
"Admin/ServerSide/Telerik.Web.UI.DialogHandler.aspx",
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: bbot
|
|
3
|
-
Version: 2.3.2.
|
|
3
|
+
Version: 2.3.2.5850rc0
|
|
4
4
|
Summary: OSINT automation for hackers.
|
|
5
5
|
License: GPL-3.0
|
|
6
6
|
Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
bbot/__init__.py,sha256=
|
|
1
|
+
bbot/__init__.py,sha256=Dd8OvlKbw7lMa6YePRQ8_qGg8d6GakM-ip4F9mO8Ut8,130
|
|
2
2
|
bbot/cli.py,sha256=hrzJX07sK3psSQWa461BXFuOxgCA94iztsw8syLdpNw,10830
|
|
3
3
|
bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
|
|
4
4
|
bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
|
|
@@ -122,7 +122,7 @@ bbot/modules/internal/aggregate.py,sha256=csWYIt2fUp9K_CRxP3bndUMIjpNIh8rmBubp5F
|
|
|
122
122
|
bbot/modules/internal/base.py,sha256=BXO4Hc7XKaAOaLzolF3krJX1KibPxtek2GTQUgnCHk0,387
|
|
123
123
|
bbot/modules/internal/cloudcheck.py,sha256=ay6MvZFbDvdhAlFPe_kEITM4wRsfRgQJf1DLBTcZ2jM,5138
|
|
124
124
|
bbot/modules/internal/dnsresolve.py,sha256=1fwWChIGpSEIIkswueiIhEwIahQ7YngZ-njFK-RIsfU,15679
|
|
125
|
-
bbot/modules/internal/excavate.py,sha256=
|
|
125
|
+
bbot/modules/internal/excavate.py,sha256=D5IDS6IQIRS5v5q3IbpDnL7k6MyGtV02zx6HUm1ZbHE,51983
|
|
126
126
|
bbot/modules/internal/speculate.py,sha256=NolqW2s8tokibc6gVM960KlrABkjhLB-7YlCdVx4O9s,9223
|
|
127
127
|
bbot/modules/internal/unarchive.py,sha256=X5lG8lh8vbwWNhQDCEADAHBZVcror5EZDLTUnvcuAuM,3723
|
|
128
128
|
bbot/modules/internetdb.py,sha256=Edg0Z84dH8dPTZMd7RlzvYBYNq8JHs_ns_ldnFxwRKo,5415
|
|
@@ -183,7 +183,7 @@ bbot/modules/social.py,sha256=SaXC8gK69k9aMNHS9y7b-Ag-w7U7DbeXqrZRx9CtXLw,2499
|
|
|
183
183
|
bbot/modules/sslcert.py,sha256=83rf_rzlj4iku3gldx1_R1L_v3ZCGItGPay8JviUy9w,8211
|
|
184
184
|
bbot/modules/subdomaincenter.py,sha256=aWjcIqGGWnAj2ePwcS4sgUJDUsq0trY3Klhr_lcc4dg,1424
|
|
185
185
|
bbot/modules/subdomainradar.py,sha256=YlRNMtNGLpa13KZ7aksAMVZdSjxe1tkywU5RXlwXpPc,6784
|
|
186
|
-
bbot/modules/telerik.py,sha256=
|
|
186
|
+
bbot/modules/telerik.py,sha256=lZQUf0mGFonNpOnvlS9315d9GiwqzWqL01HGlugZXh0,18939
|
|
187
187
|
bbot/modules/templates/bucket.py,sha256=muLPpfAGtcNhL0tLU-qHTlTNIz4yncRcVjdZMqVRtUI,7153
|
|
188
188
|
bbot/modules/templates/github.py,sha256=n6cVjf62ezkztCRAcXNnlxfCkB0VRWqn138mOOt6T08,1454
|
|
189
189
|
bbot/modules/templates/postman.py,sha256=MIpz2q_r6LP0kIEgByo7oX5qHhMZLOhr7oKzJI9Beec,6959
|
|
@@ -215,6 +215,7 @@ bbot/presets/nuclei/nuclei.yml,sha256=2kECEjHNAQTrrNOpBjnMeyevZ9TCwmfXk2tYsA8Wve
|
|
|
215
215
|
bbot/presets/spider-intense.yml,sha256=J3qMoEuHnhJufqcX5SN-cnbEJq_m18xbd7Ikbi55R7c,329
|
|
216
216
|
bbot/presets/spider.yml,sha256=-7HkEEZS_fFESPVzGi91eNf2ZwfAv1lU9oyFp0dhuZA,400
|
|
217
217
|
bbot/presets/subdomain-enum.yml,sha256=tn9h8TlVB_uS3nKZFUP72HzceoRONSef66mGLWzxj9w,414
|
|
218
|
+
bbot/presets/tech-detect.yml,sha256=0eEzviy33kZojXpUfKVK0lHhiQrNAopCMEJNL8Clunw,176
|
|
218
219
|
bbot/presets/web/dirbust-heavy.yml,sha256=NDqu7p0Hx1RsZCVnaEWRgI_iL9O0io-tvWerxJf36SM,653
|
|
219
220
|
bbot/presets/web/dirbust-light.yml,sha256=5zSANdjKfYh49kFlsElYY2G6acVrZFzDCEkyqwU6oOQ,203
|
|
220
221
|
bbot/presets/web/dotnet-audit.yml,sha256=FdUaBUftkzr9TX3evpJec3oZTSU4o77FVKwTgWqyxHU,438
|
|
@@ -322,7 +323,7 @@ bbot/test/test_step_2/module_tests/test_module_dockerhub.py,sha256=9T8CFcFP32MOp
|
|
|
322
323
|
bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=voi1C_v7VeaRe_-yzCybO9FUxnFf9qzWkoUY66KYiGI,8114
|
|
323
324
|
bbot/test/test_step_2/module_tests/test_module_emailformat.py,sha256=cKxBPnEQ4AiRKV_-hSYEE6756ypst3hi6MN0L5RTukY,461
|
|
324
325
|
bbot/test/test_step_2/module_tests/test_module_emails.py,sha256=bZjtO8N3GG2_g6SUEYprAFLcsi7SlwNPJJ0nODfrWYU,944
|
|
325
|
-
bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=
|
|
326
|
+
bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=eROTkAHYo5lLqJVAVpSl-wprp2-YNQkT9hcaqHEEf7I,43604
|
|
326
327
|
bbot/test/test_step_2/module_tests/test_module_extractous.py,sha256=PuTE5rkEIFPwU9lhCYpTgNSkrVjcXm8PClbfOkfRS84,17973
|
|
327
328
|
bbot/test/test_step_2/module_tests/test_module_ffuf.py,sha256=aSB49aN77sw-2LNTDHckiEEaHAn_85xCJno1shdOwus,2964
|
|
328
329
|
bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py,sha256=1KVSl_gQSud4ITgFHF4uh37WcIl4wnp7vqbOlrRsB88,7635
|
|
@@ -391,7 +392,7 @@ bbot/test/test_step_2/module_tests/test_module_subdomaincenter.py,sha256=KXprbHa
|
|
|
391
392
|
bbot/test/test_step_2/module_tests/test_module_subdomainradar.py,sha256=c6aUKr4yrGJqrQP0hOaP6Ao4-PQn1N_IlaqSw6E-xW8,10672
|
|
392
393
|
bbot/test/test_step_2/module_tests/test_module_subdomains.py,sha256=r1zCmw5ZZ_0wA7L7cDg9dpgdpRigjQXhf-Zm7P4ya9Q,1108
|
|
393
394
|
bbot/test/test_step_2/module_tests/test_module_teams.py,sha256=r91ZZxhj3pEhKnjr1jGwhcqOPXTqNJNupC1CDKccfH8,1638
|
|
394
|
-
bbot/test/test_step_2/module_tests/test_module_telerik.py,sha256=
|
|
395
|
+
bbot/test/test_step_2/module_tests/test_module_telerik.py,sha256=HnwXH-ql75RyxRbjPoOUmaqbBHPrPsgVnV_vLZR_zc0,11113
|
|
395
396
|
bbot/test/test_step_2/module_tests/test_module_trickest.py,sha256=6mTYH6fIah-WbKnFI-_WZBwRdKFi-oeWyVtl1n0nVAU,1630
|
|
396
397
|
bbot/test/test_step_2/module_tests/test_module_trufflehog.py,sha256=H8bvRfeUrDgIcJFxQIv3RyksSTKdjG8AsKOqK-2ISjU,95420
|
|
397
398
|
bbot/test/test_step_2/module_tests/test_module_txt.py,sha256=R-EBfEZM0jwY2yuVyfYhoccDOl0Y2uQZSkXQ1HyinUA,247
|
|
@@ -422,8 +423,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ZSIVebs7ptMvHx
|
|
|
422
423
|
bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
|
|
423
424
|
bbot/wordlists/valid_url_schemes.txt,sha256=0B_VAr9Dv7aYhwi6JSBDU-3M76vNtzN0qEC_RNLo7HE,3310
|
|
424
425
|
bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
|
|
425
|
-
bbot-2.3.2.
|
|
426
|
-
bbot-2.3.2.
|
|
427
|
-
bbot-2.3.2.
|
|
428
|
-
bbot-2.3.2.
|
|
429
|
-
bbot-2.3.2.
|
|
426
|
+
bbot-2.3.2.5850rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
|
|
427
|
+
bbot-2.3.2.5850rc0.dist-info/METADATA,sha256=T12fBGmTYQJAnVkp831mJl58fmN4h32UDoCwrsEYluM,18224
|
|
428
|
+
bbot-2.3.2.5850rc0.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
|
|
429
|
+
bbot-2.3.2.5850rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
|
|
430
|
+
bbot-2.3.2.5850rc0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|