bbot 2.3.2.5855rc0__py3-none-any.whl → 2.3.2.5889rc0__py3-none-any.whl

bbot/__init__.py

@@ -1,4 +1,4 @@
 # version placeholder (replaced by poetry-dynamic-versioning)
-__version__ = "v2.3.2.5855rc"
+__version__ = "v2.3.2.5889rc"
 
 from .scanner import Scanner, Preset

bbot/core/helpers/web/web.py

@@ -232,7 +232,7 @@ class WebHelper(EngineClient):
         if success:
             return filename
 
-    async def wordlist(self, path, lines=None, **kwargs):
+    async def wordlist(self, path, lines=None, zip=False, zip_filename=None, **kwargs):
         """
         Asynchronous function for retrieving wordlists, either from a local path or a URL.
         Allows for optional line-based truncation and caching. Returns the full path of the wordlist
@@ -242,6 +242,9 @@ class WebHelper(EngineClient):
             path (str): The local or remote path of the wordlist.
             lines (int, optional): Number of lines to read from the wordlist.
                 If specified, will return a truncated wordlist with this many lines.
+            zip (bool, optional): Whether to unzip the file after downloading. Defaults to False.
+            zip_filename (str, optional): The name of the file to extract from the ZIP archive.
+                Required if zip is True.
             cache_hrs (float, optional): Number of hours to cache the downloaded wordlist.
                 Defaults to 720 hours (30 days) for remote wordlists.
             **kwargs: Additional keyword arguments to pass to the 'download' function for remote wordlists.
@@ -259,6 +262,8 @@ class WebHelper(EngineClient):
             Fetching and truncating to the first 100 lines
             >>> wordlist_path = await self.helpers.wordlist("/root/rockyou.txt", lines=100)
         """
+        import zipfile
+
         if not path:
             raise WordlistError(f"Invalid wordlist: {path}")
         if "cache_hrs" not in kwargs:
@@ -272,6 +277,18 @@ class WebHelper(EngineClient):
             if not filename.is_file():
                 raise WordlistError(f"Unable to find wordlist at {path}")
 
+        if zip:
+            if not zip_filename:
+                raise WordlistError("zip_filename must be specified when zip is True")
+            try:
+                with zipfile.ZipFile(filename, "r") as zip_ref:
+                    if zip_filename not in zip_ref.namelist():
+                        raise WordlistError(f"File {zip_filename} not found in the zip archive {filename}")
+                    zip_ref.extract(zip_filename, filename.parent)
+                    filename = filename.parent / zip_filename
+            except Exception as e:
+                raise WordlistError(f"Error unzipping file {filename}: {e}")
+
         if lines is None:
             return filename
         else:

bbot/modules/deadly/ffuf.py

@@ -17,6 +17,7 @@ class ffuf(BaseModule):
         "lines": 5000,
         "max_depth": 0,
         "extensions": "",
+        "ignore_case": False,
     }
 
     options_desc = {
@@ -24,6 +25,7 @@ class ffuf(BaseModule):
         "lines": "take only the first N lines from the wordlist when finding directories",
         "max_depth": "the maximum directory depth to attempt to solve",
         "extensions": "Optionally include a list of extensions to extend the keyword with (comma separated)",
+        "ignore_case": "Only put lowercase words into the wordlist",
     }
 
     deps_common = ["ffuf"]
@@ -301,11 +303,12 @@ class ffuf(BaseModule):
                                     ]
                                     if len(pre_emit_temp_canary) == 0:
                                         yield found_json
+
                                     else:
-                                        self.warning(
-                                            "Baseline changed mid-scan. This is probably due to a WAF turning on a block against you."
+                                        self.verbose(
+                                            f"Would have reported URL [{found_json['url']}], but baseline check failed. This could be due to a WAF turning on mid-scan, or an unusual web server configuration."
                                         )
-                                        self.warning(f"Aborting the current run against [{url}]")
+                                        self.verbose(f"Aborting the current run against [{url}]")
                                         return
 
                             yield found_json
@@ -328,7 +331,8 @@ class ffuf(BaseModule):
         return self.helpers.tempfile(virtual_file, pipe=False), len(virtual_file)
 
     def generate_wordlist(self, wordlist_file):
-        wordlist = []
+        wordlist_set = set()  # Use a set to avoid duplicates
+        ignore_case = self.config.get("ignore_case", False)  # Get the ignore_case option
         for line in self.helpers.read_file(wordlist_file):
             line = line.strip()
             if not line:
@@ -339,5 +343,7 @@ class ffuf(BaseModule):
             if any(x in line for x in self.banned_characters):
                 self.debug(f"Skipping adding [{line}] to wordlist because it has a banned character")
                 continue
-            wordlist.append(line)
-        return wordlist
+            if ignore_case:
+                line = line.lower()  # Convert to lowercase if ignore_case is enabled
+            wordlist_set.add(line)  # Add to set to handle duplicates
+        return list(wordlist_set)  # Convert set back to list before returning

bbot/modules/ffuf_shortnames.py

@@ -9,7 +9,6 @@ from bbot.modules.deadly.ffuf import ffuf
 class ffuf_shortnames(ffuf):
     watched_events = ["URL_HINT"]
     produced_events = ["URL_UNVERIFIED"]
-    deps_pip = ["numpy"]
     flags = ["aggressive", "active", "iis-shortnames", "web-thorough"]
     meta = {
         "description": "Use ffuf in combination IIS shortnames",
@@ -18,7 +17,6 @@ class ffuf_shortnames(ffuf):
     }
 
     options = {
-        "wordlist": "",  # default is defined within setup function
         "wordlist_extensions": "",  # default is defined within setup function
         "max_depth": 1,
         "version": "2.0.0",
@@ -26,11 +24,11 @@ class ffuf_shortnames(ffuf):
         "ignore_redirects": True,
         "find_common_prefixes": False,
         "find_delimiters": True,
+        "find_subwords": False,
         "max_predictions": 250,
     }
 
     options_desc = {
-        "wordlist": "Specify wordlist to use when finding directories",
         "wordlist_extensions": "Specify wordlist to use when making extension lists",
         "max_depth": "the maximum directory depth to attempt to solve",
         "version": "ffuf version",
@@ -38,21 +36,26 @@ class ffuf_shortnames(ffuf):
         "ignore_redirects": "Explicitly ignore redirects (301,302)",
         "find_common_prefixes": "Attempt to automatically detect common prefixes and make additional ffuf runs against them",
         "find_delimiters": "Attempt to detect common delimiters and make additional ffuf runs against them",
+        "find_subwords": "Attempt to detect subwords and make additional ffuf runs against them",
         "max_predictions": "The maximum number of predictions to generate per shortname prefix",
     }
 
+    deps_pip = ["numpy"]
     deps_common = ["ffuf"]
-
     in_scope_only = True
 
-    def generate_templist(self, prefix, shortname_type):
-        virtual_file = []
+    supplementary_words = ["html", "ajax", "xml", "json", "api"]
 
-        for prediction, score in self.predict(prefix, self.max_predictions, model=shortname_type):
-            self.debug(f"Got prediction: [{prediction}] from prefix [{prefix}] with score [{score}]")
-            virtual_file.append(prediction)
-        virtual_file.append(self.canary)
-        return self.helpers.tempfile(virtual_file, pipe=False), len(virtual_file)
+    def generate_templist(self, hint, shortname_type):
+        virtual_file = set()  # Use a set to avoid duplicates
+
+        for prediction, score in self.predict(hint, self.max_predictions, model=shortname_type):
+            prediction_lower = prediction.lower()  # Convert to lowercase
+            self.debug(f"Got prediction: [{prediction_lower}] from prefix [{hint}] with score [{score}]")
+            virtual_file.add(prediction_lower)  # Add to set to ensure uniqueness
+
+        virtual_file.add(self.canary.lower())  # Ensure canary is also lowercase
+        return self.helpers.tempfile(list(virtual_file), pipe=False), len(virtual_file)
 
     def predict(self, prefix, n=25, model="endpoint"):
         predictor_name = f"{model}_predictor"
@@ -92,6 +95,7 @@ class ffuf_shortnames(ffuf):
         self.wordlist_extensions = await self.helpers.wordlist(wordlist_extensions)
         self.ignore_redirects = self.config.get("ignore_redirects")
         self.max_predictions = self.config.get("max_predictions")
+        self.find_subwords = self.config.get("find_subwords")
 
         class MinimalWordPredictor:
             def __init__(self):
@@ -116,10 +120,11 @@ class ffuf_shortnames(ffuf):
                     return MinimalWordPredictor
                 return super().find_class(module, name)
 
-        endpoint_model = await self.helpers.download(
+        self.info("Loading ffuf_shortnames prediction models, could take a while if not cached")
+        endpoint_model = await self.helpers.wordlist(
             "https://raw.githubusercontent.com/blacklanternsecurity/wordpredictor/refs/heads/main/trained_models/endpoints.bin"
         )
-        directory_model = await self.helpers.download(
+        directory_model = await self.helpers.wordlist(
             "https://raw.githubusercontent.com/blacklanternsecurity/wordpredictor/refs/heads/main/trained_models/directories.bin"
         )
 
@@ -133,8 +138,24 @@ class ffuf_shortnames(ffuf):
             unpickler = CustomUnpickler(f)
             self.directory_predictor = unpickler.load()
 
+        self.subword_list = []
+        if self.find_subwords:
+            self.debug("Acquiring ffuf_shortnames subword list")
+            subwords = await self.helpers.wordlist(
+                "https://raw.githubusercontent.com/nltk/nltk_data/refs/heads/gh-pages/packages/corpora/words.zip",
+                zip=True,
+                zip_filename="words/en",
+            )
+            with open(subwords, "r") as f:
+                subword_list_content = f.readlines()
+            self.subword_list = {word.lower().strip() for word in subword_list_content if 3 <= len(word.strip()) <= 5}
+            self.debug(f"Created subword_list with {len(self.subword_list)} words")
+            self.subword_list = self.subword_list.union(self.supplementary_words)
+            self.debug(f"Extended subword_list with supplementary words, total size: {len(self.subword_list)}")
+
         self.per_host_collection = {}
         self.shortname_to_event = {}
+
         return True
 
     def build_extension_list(self, event):
@@ -159,10 +180,20 @@ class ffuf_shortnames(ffuf):
         return None
 
     async def filter_event(self, event):
+        if "iis-magic-url" in event.tags:
+            return False, "iis-magic-url URL_HINTs are not solvable by ffuf_shortnames"
         if event.parent.type != "URL":
             return False, "its parent event is not of type URL"
         return True
 
+    def find_subword(self, word):
+        for i in range(len(word), 2, -1):  # Start from full length down to 3 characters
+            candidate = word[:i]
+            if candidate in self.subword_list:
+                leftover = word[i:]
+                return candidate, leftover
+        return None, word  # No match found, return None and the original word
+
     async def handle_event(self, event):
         filename_hint = re.sub(r"~\d", "", event.parsed_url.path.rsplit(".", 1)[0].split("/")[-1]).lower()
 
@@ -256,6 +287,31 @@ class ffuf_shortnames(ffuf):
                                 context=f'{{module}} brute-forced {ext.upper()} files with detected prefix "{ffuf_prefix}" and found {{event.type}}: {{event.data}}',
                             )
 
+        if self.config.get("find_subwords"):
+            subword, suffix = self.find_subword(filename_hint)
+            if subword:
+                if "shortname-directory" in event.tags:
+                    tempfile, tempfile_len = self.generate_templist(suffix, "directory")
+                    async for r in self.execute_ffuf(tempfile, root_url, prefix=subword, exts=["/"]):
+                        await self.emit_event(
+                            r["url"],
+                            "URL_UNVERIFIED",
+                            parent=event,
+                            tags=[f"status-{r['status']}"],
+                            context=f'{{module}} brute-forced directories with detected subword "{subword}" and found {{event.type}}: {{event.data}}',
+                        )
+                elif "shortname-endpoint" in event.tags:
+                    for ext in used_extensions:
+                        tempfile, tempfile_len = self.generate_templist(suffix, "endpoint")
+                        async for r in self.execute_ffuf(tempfile, root_url, prefix=subword, suffix=f".{ext}"):
+                            await self.emit_event(
+                                r["url"],
+                                "URL_UNVERIFIED",
+                                parent=event,
+                                tags=[f"status-{r['status']}"],
+                                context=f'{{module}} brute-forced {ext.upper()} files with detected subword "{subword}" and found {{event.type}}: {{event.data}}',
+                            )
+
     async def finish(self):
         if self.config.get("find_common_prefixes"):
             per_host_collection = dict(self.per_host_collection)

bbot/modules/generic_ssrf.py

@@ -154,6 +154,12 @@ class generic_ssrf(BaseModule):
     produced_events = ["VULNERABILITY"]
     flags = ["active", "aggressive", "web-thorough"]
     meta = {"description": "Check for generic SSRFs", "created_date": "2022-07-30", "author": "@liquidsec"}
+    options = {
+        "skip_dns_interaction": False,
+    }
+    options_desc = {
+        "skip_dns_interaction": "Do not report DNS interactions (only HTTP interaction)",
+    }
     in_scope_only = True
 
     deps_apt = ["curl"]
@@ -163,7 +169,7 @@ class generic_ssrf(BaseModule):
         self.interactsh_subdomain_tags = {}
         self.parameter_subdomain_tags_map = {}
         self.severity = None
-        self.generic_only = self.config.get("generic_only", False)
+        self.skip_dns_interaction = self.config.get("skip_dns_interaction", False)
 
         if self.scan.config.get("interactsh_disable", False) is False:
             try:
@@ -191,6 +197,10 @@ class generic_ssrf(BaseModule):
             await s.test(event)
 
     async def interactsh_callback(self, r):
+        protocol = r.get("protocol").upper()
+        if protocol == "DNS" and self.skip_dns_interaction:
+            return
+
         full_id = r.get("full-id", None)
         subdomain_tag = full_id.split(".")[0]
 
@@ -204,24 +214,27 @@ class generic_ssrf(BaseModule):
                 matched_severity = match[2]
                 matched_echoed_response = str(match[3])
 
-                # Check if any SSRF parameter is in the DNS request
                 triggering_param = self.parameter_subdomain_tags_map.get(subdomain_tag, None)
                 description = f"Out-of-band interaction: [{matched_technique}]"
                 if triggering_param:
                     self.debug(f"Found triggering parameter: {triggering_param}")
                     description += f" [Triggering Parameter: {triggering_param}]"
-                description += f" [{r.get('protocol').upper()}] Echoed Response: {matched_echoed_response}"
+                description += f" [{protocol}] Echoed Response: {matched_echoed_response}"
 
                 self.debug(f"Emitting event with description: {description}")  # Debug the final description
 
+                event_type = "VULNERABILITY" if protocol == "HTTP" else "FINDING"
+                event_data = {
+                    "host": str(matched_event.host),
+                    "url": matched_event.data,
+                    "description": description,
+                }
+                if protocol == "HTTP":
+                    event_data["severity"] = matched_severity
+
                 await self.emit_event(
-                    {
-                        "severity": matched_severity,
-                        "host": str(matched_event.host),
-                        "url": matched_event.data,
-                        "description": description,
-                    },
-                    "VULNERABILITY",
+                    event_data,
+                    event_type,
                     matched_event,
                     context=f"{{module}} scanned {matched_event.data} and detected {{event.type}}: {matched_technique}",
                 )
@@ -241,7 +254,7 @@ class generic_ssrf(BaseModule):
 
     async def finish(self):
         if self.scan.config.get("interactsh_disable", False) is False:
-            await self.helpers.sleep(2)
+            await self.helpers.sleep(5)
             try:
                 for r in await self.interactsh_instance.poll():
                     await self.interactsh_callback(r)

bbot/presets/web/dotnet-audit.yml

@@ -17,6 +17,9 @@ config:
   modules:
     ffuf:
       extensions: asp,aspx,ashx,asmx,ascx
+      extensions_ignore_case: True
+    ffuf_shortnames:
+      find_subwords: True
     telerik:
       exploit_RAU_crypto: True
       include_subdirs: True # Run against every directory, not the default first received URL per-host

bbot/test/conftest.py

@@ -8,6 +8,8 @@ from pathlib import Path
 from contextlib import suppress
 from omegaconf import OmegaConf
 from pytest_httpserver import HTTPServer
+import time
+import queue
 
 from bbot.core import CORE
 from bbot.core.helpers.misc import execute_sync_or_async
@@ -53,6 +55,12 @@ def silence_live_logging():
             handler.setLevel(logging.CRITICAL)
 
 
+def stop_server(server):
+    server.stop()
+    while server.is_running():
+        time.sleep(0.1)  # Wait a bit before checking again
+
+
 @pytest.fixture
 def bbot_httpserver():
     server = HTTPServer(host="127.0.0.1", port=8888, threaded=True)
@@ -61,11 +69,7 @@ def bbot_httpserver():
     yield server
 
     server.clear()
-    if server.is_running():
-        server.stop()
-
-    # this is to check if the client has made any request where no
-    # `assert_request` was called on it from the test
+    stop_server(server)  # Ensure the server is fully stopped
 
     server.check_assertions()
     server.clear()
@@ -84,11 +88,7 @@ def bbot_httpserver_ssl():
     yield server
 
     server.clear()
-    if server.is_running():
-        server.stop()
-
-    # this is to check if the client has made any request where no
-    # `assert_request` was called on it from the test
+    stop_server(server)  # Ensure the server is fully stopped
 
     server.check_assertions()
     server.clear()
@@ -129,7 +129,7 @@ class Interactsh_mock:
     def __init__(self, name):
         self.name = name
         self.log = logging.getLogger(f"bbot.interactsh.{self.name}")
-        self.interactions = []
+        self.interactions = asyncio.Queue()  # Use an asyncio queue for async access
         self.correlation_id = "deadbeef-dead-beef-dead-beefdeadbeef"
         self.stop = False
         self.poll_task = None
@@ -138,7 +138,7 @@ class Interactsh_mock:
         self.log.info(f"Mocking interaction to subdomain tag: {subdomain_tag}")
         if msg is not None:
             self.log.info(msg)
-        self.interactions.append(subdomain_tag)
+        self.interactions.put_nowait(subdomain_tag)  # Add to the thread-safe queue
 
     async def register(self, callback=None):
         if callable(callback):
@@ -146,27 +146,32 @@ class Interactsh_mock:
         return "fakedomain.fakeinteractsh.com"
 
     async def deregister(self, callback=None):
+        await asyncio.sleep(1)
         self.stop = True
         if self.poll_task is not None:
             self.poll_task.cancel()
-            with suppress(BaseException):
+            with suppress(asyncio.CancelledError):
                 await self.poll_task
 
     async def poll_loop(self, callback=None):
         while not self.stop:
             data_list = await self.poll(callback)
             if not data_list:
-                await asyncio.sleep(1)
+                await asyncio.sleep(0.5)
                 continue
+        await asyncio.sleep(1)
+        await self.poll(callback)
 
     async def poll(self, callback=None):
         poll_results = []
-        for subdomain_tag in self.interactions:
-            result = {"full-id": f"{subdomain_tag}.fakedomain.fakeinteractsh.com", "protocol": "HTTP"}
-            poll_results.append(result)
-            if callback is not None:
-                await execute_sync_or_async(callback, result)
-        self.interactions = []
+        while not self.interactions.empty():
+            subdomain_tag = await self.interactions.get()  # Get the first element from the asyncio queue
+            for protocol in ["HTTP", "DNS"]:
+                result = {"full-id": f"{subdomain_tag}.fakedomain.fakeinteractsh.com", "protocol": protocol}
+                poll_results.append(result)
+                if callback is not None:
+                    await execute_sync_or_async(callback, result)
+            await asyncio.sleep(0.1)
         return poll_results
 
 

bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py

@@ -1,3 +1,4 @@
+import asyncio
 import re
 from .base import ModuleTestBase
 from werkzeug.wrappers import Response
@@ -171,7 +172,5 @@ class TestDotnetnuke_blindssrf(ModuleTestBase):
             if e.type == "VULNERABILITY" and "DotNetNuke Blind-SSRF (CVE 2017-0929)" in e.data["description"]:
                 dnn_dnnimagehandler_blindssrf = True
 
-        assert self.interactsh_mock_instance.interactions == []
-
         assert dnn_technology_detection, "DNN Technology Detection Failed"
         assert dnn_dnnimagehandler_blindssrf, "dnnimagehandler.ashx Blind SSRF Detection Failed"

bbot/test/test_step_2/module_tests/test_module_ffuf.py

@@ -45,6 +45,30 @@ class TestFFUF2(TestFFUF):
         assert not any(e.type == "URL_UNVERIFIED" and "11111111" in e.data for e in events)
 
 
+class TestFFUF_ignorecase(TestFFUF):
+    test_wordlist = ["11111111", "Admin", "admin", "zzzjunkword2"]
+    config_overrides = {
+        "modules": {"ffuf": {"wordlist": tempwordlist(test_wordlist), "extensions": "php", "ignore_case": True}}
+    }
+
+    async def setup_before_prep(self, module_test):
+        expect_args = {"method": "GET", "uri": "/admin"}
+        respond_args = {"response_data": "alive admin page"}
+        module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
+
+        expect_args = {"method": "GET", "uri": "/Admin"}
+        respond_args = {"response_data": "alive admin page"}
+        module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
+
+        expect_args = {"method": "GET", "uri": "/"}
+        respond_args = {"response_data": "alive"}
+        module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
+
+    def check(self, module_test, events):
+        assert any(e.type == "URL_UNVERIFIED" and "admin" in e.data for e in events)
+        assert not any(e.type == "URL_UNVERIFIED" and "Admin" in e.data for e in events)
+
+
 class TestFFUFHeaders(TestFFUF):
     test_wordlist = ["11111111", "console", "junkword1", "zzzjunkword2"]
     config_overrides = {

bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py

@@ -8,6 +8,7 @@ class TestFFUFShortnames(ModuleTestBase):
         "modules": {
             "ffuf_shortnames": {
                 "find_common_prefixes": True,
+                "find_subwords": True,
                 "wordlist": tempwordlist(test_wordlist),
             }
         }
@@ -142,6 +143,16 @@ class TestFFUFShortnames(ModuleTestBase):
                 tags=["shortname-endpoint"],
             )
         )
+
+        seed_events.append(
+            module_test.scan.make_event(
+                "http://127.0.0.1:8888/newpro~1.asp",
+                "URL_HINT",
+                parent_event,
+                module="iis_shortnames",
+                tags=["shortname-endpoint"],
+            )
+        )
         module_test.scan.target.seeds.events = set(seed_events)
 
         expect_args = {"method": "GET", "uri": "/administrator.aspx"}
@@ -172,6 +183,10 @@ class TestFFUFShortnames(ModuleTestBase):
         respond_args = {"response_data": "alive"}
         module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
 
+        expect_args = {"method": "GET", "uri": "/newproxy.aspx"}
+        respond_args = {"response_data": "alive"}
+        module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
+
     def check(self, module_test, events):
         basic_detection = False
         directory_detection = False
@@ -180,6 +195,7 @@ class TestFFUFShortnames(ModuleTestBase):
         directory_delimiter_detection = False
         prefix_delimiter_detection = False
         short_extensions_detection = False
+        subword_detection = False
 
         for e in events:
             if e.type == "URL_UNVERIFIED":
@@ -197,6 +213,8 @@ class TestFFUFShortnames(ModuleTestBase):
                     prefix_delimiter_detection = True
                 if e.data == "http://127.0.0.1:8888/short.pl":
                     short_extensions_detection = True
+                if e.data == "http://127.0.0.1:8888/newproxy.aspx":
+                    subword_detection = True
 
         assert basic_detection
         assert directory_detection
@@ -205,3 +223,4 @@ class TestFFUFShortnames(ModuleTestBase):
         assert directory_delimiter_detection
         assert prefix_delimiter_detection
         assert short_extensions_detection
+        assert subword_detection

bbot/test/test_step_2/module_tests/test_module_generic_ssrf.py

@@ -1,4 +1,5 @@
 import re
+import asyncio
 from werkzeug.wrappers import Response
 
 from .base import ModuleTestBase
@@ -23,15 +24,16 @@ class TestGeneric_SSRF(ModuleTestBase):
         elif request.method == "POST":
             subdomain_tag = extract_subdomain_tag(request.data.decode())
         if subdomain_tag:
-            self.interactsh_mock_instance.mock_interaction(
-                subdomain_tag, msg=f"{request.method}: {request.data.decode()}"
+            asyncio.run(
+                self.interactsh_mock_instance.mock_interaction(
+                    subdomain_tag, msg=f"{request.method}: {request.data.decode()}"
+                )
             )
 
         return Response("alive", status=200)
 
     async def setup_before_prep(self, module_test):
         self.interactsh_mock_instance = module_test.mock_interactsh("generic_ssrf")
-        self.interactsh_mock_instance.mock_interaction("asdf")
         module_test.monkeypatch.setattr(
             module_test.scan.helpers, "interactsh", lambda *args, **kwargs: self.interactsh_mock_instance
         )
@@ -41,6 +43,18 @@ class TestGeneric_SSRF(ModuleTestBase):
         module_test.set_expect_requests_handler(expect_args=expect_args, request_handler=self.request_handler)
 
     def check(self, module_test, events):
+        total_vulnerabilities = 0
+        total_findings = 0
+
+        for e in events:
+            if e.type == "VULNERABILITY":
+                total_vulnerabilities += 1
+            elif e.type == "FINDING":
+                total_findings += 1
+
+        assert total_vulnerabilities == 30, "Incorrect number of vulnerabilities detected"
+        assert total_findings == 30, "Incorrect number of findings detected"
+
         assert any(
             e.type == "VULNERABILITY"
             and "Out-of-band interaction: [Generic SSRF (GET)]"
@@ -55,3 +69,20 @@ class TestGeneric_SSRF(ModuleTestBase):
             e.type == "VULNERABILITY" and "Out-of-band interaction: [Generic XXE] [HTTP]" in e.data["description"]
             for e in events
         ), "Failed to detect Generic SSRF (XXE)"
+
+
+class TestGeneric_SSRF_httponly(TestGeneric_SSRF):
+    config_overrides = {"modules": {"generic_ssrf": {"skip_dns_interaction": True}}}
+
+    def check(self, module_test, events):
+        total_vulnerabilities = 0
+        total_findings = 0
+
+        for e in events:
+            if e.type == "VULNERABILITY":
+                total_vulnerabilities += 1
+            elif e.type == "FINDING":
+                total_findings += 1
+
+        assert total_vulnerabilities == 30, "Incorrect number of vulnerabilities detected"
+        assert total_findings == 0, "Incorrect number of findings detected"

bbot/test/test_step_2/module_tests/test_module_host_header.py

@@ -1,3 +1,4 @@
+import asyncio
 import re
 from werkzeug.wrappers import Response
 

{bbot-2.3.2.5855rc0.dist-info → bbot-2.3.2.5889rc0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: bbot
-Version: 2.3.2.5855rc0
+Version: 2.3.2.5889rc0
 Summary: OSINT automation for hackers.
 License: GPL-3.0
 Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool

{bbot-2.3.2.5855rc0.dist-info → bbot-2.3.2.5889rc0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-bbot/__init__.py,sha256=GYangEfD1f4_MA0LLwbhpk2RCgKo7FV5-VUt_2zsS-0,130
+bbot/__init__.py,sha256=s95CAchRkg61vjHu7w4wiXXBH-BYyVsWnZryET4F-Ng,130
 bbot/cli.py,sha256=hrzJX07sK3psSQWa461BXFuOxgCA94iztsw8syLdpNw,10830
 bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
 bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
@@ -42,7 +42,7 @@ bbot/core/helpers/web/__init__.py,sha256=pIEkL3DhjaGTSmZ7D3yKKYwWpntoLRILekV2wWs
 bbot/core/helpers/web/client.py,sha256=UTjNnsAz-bPO6GEc1lEm_ZhatwaVOIGG7nRIn7KdZAQ,3562
 bbot/core/helpers/web/engine.py,sha256=mzXpYmlB1pvNSXs8FuliGMv7myUwAcQWTtnMHqblMHA,8875
 bbot/core/helpers/web/ssl_context.py,sha256=aWVgl-d0HoE8B4EBKNxaa5UAzQmx79DjDByfBw9tezo,356
-bbot/core/helpers/web/web.py,sha256=0k5-GEudua_yJSPW5pmmIquElG1Z5oy3qxN5kOKGmlM,22766
+bbot/core/helpers/web/web.py,sha256=sesBGwqXRmePwQIScfg8PbrlCPMArQVj55E1aJsWctI,23685
 bbot/core/helpers/wordcloud.py,sha256=QM8Z1N01_hXrRFKQjvRL-IzOOC7ZMKjuSBID3u77Sxg,19809
 bbot/core/modules.py,sha256=U0Z2UoZAOPG9lLvR9Juc3UwdWCc_xbktF4t_NoiKPrY,31385
 bbot/core/multiprocess.py,sha256=ocQHanskJ09gHwe7RZmwNdZyCOQyeyUoIHCtLbtvXUk,1771
@@ -81,7 +81,7 @@ bbot/modules/code_repository.py,sha256=x70Z45VnNNMF8BPkHfGWZXsZXw_fStGB3y0-8jbP1
 bbot/modules/credshed.py,sha256=HAF5wgRGKIIpdMAe4mIAtkZRLmFYjMFyXtjjst6RJ20,4203
 bbot/modules/crt.py,sha256=6Zm90VKXwYYN6Sab0gwwhTARrtnQIqALJTVtFWMMTGk,1369
 bbot/modules/deadly/dastardly.py,sha256=dxPkJUfAsuddDDuI_uVyTUxkJ5eps92nSrPtpBOTlQg,5315
-bbot/modules/deadly/ffuf.py,sha256=ho1vLBh4Knf8lV5RLDcecCLQbWCl7GELvymQiuCfgF8,14236
+bbot/modules/deadly/ffuf.py,sha256=sCledEgIi1ZgAhb-XlwbLIH3wBD5dSELZAEun_pNLOk,14745
 bbot/modules/deadly/nuclei.py,sha256=hUoqdN_o3f1DQ30I6ltlW63NHT6OGhivoWi8gNlLMuQ,17808
 bbot/modules/deadly/vhost.py,sha256=m7RdR0w7Hs38IGVHUu_3Er-_5ABVdalRG_8znQepxD0,5456
 bbot/modules/dehashed.py,sha256=iyzWHmJs6zC7FsRhw9_AdkckQKCf_0oNnL9RwG409r0,5071
@@ -98,11 +98,11 @@ bbot/modules/dockerhub.py,sha256=JQkujjqvQRzQuvHjQ7JbFs_VlJj8dLRPRObAkBgUQhc,349
 bbot/modules/dotnetnuke.py,sha256=zipcHyNYr2FEecStb1Yrm938ps01RvHV8NnyqAvnGGc,10537
 bbot/modules/emailformat.py,sha256=RLPJW-xitYB-VT4Lp08qVzFkXx_kMyV_035JT_Yf4fM,1082
 bbot/modules/extractous.py,sha256=VSGKmHPAA_4r62jaN8Yqi3JcjehjxpI2lhe8i2j786s,4648
-bbot/modules/ffuf_shortnames.py,sha256=n6y3FBxgM7CwFBQVSfVYjuQaTOCgjaq2Q2LmdJz-P6Y,15302
+bbot/modules/ffuf_shortnames.py,sha256=iJnm6bvFyQXfzOGnUioficE6v59QkaErY7mo4m6m7o0,18618
 bbot/modules/filedownload.py,sha256=TOxftfxguaRSEKI8oG79XVRQqUGg1_IhYDYl_Jw9eYc,8694
 bbot/modules/fingerprintx.py,sha256=rdlR9d64AntAhbS_eJzh8bZCeLPTJPSKdkdKdhH_qAo,3269
 bbot/modules/fullhunt.py,sha256=zeehQb9akBSbHW9dF4icH8Vfd8LqoTrpIvnQEEMWes8,1311
-bbot/modules/generic_ssrf.py,sha256=xsST08_Ka816NmTbUvCC3i_OBZgaEFjDVVQGRuh2tlw,8813
+bbot/modules/generic_ssrf.py,sha256=KFdcHpUV9-Z7oN7emzbirimsNc2xZ_1IFqnsfIkEbcM,9196
 bbot/modules/git.py,sha256=CMDarsmBemZEzZSeQTzB70XD8IRdwdG39zXpwDdgZbw,1383
 bbot/modules/git_clone.py,sha256=XFZXx0k97EMY3E5PZzdNvqQzZddOfRMaVp5ol2gk11s,2468
 bbot/modules/github_codesearch.py,sha256=a-r2vE9N9WyBpFUiKCsg0TK4Qn7DaEGyVRTUKzkDLWA,3641
@@ -218,7 +218,7 @@ bbot/presets/subdomain-enum.yml,sha256=tn9h8TlVB_uS3nKZFUP72HzceoRONSef66mGLWzxj
 bbot/presets/tech-detect.yml,sha256=0eEzviy33kZojXpUfKVK0lHhiQrNAopCMEJNL8Clunw,176
 bbot/presets/web/dirbust-heavy.yml,sha256=NDqu7p0Hx1RsZCVnaEWRgI_iL9O0io-tvWerxJf36SM,653
 bbot/presets/web/dirbust-light.yml,sha256=5zSANdjKfYh49kFlsElYY2G6acVrZFzDCEkyqwU6oOQ,203
-bbot/presets/web/dotnet-audit.yml,sha256=FdUaBUftkzr9TX3evpJec3oZTSU4o77FVKwTgWqyxHU,438
+bbot/presets/web/dotnet-audit.yml,sha256=FViiccDXG08P3INNe06bLPeatejbw8Kb1HW5xgdUJNU,520
 bbot/presets/web/iis-shortnames.yml,sha256=EcYKMpl-cI8Xb79_u4wQS42yFXxDpLH9OqINcFUXoTE,176
 bbot/presets/web/paramminer.yml,sha256=VuiXkxrOAeqXlk9Gmuo938_REvbbTH6-lxTrlyWAvZ4,163
 bbot/presets/web-basic.yml,sha256=6YWSYclbuf9yr8-gILDpLvOUj5QjP4rlarm5_d5iBFw,79
@@ -239,7 +239,7 @@ bbot/scanner/target.py,sha256=EQwtFZLDeNlqt8JupyBEksqeQ_c_i3NARSWf3mQQC4k,12128
 bbot/scripts/docs.py,sha256=ZLY9-O6OeEElzOUvTglO5EMkRv1s4aEuxJb2CthCVsI,10782
 bbot/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bbot/test/bbot_fixtures.py,sha256=JZhqObsSQ5H2RJZCkq4eNaGo6DcxKYMPQ1XFcbE8vQg,9995
-bbot/test/conftest.py,sha256=SGyPKXAZNkDclnHs13rfYMq3GH3pqq8yTeGhzfvMuPk,11486
+bbot/test/conftest.py,sha256=dQhpZ-DMkcc0ANiBPvO2Th-QNTecfvMHn0nryL-96i4,11796
 bbot/test/coverage.cfg,sha256=ko9RacAYsJxWJCL8aEuNtkAOtP9lexYiDbeFWe8Tp8Y,31
 bbot/test/fastapi_test.py,sha256=9OhOFRyagXTshMsnuzuKIcR4uzS6VW65m7h9KgB4jSA,381
 bbot/test/owasp_mastg.apk,sha256=Hai_V9JmEJ-aB8Ab9xEaGXXOAfGQudkUvNOuPb75byE,66651
@@ -320,17 +320,17 @@ bbot/test/test_step_2/module_tests/test_module_dnsresolve.py,sha256=15LEcggP_eVY
 bbot/test/test_step_2/module_tests/test_module_dnstlsrpt.py,sha256=8xXSFo0vwKfehIqgF41tbEkL1vbp6RIB8kiO8TSH4NU,2648
 bbot/test/test_step_2/module_tests/test_module_docker_pull.py,sha256=-JSAo51dS3Ie9RaLBcWK0kfbg8bCPr7mohpFGAwOKPQ,27988
 bbot/test/test_step_2/module_tests/test_module_dockerhub.py,sha256=9T8CFcFP32MOppUmSVNBUSifnk2kMONqzW_7vvvKdpk,3907
-bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=voi1C_v7VeaRe_-yzCybO9FUxnFf9qzWkoUY66KYiGI,8114
+bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=ps2u_yeDXSkhALGqtg574C5-YvyueRJMjEIoSoTRThc,8064
 bbot/test/test_step_2/module_tests/test_module_emailformat.py,sha256=cKxBPnEQ4AiRKV_-hSYEE6756ypst3hi6MN0L5RTukY,461
 bbot/test/test_step_2/module_tests/test_module_emails.py,sha256=bZjtO8N3GG2_g6SUEYprAFLcsi7SlwNPJJ0nODfrWYU,944
 bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=eROTkAHYo5lLqJVAVpSl-wprp2-YNQkT9hcaqHEEf7I,43604
 bbot/test/test_step_2/module_tests/test_module_extractous.py,sha256=PuTE5rkEIFPwU9lhCYpTgNSkrVjcXm8PClbfOkfRS84,17973
-bbot/test/test_step_2/module_tests/test_module_ffuf.py,sha256=aSB49aN77sw-2LNTDHckiEEaHAn_85xCJno1shdOwus,2964
-bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py,sha256=1KVSl_gQSud4ITgFHF4uh37WcIl4wnp7vqbOlrRsB88,7635
+bbot/test/test_step_2/module_tests/test_module_ffuf.py,sha256=z8ihAM1WYss7QGXIjbi67cekg8iOemDjaM8YR9_qSEs,4100
+bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py,sha256=aq8ycPMJmFJJO6mqM2EaFZoKBEpm6Umfz05OMMwxu4Q,8354
 bbot/test/test_step_2/module_tests/test_module_filedownload.py,sha256=ZLPlBVs8CMWofLZAl63zdYMryVdYXykoaxE4jBGED8I,4304
 bbot/test/test_step_2/module_tests/test_module_fingerprintx.py,sha256=nU3jxbkGcmPYiSzc6thJhNvjAFb4qVxcR7rkOAvjB18,445
 bbot/test/test_step_2/module_tests/test_module_fullhunt.py,sha256=NblfNHQrE82j-cESvm66hpN-ooKZwR1kEwJDTk_BXac,1946
-bbot/test/test_step_2/module_tests/test_module_generic_ssrf.py,sha256=rUs2icFxc-u5GKdzvlpnV1IOa9lcrGVbP5G5cKmn3Yo,2214
+bbot/test/test_step_2/module_tests/test_module_generic_ssrf.py,sha256=ZhfZpH0QTl6_YftGoZzZk6_2x0ZDnWjZ7vNZMTibBHw,3228
 bbot/test/test_step_2/module_tests/test_module_git.py,sha256=gyBS3vZUWAyatGlcY26mGOYeqXSqJA5pbhJWgTmLqNo,1656
 bbot/test/test_step_2/module_tests/test_module_git_clone.py,sha256=Mo0Q7bCXcrkGWJc3-u5y4sdfC13ei-qj79aKvEbnkk4,13198
 bbot/test/test_step_2/module_tests/test_module_github_codesearch.py,sha256=M50xBiGG2EuPGXDJU6uFsSUE-fhqZl3CzYtNdszW7LM,4735
@@ -340,7 +340,7 @@ bbot/test/test_step_2/module_tests/test_module_gitlab.py,sha256=fnwE7BWTU6EQquKd
 bbot/test/test_step_2/module_tests/test_module_google_playstore.py,sha256=uTRqpAGI9HI-rOk_6jdV44OoSqi0QQQ3aTVzvuV0dtc,3034
 bbot/test/test_step_2/module_tests/test_module_gowitness.py,sha256=EH3NIMDA3XgZz1yffu-PnRCrlZJODakGPfzgnU7Ls_s,6501
 bbot/test/test_step_2/module_tests/test_module_hackertarget.py,sha256=ldhNKxGk5fwq87zVptQDyfQ-cn3FzbWvpadKEO3h4ic,609
-bbot/test/test_step_2/module_tests/test_module_host_header.py,sha256=w1x0MyKNiUol4hlw7CijhMwEMEL5aBddbZZjOcEgv_k,2672
+bbot/test/test_step_2/module_tests/test_module_host_header.py,sha256=-kod71F8OrWz9GhnXLo06jY6ISnh0EWs95bJTlY36ho,2687
 bbot/test/test_step_2/module_tests/test_module_http.py,sha256=KhsQvqpVa6zmMa79jV4liv_NAv25wrSaO6h_x0AA12c,2127
 bbot/test/test_step_2/module_tests/test_module_httpx.py,sha256=kUSJd0eu-e7rj1hnaQyUn5V01JJF7eUlsUjhVAqGvu0,5761
 bbot/test/test_step_2/module_tests/test_module_hunt.py,sha256=xSnPevrLgFe-umWjvF-X8hOavZCn1s1sClXKM3WBLpE,744
@@ -423,8 +423,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ZSIVebs7ptMvHx
 bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
 bbot/wordlists/valid_url_schemes.txt,sha256=0B_VAr9Dv7aYhwi6JSBDU-3M76vNtzN0qEC_RNLo7HE,3310
 bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
-bbot-2.3.2.5855rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
-bbot-2.3.2.5855rc0.dist-info/METADATA,sha256=8nDHIExmXjt2z4dZQim4aPWfY3EC4tz19YqRNSMbMHc,18224
-bbot-2.3.2.5855rc0.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
-bbot-2.3.2.5855rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
-bbot-2.3.2.5855rc0.dist-info/RECORD,,
+bbot-2.3.2.5889rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
+bbot-2.3.2.5889rc0.dist-info/METADATA,sha256=ARrEoX3gXC9hWPDf2FWNjfpfZpR6Ta9BCdSudw0fvMg,18224
+bbot-2.3.2.5889rc0.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
+bbot-2.3.2.5889rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
+bbot-2.3.2.5889rc0.dist-info/RECORD,,