bbot 2.4.2.6677rc0__py3-none-any.whl → 2.5.0.6715rc0__py3-none-any.whl

bbot/presets/web/lightfuzz-heavy.yml

@@ -12,5 +12,5 @@ modules:
 config:
   modules:
     lightfuzz:
-      enabled_submodules: [cmdi,crypto,nosqli,path,serial,sqli,ssti,xss]
+      enabled_submodules: [cmdi,crypto,path,serial,sqli,ssti,xss]
       disable_post: False

bbot/presets/web/lightfuzz-medium.yml

@@ -11,4 +11,4 @@ modules:
 config:
   modules:
     lightfuzz:
-      enabled_submodules: [cmdi,crypto,nosqli,path,serial,sqli,ssti,xss]
+      enabled_submodules: [cmdi,crypto,path,serial,sqli,ssti,xss]

bbot/presets/web/lightfuzz-superheavy.yml

@@ -8,6 +8,6 @@ config:
   modules:
     lightfuzz:
       force_common_headers: True # Fuzz common headers like X-Forwarded-For even if they're not observed on the target
-      enabled_submodules: [cmdi,crypto,nosqli,path,serial,sqli,ssti,xss]
+      enabled_submodules: [cmdi,crypto,path,serial,sqli,ssti,xss]
     excavate:
       speculate_params: True # speculate potential parameters extracted from JSON/XML web responses

bbot/scanner/preset/args.py

@@ -9,9 +9,18 @@ from bbot.core.helpers.misc import chain_lists, get_closest_match, get_keys_in_d
 log = logging.getLogger("bbot.presets.args")
 
 
+universal_module_options = {
+    "batch_size": "The number of events to process in a single batch (only applies to batch modules)",
+    "module_threads": "How many event handlers to run in parallel",
+    "module_timeout": "Max time in seconds to spend handling each event or batch of events",
+}
+
+
 class BBOTArgs:
     # module config options to exclude from validation
-    exclude_from_validation = re.compile(r".*modules\.[a-z0-9_]+\.(?:batch_size|module_threads)$")
+    exclude_from_validation = re.compile(
+        r".*modules\.[a-z0-9_]+\.(?:" + "|".join(universal_module_options.keys()) + ")$"
+    )
 
     scan_examples = [
         (

bbot/scanner/preset/preset.py

@@ -276,8 +276,6 @@ class Preset(metaclass=BasePreset):
         self.exclude_flags.update(set(exclude_flags))
         self.require_flags.update(set(require_flags))
 
-        # log.critical(f"{self.name}: verbose: {self.verbose}, debug: {self.debug}, silent: {self.silent}")
-
     @property
     def bbot_home(self):
         return Path(self.config.get("home", "~/.bbot")).expanduser().resolve()

bbot/scanner/scanner.py

@@ -245,8 +245,6 @@ class Scanner:
         self._cleanedup = False
         self._omitted_event_types = None
 
-        self.__loop = None
-        self._manager_worker_loop_tasks = []
         self.init_events_task = None
         self.ticker_task = None
         self.dispatcher_tasks = []
@@ -726,6 +724,7 @@ class Scanner:
                             scan_active_status.append(f"        - {task}:")
                     # scan_active_status.append(f"        incoming_queue_size: {m.num_incoming_events}")
                     # scan_active_status.append(f"        outgoing_queue_size: {m.outgoing_event_queue.qsize()}")
+
                 for line in scan_active_status:
                     self.debug(line)
 
@@ -834,8 +833,6 @@ class Scanner:
             tasks.append(self.ticker_task)
         # dispatcher
         tasks += self.dispatcher_tasks
-        # manager worker loops
-        tasks += self._manager_worker_loop_tasks
         self.helpers.cancel_tasks_sync(tasks)
         # process pool
         self.helpers.process_pool.shutdown(cancel_futures=True)

bbot/scripts/docs.py

@@ -181,6 +181,14 @@ def update_docs():
     assert len(bbot_output_module_table.splitlines()) > 10
     update_md_files("BBOT OUTPUT MODULES", bbot_output_module_table)
 
+    # BBOT universal module options
+    from bbot.scanner.preset.args import universal_module_options
+
+    universal_module_options_table = ""
+    for option, description in universal_module_options.items():
+        universal_module_options_table += f"**{option}**: {description}\n"
+    update_md_files("BBOT UNIVERSAL MODULE OPTIONS", universal_module_options_table)
+
     # BBOT module options
     bbot_module_options_table = DEFAULT_PRESET.module_loader.modules_options_table()
     assert len(bbot_module_options_table.splitlines()) > 100

bbot/test/test_step_1/test_scan.py

@@ -88,6 +88,63 @@ async def test_scan(
     assert len(scan6.dns_strings) == 1
 
 
+@pytest.mark.asyncio
+async def test_task_scan_handle_event_timeout(bbot_scanner):
+    from bbot.modules.base import BaseModule
+
+    # make a module that takes a long time to handle an event
+    class LongModule(BaseModule):
+        watched_events = ["IP_ADDRESS"]
+        handled_event = False
+        cancelled = False
+        _name = "long"
+
+        async def handle_event(self, event):
+            self.handled_event = True
+            try:
+                await self.helpers.sleep(99999999)
+            except asyncio.CancelledError:
+                self.cancelled = True
+                raise
+
+    # same thing but handle_batch
+    class LongBatchModule(BaseModule):
+        watched_events = ["IP_ADDRESS"]
+        handled_event = False
+        canceled = False
+        _name = "long_batch"
+        _batch_size = 2
+
+        async def handle_batch(self, *events):
+            self.handled_event = True
+            try:
+                await self.helpers.sleep(99999999)
+            except asyncio.CancelledError:
+                self.cancelled = True
+                raise
+
+    # scan with both modules
+    scan = bbot_scanner(
+        "127.0.0.1",
+        config={
+            "module_handle_event_timeout": 5,
+            "module_handle_batch_timeout": 5,
+        },
+    )
+    await scan._prep()
+    scan.modules["long"] = LongModule(scan=scan)
+    scan.modules["long_batch"] = LongBatchModule(scan=scan)
+    events = [e async for e in scan.async_start()]
+    assert events
+    assert any(e.data == "127.0.0.1" for e in events)
+    # make sure both modules were called
+    assert scan.modules["long"].handled_event
+    assert scan.modules["long_batch"].handled_event
+    # they should also be cancelled
+    assert scan.modules["long"].cancelled
+    assert scan.modules["long_batch"].cancelled
+
+
 @pytest.mark.asyncio
 async def test_url_extension_handling(bbot_scanner):
     scan = bbot_scanner(config={"url_extension_blacklist": ["css"], "url_extension_httpx_only": ["js"]})

bbot/test/test_step_2/module_tests/test_module_apkpure.py

@@ -1,9 +1,11 @@
 from pathlib import Path
 from .base import ModuleTestBase, tempapkfile
+from bbot.test.bbot_fixtures import bbot_test_dir
 
 
 class TestAPKPure(ModuleTestBase):
     modules_overrides = ["apkpure", "google_playstore", "speculate"]
+    config_overrides = {"modules": {"apkpure": {"output_folder": str(bbot_test_dir / "test_apkpure_files")}}}
     apk_file = tempapkfile()
 
     async def setup_after_prep(self, module_test):

bbot/test/test_step_2/module_tests/test_module_bucket_file_enum.py

@@ -1,10 +1,16 @@
 from .base import ModuleTestBase
+from bbot.test.bbot_fixtures import bbot_test_dir
 
 
 class TestBucket_File_Enum(ModuleTestBase):
     targets = ["http://127.0.0.1:8888"]
     modules_overrides = ["bucket_file_enum", "filedownload", "httpx", "excavate", "cloudcheck"]
-    config_overrides = {"scope": {"report_distance": 5}}
+
+    download_dir = bbot_test_dir / "test_bucket_file_enum"
+    config_overrides = {
+        "scope": {"report_distance": 5},
+        "modules": {"filedownload": {"output_folder": str(download_dir)}},
+    }
 
     open_bucket_url = "https://testbucket.s3.amazonaws.com/"
     open_bucket_body = """<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>testbucket</Name><Prefix></Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><IsTruncated>false</IsTruncated><Contents><Key>index.html</Key><LastModified>2023-05-22T23:04:38.000Z</LastModified><ETag>&quot;4a2d2d114f3abf90f8bd127c1f25095a&quot;</ETag><Size>5</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>test.pdf</Key><LastModified>2022-04-30T21:13:40.000Z</LastModified><ETag>&quot;723b0018c2f5a7ef06a34f84f6fa97e4&quot;</ETag><Size>388901</Size><StorageClass>STANDARD</StorageClass></Contents></ListBucketResult>"""
@@ -32,8 +38,7 @@ trailer <</Root 1 0 R>>"""
         )
 
     def check(self, module_test, events):
-        download_dir = module_test.scan.home / "filedownload"
-        files = list(download_dir.glob("*.pdf"))
+        files = list((self.download_dir / "filedownload").glob("*.pdf"))
         assert any(e.type == "URL_UNVERIFIED" and e.data.endswith("test.pdf") for e in events)
         assert not any(e.type == "URL_UNVERIFIED" and e.data.endswith("test.css") for e in events)
         assert any(f.name.endswith("test.pdf") for f in files), "Failed to download PDF file from open bucket"

bbot/test/test_step_2/module_tests/test_module_docker_pull.py

@@ -3,10 +3,12 @@ import tarfile
 from pathlib import Path
 
 from .base import ModuleTestBase
+from bbot.test.bbot_fixtures import bbot_test_dir
 
 
 class TestDockerPull(ModuleTestBase):
     modules_overrides = ["speculate", "dockerhub", "docker_pull"]
+    config_overrides = {"modules": {"docker_pull": {"output_folder": str(bbot_test_dir / "test_docker_files")}}}
 
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(

bbot/test/test_step_2/module_tests/test_module_filedownload.py

@@ -1,11 +1,15 @@
 from pathlib import Path
 from .base import ModuleTestBase
+from bbot.test.bbot_fixtures import bbot_test_dir
 
 
 class TestFileDownload(ModuleTestBase):
     targets = ["http://127.0.0.1:8888"]
     modules_overrides = ["filedownload", "httpx", "excavate", "speculate"]
-    config_overrides = {"web": {"spider_distance": 2, "spider_depth": 2}}
+    config_overrides = {
+        "web": {"spider_distance": 2, "spider_depth": 2},
+        "modules": {"filedownload": {"output_folder": str(bbot_test_dir / "test_filedownload_files")}},
+    }
 
     pdf_data = """%PDF-1.
 1 0 obj<</Pages 2 0 R>>endobj

bbot/test/test_step_2/module_tests/test_module_git_clone.py

@@ -6,10 +6,13 @@ import subprocess
 from pathlib import Path
 
 from .base import ModuleTestBase
+from bbot.test.bbot_fixtures import bbot_test_dir
 
 
 class TestGit_Clone(ModuleTestBase):
-    config_overrides = {"modules": {"git_clone": {"api_key": "asdf"}}}
+    config_overrides = {
+        "modules": {"git_clone": {"api_key": "asdf", "output_folder": str(bbot_test_dir / "test_git_files")}}
+    }
     modules_overrides = ["github_org", "speculate", "git_clone"]
 
     file_content = "https://admin:admin@the-internet.herokuapp.com/basic_auth"

bbot/test/test_step_2/module_tests/test_module_gitdumper.py

@@ -1,5 +1,6 @@
 from pathlib import Path
 from .base import ModuleTestBase
+from bbot.test.bbot_fixtures import bbot_test_dir
 
 
 class TestGitDumper_Dirlisting(ModuleTestBase):
@@ -8,6 +9,7 @@ class TestGitDumper_Dirlisting(ModuleTestBase):
     ]
 
     modules_overrides = ["git", "gitdumper", "httpx"]
+    config_overrides = {"modules": {"gitdumper": {"output_folder": str(bbot_test_dir / "test_output")}}}
 
     index_html = """<html>
         <head>

bbot/test/test_step_2/module_tests/test_module_lightfuzz.py

@@ -639,132 +639,6 @@ class Test_Lightfuzz_urlencoding(Test_Lightfuzz_xss_injs):
         assert xss_finding_emitted, "In Javascript XSS FINDING not emitted"
 
 
-class Test_Lightfuzz_nosqli_quoteescape(ModuleTestBase):
-    targets = ["http://127.0.0.1:8888"]
-    modules_overrides = ["httpx", "lightfuzz", "excavate"]
-    config_overrides = {
-        "interactsh_disable": True,
-        "modules": {
-            "lightfuzz": {
-                "enabled_submodules": ["nosqli"],
-            }
-        },
-    }
-
-    def request_handler(self, request):
-        normal_block = """
-            <section class="search-filters">
-                        <label>Refine your search:</label>
-                        <a class="filter-category" href="/?category=Pets">Pets</a>
-                    </section>
-        """
-
-        qs = str(request.query_string.decode())
-        if "category=" in qs:
-            value = qs.split("=")[1]
-            if "&" in value:
-                value = value.split("&")[0]
-            if value == "Pets%27":
-                return Response("JSON ERROR!", status=500)
-            elif value == "Pets%5C%27":
-                return Response("No results", status=200)
-            elif value == "Pets%27%20%26%26%200%20%26%26%20%27x":
-                return Response("No results", status=200)
-            elif value == "Pets%27%20%26%26%201%20%26%26%20%27x":
-                return Response('{"category":"Pets","entries":["dog","cat","bird"]}', status=200)
-            else:
-                return Response("No results", status=200)
-        return Response(normal_block, status=200)
-
-    async def setup_after_prep(self, module_test):
-        module_test.scan.modules["lightfuzz"].helpers.rand_string = lambda *args, **kwargs: "AAAAAAAAAAAAAA"
-        expect_args = re.compile("/")
-        module_test.set_expect_requests_handler(expect_args=expect_args, request_handler=self.request_handler)
-
-    def check(self, module_test, events):
-        nosqli_finding_emitted = False
-        finding_count = 0
-        for e in events:
-            if e.type == "FINDING":
-                finding_count += 1
-                if (
-                    "Possible NoSQL Injection. Parameter: [category] Parameter Type: [GETPARAM] Original Value: [Pets] Detection Method: [Quote/Escaped Quote + Conditional Affect]"
-                    in e.data["description"]
-                ):
-                    nosqli_finding_emitted = True
-        assert nosqli_finding_emitted, "NoSQLi FINDING not emitted"
-        assert finding_count == 1, "Unexpected FINDING events reported"
-
-
-class Test_Lightfuzz_nosqli_negation(Test_Lightfuzz_nosqli_quoteescape):
-    def request_handler(self, request):
-        form_block = """
-            <form method="POST" action="">
-            <label for="username">Username:</label>
-            <input type="text" id="username" name="username" required>
-            <br>
-            <label for="password">Password:</label>
-            <input type="password" id="password" name="password" required>
-            <br>
-            <button type="submit">Login</button>
-          </form>
-        """
-        if request.method == "GET":
-            return Response(form_block, status=200)
-
-        if "username[$ne]" in request.form.keys() and "password[$ne]" in request.form.keys():
-            return Response("Welcome, testuser1!", status=200)
-        if "username[$eq]" in request.form.keys() and "password[$eq]" in request.form.keys():
-            return Response("Invalid Username or Password!", status=200)
-        else:
-            return Response("Invalid Username or Password!", status=200)
-
-    def check(self, module_test, events):
-        nosqli_finding_emitted = False
-        finding_count = 0
-        for e in events:
-            if e.type == "FINDING":
-                finding_count += 1
-                if (
-                    "Possible NoSQL Injection. Parameter: [password] Parameter Type: [POSTPARAM] Detection Method: [Parameter Name Operator Injection - Negation ([$ne])] Differences: [body]"
-                    in e.data["description"]
-                ):
-                    nosqli_finding_emitted = True
-        assert nosqli_finding_emitted, "NoSQLi FINDING not emitted"
-        assert finding_count == 2, "Unexpected FINDING events reported"
-
-
-class Test_Lightfuzz_nosqli_negation_falsepositive(Test_Lightfuzz_nosqli_quoteescape):
-    def request_handler(self, request):
-        form_block = """
-            <form method="POST" action="">
-            <label for="username">Username:</label>
-            <input type="text" id="username" name="username" required>
-            <br>
-            <label for="password">Password:</label>
-            <input type="password" id="password" name="password" required>
-            <br>
-            <button type="submit">Login</button>
-          </form>
-        """
-        if request.method == "GET":
-            return Response(form_block, status=200)
-
-        if "username[$ne]" in request.form.keys() and "password[$ne]" in request.form.keys():
-            return Response("missing username or password", status=500)
-        if "username[$eq]" in request.form.keys() and "password[$eq]" in request.form.keys():
-            return Response("missing username or password", status=500)
-        else:
-            return Response("Invalid Username or Password!", status=200)
-
-    def check(self, module_test, events):
-        finding_count = 0
-        for e in events:
-            if e.type == "FINDING":
-                finding_count += 1
-        assert finding_count == 0, "False positive FINDING emitted"
-
-
 # SQLI Single Quote/Two Single Quote (getparam)
 class Test_Lightfuzz_sqli(ModuleTestBase):
     targets = ["http://127.0.0.1:8888"]
@@ -1040,8 +914,6 @@ class Test_Lightfuzz_sqli_cookies(Test_Lightfuzz_sqli):
         </html>
         """
 
-        print("@@@@@???")
-        print(request.cookies)
         if request.cookies.get("test") is not None:
             header_value = request.cookies.get("test")
 
@@ -1226,7 +1098,7 @@ class Test_Lightfuzz_serial_errorresolution(ModuleTestBase):
             if e.type == "FINDING":
                 if (
                     e.data["description"]
-                    == "POSSIBLE Unsafe Deserialization. Parameter: [TextBox1] Parameter Type: [POSTPARAM] Technique: [Error Resolution] Serialization Payload: [dotnet_base64]"
+                    == "POSSIBLE Unsafe Deserialization. Parameter: [TextBox1] Parameter Type: [POSTPARAM] Technique: [Error Resolution (Baseline: [500]  -> Probe: [200] )] Serialization Payload: [dotnet_base64]"
                 ):
                     lightfuzz_serial_detect_errorresolution = True
 
@@ -1326,7 +1198,7 @@ class Test_Lightfuzz_serial_errorresolution_existingvalue_valid(Test_Lightfuzz_s
                     excavate_detect_serialization_value = True
                 if (
                     e.data["description"]
-                    == "POSSIBLE Unsafe Deserialization. Parameter: [TextBox1] Parameter Type: [POSTPARAM] Original Value: [AAEAAAD/////AQAAAAAAAAAGAQAAAAdndXN0YXZvCw==] Technique: [Error Resolution] Serialization Payload: [dotnet_base64]"
+                    == "POSSIBLE Unsafe Deserialization. Parameter: [TextBox1] Parameter Type: [POSTPARAM] Original Value: [AAEAAAD/////AQAAAAAAAAAGAQAAAAdndXN0YXZvCw==] Technique: [Error Resolution (Baseline: [500]  -> Probe: [200] )] Serialization Payload: [dotnet_base64]"
                 ):
                     lightfuzz_serial_detect_errorresolution = True
 

bbot/test/test_step_2/module_tests/test_module_portscan.py

@@ -76,7 +76,7 @@ class TestPortscan(ModuleTestBase):
     def check(self, module_test, events):
         assert set(self.syn_scanned) == {"8.8.8.0/24", "8.8.4.0/24"}
         assert set(self.ping_scanned) == set()
-        assert self.syn_runs == 1
+        assert self.syn_runs >= 1
         assert self.ping_runs == 0
         assert 1 == len(
             [e for e in events if e.type == "DNS_NAME" and e.data == "evilcorp.com" and str(e.module) == "TARGET"]
@@ -133,7 +133,7 @@ class TestPortscanPingFirst(TestPortscan):
         assert set(self.syn_scanned) == {"8.8.8.8/32"}
         assert set(self.ping_scanned) == {"8.8.8.0/24", "8.8.4.0/24"}
         assert self.syn_runs == 1
-        assert self.ping_runs == 1
+        assert self.ping_runs >= 1
         open_port_events = [e for e in events if e.type == "OPEN_TCP_PORT"]
         assert len(open_port_events) == 3
         assert {e.data for e in open_port_events} == {"8.8.8.8:443", "evilcorp.com:443", "www.evilcorp.com:443"}
@@ -149,7 +149,7 @@ class TestPortscanPingOnly(TestPortscan):
         assert set(self.syn_scanned) == set()
         assert set(self.ping_scanned) == {"8.8.8.0/24", "8.8.4.0/24"}
         assert self.syn_runs == 0
-        assert self.ping_runs == 1
+        assert self.ping_runs >= 1
         open_port_events = [e for e in events if e.type == "OPEN_TCP_PORT"]
         assert len(open_port_events) == 0
         ip_events = [e for e in events if e.type == "IP_ADDRESS"]

bbot/test/test_step_2/module_tests/test_module_postman_download.py

@@ -1,8 +1,13 @@
 from .base import ModuleTestBase
+from bbot.test.bbot_fixtures import bbot_test_dir
 
 
 class TestPostman_Download(ModuleTestBase):
-    config_overrides = {"modules": {"postman_download": {"api_key": "asdf"}}}
+    config_overrides = {
+        "modules": {
+            "postman_download": {"api_key": "asdf", "output_folder": str(bbot_test_dir / "test_postman_files")}
+        }
+    }
     modules_overrides = ["postman", "postman_download", "speculate"]
 
     async def setup_before_prep(self, module_test):

bbot/test/test_step_2/module_tests/test_module_trufflehog.py

@@ -1,15 +1,24 @@
-import subprocess
-import shutil
 import io
+import shutil
 import zipfile
 import tarfile
+import subprocess
+from copy import copy
 from pathlib import Path
 
 from .base import ModuleTestBase
+from bbot.test.bbot_fixtures import bbot_test_dir
 
 
 class TestTrufflehog(ModuleTestBase):
-    config_overrides = {"modules": {"postman_download": {"api_key": "asdf"}}}
+    download_dir = bbot_test_dir / "test_trufflehog"
+    config_overrides = {
+        "modules": {
+            "postman_download": {"api_key": "asdf", "output_folder": str(download_dir)},
+            "docker_pull": {"output_folder": str(download_dir)},
+            "git_clone": {"output_folder": str(download_dir)},
+        }
+    }
     modules_overrides = [
         "github_org",
         "speculate",
@@ -1129,15 +1138,20 @@ class TestTrufflehog(ModuleTestBase):
             cwd=temp_repo_path,
         )
 
-        old_filter_event = module_test.scan.modules["git_clone"].filter_event
+        # we need this test to work offline, so we patch git_clone to pull from a local file:// path
+        old_handle_event = module_test.scan.modules["git_clone"].handle_event
 
-        def new_filter_event(event):
-            event.data["url"] = event.data["url"].replace(
-                "https://github.com/blacklanternsecurity", f"file://{temp_path}"
-            )
-            return old_filter_event(event)
+        async def new_handle_event(event):
+            if event.type == "CODE_REPOSITORY":
+                event = copy(event)
+                data = dict(event.data)
+                data["url"] = event.data["url"].replace(
+                    "https://github.com/blacklanternsecurity", f"file://{temp_path}"
+                )
+                event.data = data
+            return await old_handle_event(event)
 
-        module_test.monkeypatch.setattr(module_test.scan.modules["git_clone"], "filter_event", new_filter_event)
+        module_test.monkeypatch.setattr(module_test.scan.modules["git_clone"], "handle_event", new_handle_event)
 
     def check(self, module_test, events):
         vuln_events = [
@@ -1201,7 +1215,15 @@ class TestTrufflehog(ModuleTestBase):
 
 
 class TestTrufflehog_NonVerified(TestTrufflehog):
-    config_overrides = {"modules": {"trufflehog": {"only_verified": False}, "postman_download": {"api_key": "asdf"}}}
+    download_dir = bbot_test_dir / "test_trufflehog_nonverified"
+    config_overrides = {
+        "modules": {
+            "trufflehog": {"only_verified": False},
+            "docker_pull": {"output_folder": str(download_dir)},
+            "postman_download": {"api_key": "asdf", "output_folder": str(download_dir)},
+            "git_clone": {"output_folder": str(download_dir)},
+        }
+    }
 
     def check(self, module_test, events):
         finding_events = [
@@ -1279,7 +1301,11 @@ class TestTrufflehog_HTTPResponse(ModuleTestBase):
 class TestTrufflehog_RAWText(ModuleTestBase):
     targets = ["http://127.0.0.1:8888/test.pdf"]
     modules_overrides = ["httpx", "trufflehog", "filedownload", "extractous"]
-    config_overrides = {"modules": {"trufflehog": {"only_verified": False}}}
+
+    download_dir = bbot_test_dir / "test_trufflehog_rawtext"
+    config_overrides = {
+        "modules": {"trufflehog": {"only_verified": False}, "filedownload": {"output_folder": str(download_dir)}}
+    }
 
     async def setup_before_prep(self, module_test):
         expect_args = {

{bbot-2.4.2.6677rc0.dist-info → bbot-2.5.0.6715rc0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: bbot
-Version: 2.4.2.6677rc0
+Version: 2.5.0.6715rc0
 Summary: OSINT automation for hackers.
 License: GPL-3.0
 Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool