bbot 2.5.0.6742rc0__py3-none-any.whl → 2.5.0.6765rc0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of bbot might be problematic. Click here for more details.
- bbot/__init__.py +1 -1
- bbot/core/helpers/names_generator.py +2 -0
- bbot/modules/aspnet_bin_exposure.py +80 -0
- bbot/modules/hunt.py +10 -3
- bbot/modules/iis_shortnames.py +16 -0
- bbot/presets/web/dotnet-audit.yml +1 -0
- bbot/test/test_step_2/module_tests/test_module_aspnet_bin_exposure.py +73 -0
- bbot/test/test_step_2/module_tests/test_module_iis_shortnames.py +46 -1
- {bbot-2.5.0.6742rc0.dist-info → bbot-2.5.0.6765rc0.dist-info}/METADATA +1 -1
- {bbot-2.5.0.6742rc0.dist-info → bbot-2.5.0.6765rc0.dist-info}/RECORD +13 -11
- {bbot-2.5.0.6742rc0.dist-info → bbot-2.5.0.6765rc0.dist-info}/LICENSE +0 -0
- {bbot-2.5.0.6742rc0.dist-info → bbot-2.5.0.6765rc0.dist-info}/WHEEL +0 -0
- {bbot-2.5.0.6742rc0.dist-info → bbot-2.5.0.6765rc0.dist-info}/entry_points.txt +0 -0
bbot/__init__.py
CHANGED
|
@@ -173,6 +173,7 @@ adjectives = [
|
|
|
173
173
|
"pasty",
|
|
174
174
|
"peckish",
|
|
175
175
|
"pedantic",
|
|
176
|
+
"pensive",
|
|
176
177
|
"pernicious",
|
|
177
178
|
"perturbed",
|
|
178
179
|
"perverted",
|
|
@@ -671,6 +672,7 @@ names = [
|
|
|
671
672
|
"tracy",
|
|
672
673
|
"travis",
|
|
673
674
|
"treebeard",
|
|
675
|
+
"trent",
|
|
674
676
|
"triss",
|
|
675
677
|
"tyler",
|
|
676
678
|
"tyrell",
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
from bbot.modules.base import BaseModule
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
class aspnet_bin_exposure(BaseModule):
|
|
5
|
+
watched_events = ["URL"]
|
|
6
|
+
produced_events = ["VULNERABILITY"]
|
|
7
|
+
flags = ["active", "safe", "web-thorough"]
|
|
8
|
+
meta = {
|
|
9
|
+
"description": "Check for ASP.NET Security Feature Bypasses (CVE-2023-36899 and CVE-2023-36560)",
|
|
10
|
+
"created_date": "2025-01-28",
|
|
11
|
+
"author": "@liquidsec",
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
in_scope_only = True
|
|
15
|
+
test_dlls = [
|
|
16
|
+
"Telerik.Web.UI.dll",
|
|
17
|
+
"Newtonsoft.Json.dll",
|
|
18
|
+
"System.Net.Http.dll",
|
|
19
|
+
"EntityFramework.dll",
|
|
20
|
+
"AjaxControlToolkit.dll",
|
|
21
|
+
]
|
|
22
|
+
|
|
23
|
+
@staticmethod
|
|
24
|
+
def normalize_url(url):
|
|
25
|
+
return str(url.rstrip("/") + "/").lower()
|
|
26
|
+
|
|
27
|
+
def _incoming_dedup_hash(self, event):
|
|
28
|
+
return hash(self.normalize_url(event.data))
|
|
29
|
+
|
|
30
|
+
async def handle_event(self, event):
|
|
31
|
+
normalized_url = self.normalize_url(event.data)
|
|
32
|
+
for test_dll in self.test_dlls:
|
|
33
|
+
for technique in ["b/(S(X))in/###DLL_PLACEHOLDER###/(S(X))/", "(S(X))/b/(S(X))in/###DLL_PLACEHOLDER###"]:
|
|
34
|
+
test_url = f"{normalized_url}{technique.replace('###DLL_PLACEHOLDER###', test_dll)}"
|
|
35
|
+
self.debug(f"Sending test URL: [{test_url}]")
|
|
36
|
+
kwargs = {"method": "GET", "allow_redirects": False, "timeout": 10}
|
|
37
|
+
test_result = await self.helpers.request(test_url, **kwargs)
|
|
38
|
+
if test_result:
|
|
39
|
+
if test_result.status_code == 200 and (
|
|
40
|
+
"content-type" in test_result.headers
|
|
41
|
+
and "application/x-msdownload" in test_result.headers["content-type"]
|
|
42
|
+
):
|
|
43
|
+
self.debug(
|
|
44
|
+
f"Got positive result for probe with test url: [{test_url}]. Status Code: [{test_result.status_code}] Content Length: [{len(test_result.content)}]"
|
|
45
|
+
)
|
|
46
|
+
|
|
47
|
+
if test_result.status_code == 200 and (
|
|
48
|
+
"content-type" in test_result.headers
|
|
49
|
+
and "application/x-msdownload" in test_result.headers["content-type"]
|
|
50
|
+
):
|
|
51
|
+
confirm_url = (
|
|
52
|
+
f"{normalized_url}{technique.replace('###DLL_PLACEHOLDER###', 'oopsnotarealdll.dll')}"
|
|
53
|
+
)
|
|
54
|
+
confirm_result = await self.helpers.request(confirm_url, **kwargs)
|
|
55
|
+
|
|
56
|
+
if confirm_result and (
|
|
57
|
+
confirm_result.status_code != 200
|
|
58
|
+
or not (
|
|
59
|
+
"content-type" in confirm_result.headers
|
|
60
|
+
and "application/x-msdownload" in confirm_result.headers["content-type"]
|
|
61
|
+
)
|
|
62
|
+
):
|
|
63
|
+
description = f"IIS Bin Directory DLL Exposure. Detection Url: [{test_url}]"
|
|
64
|
+
await self.emit_event(
|
|
65
|
+
{
|
|
66
|
+
"severity": "HIGH",
|
|
67
|
+
"host": str(event.host),
|
|
68
|
+
"url": normalized_url,
|
|
69
|
+
"description": description,
|
|
70
|
+
},
|
|
71
|
+
"VULNERABILITY",
|
|
72
|
+
event,
|
|
73
|
+
context="{module} detected IIS Bin Directory DLL Exposure vulnerability",
|
|
74
|
+
)
|
|
75
|
+
return True
|
|
76
|
+
|
|
77
|
+
async def filter_event(self, event):
|
|
78
|
+
if "dir" in event.tags:
|
|
79
|
+
return True
|
|
80
|
+
return False
|
bbot/modules/hunt.py
CHANGED
|
@@ -50,7 +50,16 @@ hunt_param_dict = {
|
|
|
50
50
|
"cfg",
|
|
51
51
|
"config",
|
|
52
52
|
],
|
|
53
|
-
"Directory Traversal": [
|
|
53
|
+
"Directory Traversal": [
|
|
54
|
+
"entry",
|
|
55
|
+
"download",
|
|
56
|
+
"attachment",
|
|
57
|
+
"basepath",
|
|
58
|
+
"path",
|
|
59
|
+
"file",
|
|
60
|
+
"source",
|
|
61
|
+
"dest",
|
|
62
|
+
],
|
|
54
63
|
"Local File Include": [
|
|
55
64
|
"file",
|
|
56
65
|
"document",
|
|
@@ -279,8 +288,6 @@ class hunt(BaseModule):
|
|
|
279
288
|
"author": "@liquidsec",
|
|
280
289
|
"created_date": "2022-07-20",
|
|
281
290
|
}
|
|
282
|
-
# accept all events regardless of scope distance
|
|
283
|
-
scope_distance_modifier = None
|
|
284
291
|
|
|
285
292
|
async def handle_event(self, event):
|
|
286
293
|
p = event.data["name"]
|
bbot/modules/iis_shortnames.py
CHANGED
|
@@ -166,6 +166,10 @@ class iis_shortnames(BaseModule):
|
|
|
166
166
|
|
|
167
167
|
cl = ext_char_list if extension_mode is True else char_list
|
|
168
168
|
|
|
169
|
+
self.debug(
|
|
170
|
+
f"Solving shortname recursive for {target} with prefix {prefix} and extension mode {extension_mode}"
|
|
171
|
+
)
|
|
172
|
+
|
|
169
173
|
urls_and_kwargs = []
|
|
170
174
|
|
|
171
175
|
for c in cl:
|
|
@@ -334,6 +338,18 @@ class iis_shortnames(BaseModule):
|
|
|
334
338
|
for url_hint in url_hint_list:
|
|
335
339
|
if "." in url_hint:
|
|
336
340
|
hint_type = "shortname-endpoint"
|
|
341
|
+
# Check if it's a ZIP file
|
|
342
|
+
if url_hint.lower().endswith(".zip"):
|
|
343
|
+
await self.emit_event(
|
|
344
|
+
{
|
|
345
|
+
"host": str(event.host),
|
|
346
|
+
"url": event.data,
|
|
347
|
+
"description": f"Possible backup file (zip) in web root: {normalized_url}{url_hint}",
|
|
348
|
+
},
|
|
349
|
+
"FINDING",
|
|
350
|
+
event,
|
|
351
|
+
context=f"{{module}} discovered possible backup file in web root: {url_hint}",
|
|
352
|
+
)
|
|
337
353
|
else:
|
|
338
354
|
hint_type = "shortname-directory"
|
|
339
355
|
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
from .base import ModuleTestBase
|
|
2
|
+
import re
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
class TestAspnetBinExposure(ModuleTestBase):
|
|
6
|
+
targets = ["http://127.0.0.1:8888"]
|
|
7
|
+
modules_overrides = ["httpx", "aspnet_bin_exposure"]
|
|
8
|
+
config_overrides = {
|
|
9
|
+
"modules": {
|
|
10
|
+
"aspnet_bin_exposure": {
|
|
11
|
+
"test_dlls": [
|
|
12
|
+
"Newtonsoft.Json.dll",
|
|
13
|
+
]
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
async def setup_before_prep(self, module_test):
|
|
19
|
+
# Simulate successful DLL exposure
|
|
20
|
+
expect_args = {
|
|
21
|
+
"method": "GET",
|
|
22
|
+
"uri": "/b/(S(X))in/Newtonsoft.Json.dll/(S(X))/",
|
|
23
|
+
}
|
|
24
|
+
respond_args = {
|
|
25
|
+
"status": 200,
|
|
26
|
+
"headers": {"content-type": "application/x-msdownload"},
|
|
27
|
+
"response_data": b"MZ\x90\x00\x03\x00\x00\x00",
|
|
28
|
+
}
|
|
29
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
30
|
+
|
|
31
|
+
# Simulate failed DLL exposure (confirmation test)
|
|
32
|
+
expect_args = {
|
|
33
|
+
"method": "GET",
|
|
34
|
+
"uri": "/b/(S(X))in/oopsnotarealdll.dll/(S(X))/",
|
|
35
|
+
}
|
|
36
|
+
respond_args = {"status": 404}
|
|
37
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
38
|
+
|
|
39
|
+
# Simulate alternative technique
|
|
40
|
+
expect_args = {
|
|
41
|
+
"method": "GET",
|
|
42
|
+
"uri": "/(S(X))/b/(S(X))in/Newtonsoft.Json.dll",
|
|
43
|
+
}
|
|
44
|
+
respond_args = {
|
|
45
|
+
"status": 200,
|
|
46
|
+
"headers": {"content-type": "application/x-msdownload"},
|
|
47
|
+
"response_data": b"MZ\x90\x00\x03\x00\x00\x00",
|
|
48
|
+
}
|
|
49
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
50
|
+
|
|
51
|
+
# Simulate failed alternative technique (confirmation test)
|
|
52
|
+
expect_args = {
|
|
53
|
+
"method": "GET",
|
|
54
|
+
"uri": "/(S(X))/b/(S(X))in/oopsnotarealdll.dll",
|
|
55
|
+
}
|
|
56
|
+
respond_args = {"status": 404}
|
|
57
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
58
|
+
|
|
59
|
+
# Fallback for any other requests
|
|
60
|
+
expect_args = {"uri": re.compile(r"^/.*$")}
|
|
61
|
+
respond_args = {"status": 404}
|
|
62
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
63
|
+
|
|
64
|
+
def check(self, module_test, events):
|
|
65
|
+
vulnerability_found = False
|
|
66
|
+
for e in events:
|
|
67
|
+
if e.type == "VULNERABILITY" and "IIS Bin Directory DLL Exposure" in e.data["description"]:
|
|
68
|
+
vulnerability_found = True
|
|
69
|
+
assert e.data["severity"] == "HIGH", "Vulnerability severity should be HIGH"
|
|
70
|
+
assert "Detection Url" in e.data["description"], "Description should include detection URL"
|
|
71
|
+
break
|
|
72
|
+
|
|
73
|
+
assert vulnerability_found, "No vulnerability event was found"
|
|
@@ -43,19 +43,64 @@ class TestIIS_Shortnames(ModuleTestBase):
|
|
|
43
43
|
respond_args = {"response_data": "", "status": 400}
|
|
44
44
|
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
45
45
|
|
|
46
|
-
|
|
46
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BA\*~1\*.*$")}
|
|
47
|
+
respond_args = {"response_data": "", "status": 400}
|
|
48
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
49
|
+
|
|
50
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BAC\*~1\*.*$")}
|
|
51
|
+
respond_args = {"response_data": "", "status": 400}
|
|
52
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
53
|
+
|
|
54
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BACK\*~1\*.*$")}
|
|
55
|
+
respond_args = {"response_data": "", "status": 400}
|
|
56
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
57
|
+
|
|
58
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BACKU\*~1\*.*$")}
|
|
59
|
+
respond_args = {"response_data": "", "status": 400}
|
|
60
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
61
|
+
|
|
62
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BACKUP\*~1\*/a.aspx$")}
|
|
63
|
+
respond_args = {"response_data": "", "status": 400}
|
|
64
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
65
|
+
|
|
66
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BACKUP~1\*$")}
|
|
67
|
+
respond_args = {"response_data": "", "status": 400}
|
|
68
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
69
|
+
|
|
70
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BACKUP~1\.Z\*/a.aspx$")}
|
|
71
|
+
respond_args = {"response_data": "", "status": 400}
|
|
72
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
73
|
+
|
|
74
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BACKUP~1\.ZI\*/a.aspx$")}
|
|
75
|
+
respond_args = {"response_data": "", "status": 400}
|
|
76
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
77
|
+
|
|
78
|
+
expect_args = {"method": "GET", "uri": re.compile(r"\/BACKUP~1\.ZIP\*/a.aspx$")}
|
|
79
|
+
respond_args = {"response_data": "", "status": 400}
|
|
80
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
81
|
+
|
|
82
|
+
for char in "BLSHAXCKUP":
|
|
47
83
|
expect_args = {"method": "GET", "uri": re.compile(rf"\/\*{char}\*~1\*.*$")}
|
|
48
84
|
respond_args = {"response_data": "", "status": 400}
|
|
49
85
|
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
50
86
|
|
|
87
|
+
for char in "ZIP":
|
|
88
|
+
expect_args = {"method": "GET", "uri": re.compile(rf"\/\*~1\*{char}\*.*$")}
|
|
89
|
+
respond_args = {"response_data": "", "status": 400}
|
|
90
|
+
module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args)
|
|
91
|
+
|
|
51
92
|
def check(self, module_test, events):
|
|
52
93
|
vulnerabilityEmitted = False
|
|
53
94
|
url_hintEmitted = False
|
|
95
|
+
zip_findingEmitted = False
|
|
54
96
|
for e in events:
|
|
55
97
|
if e.type == "VULNERABILITY" and "iis-magic-url" not in e.tags:
|
|
56
98
|
vulnerabilityEmitted = True
|
|
57
99
|
if e.type == "URL_HINT" and e.data == "http://127.0.0.1:8888/BLSHAX~1":
|
|
58
100
|
url_hintEmitted = True
|
|
101
|
+
if e.type == "FINDING" and "Possible backup file (zip) in web root" in e.data["description"]:
|
|
102
|
+
zip_findingEmitted = True
|
|
59
103
|
|
|
60
104
|
assert vulnerabilityEmitted
|
|
61
105
|
assert url_hintEmitted
|
|
106
|
+
assert zip_findingEmitted
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: bbot
|
|
3
|
-
Version: 2.5.0.
|
|
3
|
+
Version: 2.5.0.6765rc0
|
|
4
4
|
Summary: OSINT automation for hackers.
|
|
5
5
|
License: GPL-3.0
|
|
6
6
|
Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
bbot/__init__.py,sha256=
|
|
1
|
+
bbot/__init__.py,sha256=FlPvmAeCzCmU4LnwoCMJUBlY6Mk29_UBVZbz2EIYJ7k,163
|
|
2
2
|
bbot/cli.py,sha256=1QJbANVw9Q3GFM92H2QRV2ds5756ulm08CDZwzwPpeI,11888
|
|
3
3
|
bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
|
|
4
4
|
bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
|
|
@@ -30,7 +30,7 @@ bbot/core/helpers/helper.py,sha256=u-q_Ka9pY1atvC-FChxYpURM7b3_0gaCNIHSG__Wi74,8
|
|
|
30
30
|
bbot/core/helpers/interactsh.py,sha256=VBYYH6-rWBofRsgemndK6iZNmyifOps8vgQOw2mac4k,12624
|
|
31
31
|
bbot/core/helpers/libmagic.py,sha256=QMHyxjgDLb2jyjBvK1MQ-xt6WkGXhKcHu9ZP1li-sik,3460
|
|
32
32
|
bbot/core/helpers/misc.py,sha256=hi5iyzpLc6oFk5XrWQN7leuRDyuZtdWuKVBxTUpQ_RY,88757
|
|
33
|
-
bbot/core/helpers/names_generator.py,sha256=
|
|
33
|
+
bbot/core/helpers/names_generator.py,sha256=zmo4MyuOnAYjiUDiORhq9T9bHmA_gW72Y2kHMAqVENU,10594
|
|
34
34
|
bbot/core/helpers/ntlm.py,sha256=P2Xj4-GPos2iAzw4dfk0FJp6oGyycGhu2x6sLDVjYjs,2573
|
|
35
35
|
bbot/core/helpers/process.py,sha256=00uRpLMFi3Pt3uT8qXwAIhsXdoa7h-ifoXh0sGYgwqs,1702
|
|
36
36
|
bbot/core/helpers/ratelimiter.py,sha256=fQp5mKfqfCkDkZzgntDu4NWlRsWSMCto0V8vaV8-34k,2115
|
|
@@ -57,6 +57,7 @@ bbot/modules/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
|
57
57
|
bbot/modules/ajaxpro.py,sha256=daE1yQoCsSI5c4dh3YKwRSggTISNjWgrK7qTPidk7cU,3764
|
|
58
58
|
bbot/modules/anubisdb.py,sha256=JCy2YCfa0e_VawpzNmcPXAosKUthmYGutireJ0gMDws,1916
|
|
59
59
|
bbot/modules/apkpure.py,sha256=a_VRujUOIk7SVWyI9-N-nJVqfMApciIRdXVc-y_Ebuw,2558
|
|
60
|
+
bbot/modules/aspnet_bin_exposure.py,sha256=X16mK8tff7-LOcbS4fUschkDRdVVz9r2N8Ta2EZzw2Y,3737
|
|
60
61
|
bbot/modules/azure_realm.py,sha256=pP2PUlLy0K9KKaE8aNcznWjDW3PKHvnMejdOSc-o4ms,1612
|
|
61
62
|
bbot/modules/azure_tenant.py,sha256=qBn7CUA_hth2PqW55XZVjYxIw20xLYrMntXc6mYpmKU,5366
|
|
62
63
|
bbot/modules/baddns.py,sha256=ubO3KDfcIMJnMjyZX5FWZ4GWxLSekV_JQV7QvsPjtD0,6693
|
|
@@ -116,9 +117,9 @@ bbot/modules/gowitness.py,sha256=o4nIBbHVX9tYVW9CpwTsaftWDZu41nhxS0KEp4FoiBs,130
|
|
|
116
117
|
bbot/modules/hackertarget.py,sha256=IsKs9PtxUHdLJKZydlRdW_loBE2KphQYi3lKDAd4odc,1029
|
|
117
118
|
bbot/modules/host_header.py,sha256=uDjwidMdeNPMRfzQ2YW4REEGsZqnGOZHbOS6GgdNd9s,7686
|
|
118
119
|
bbot/modules/httpx.py,sha256=z0sgnfLqIXyiadM0rKQK2p86lka7rC4pGCfTVUqU5Lk,8118
|
|
119
|
-
bbot/modules/hunt.py,sha256=
|
|
120
|
+
bbot/modules/hunt.py,sha256=zt-RKBiOlAKozHA-ZvuPeSOISEu7rIo2aHXQWEsILhw,6607
|
|
120
121
|
bbot/modules/hunterio.py,sha256=dL8IUecJQzNJgvtHArQ1Lz574MbRTF7GbLxp6lLcs0o,2644
|
|
121
|
-
bbot/modules/iis_shortnames.py,sha256=
|
|
122
|
+
bbot/modules/iis_shortnames.py,sha256=TD4kow8TB9slz0SENrfxmQ0Yo9WwsY6DB3j0vvgUIbA,16296
|
|
122
123
|
bbot/modules/internal/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
123
124
|
bbot/modules/internal/aggregate.py,sha256=HnnfTX2GYsOz8IFtfrRX1uXV6rvFx4uG9lmYJF2sdog,419
|
|
124
125
|
bbot/modules/internal/base.py,sha256=BXO4Hc7XKaAOaLzolF3krJX1KibPxtek2GTQUgnCHk0,387
|
|
@@ -233,7 +234,7 @@ bbot/presets/subdomain-enum.yml,sha256=tn9h8TlVB_uS3nKZFUP72HzceoRONSef66mGLWzxj
|
|
|
233
234
|
bbot/presets/tech-detect.yml,sha256=0eEzviy33kZojXpUfKVK0lHhiQrNAopCMEJNL8Clunw,176
|
|
234
235
|
bbot/presets/web/dirbust-heavy.yml,sha256=NDqu7p0Hx1RsZCVnaEWRgI_iL9O0io-tvWerxJf36SM,653
|
|
235
236
|
bbot/presets/web/dirbust-light.yml,sha256=5zSANdjKfYh49kFlsElYY2G6acVrZFzDCEkyqwU6oOQ,203
|
|
236
|
-
bbot/presets/web/dotnet-audit.yml,sha256=
|
|
237
|
+
bbot/presets/web/dotnet-audit.yml,sha256=h9CWZ1QeMsXovjyIzoa7Rcv8hfDib447ZKNxwXBzz1w,544
|
|
237
238
|
bbot/presets/web/iis-shortnames.yml,sha256=EcYKMpl-cI8Xb79_u4wQS42yFXxDpLH9OqINcFUXoTE,176
|
|
238
239
|
bbot/presets/web/lightfuzz-heavy.yml,sha256=zb7DPT-tf5MxTXkVpHn8cx2YwpbaGwZOST8vbhAOWZ0,459
|
|
239
240
|
bbot/presets/web/lightfuzz-light.yml,sha256=pkjTa5ULeOhCgRYPAoJR-cVfyhErT3I1aqmWGHTIgBk,899
|
|
@@ -301,6 +302,7 @@ bbot/test/test_step_2/module_tests/test_module_ajaxpro.py,sha256=S2pFV0TgOJ01SMH
|
|
|
301
302
|
bbot/test/test_step_2/module_tests/test_module_anubisdb.py,sha256=y_GMm20Fy4z9L0fN2dYOExaSsi8Z9PwMKnAjSsYhBk8,545
|
|
302
303
|
bbot/test/test_step_2/module_tests/test_module_apkpure.py,sha256=-G4hoRPFhNH-rj6MvuhqlwiXHqBqHgfFGYxbzoyKz2s,2983
|
|
303
304
|
bbot/test/test_step_2/module_tests/test_module_asn.py,sha256=qIbitSAEAmYyxhpxvdFDsQrHaaxfgKsFox9Q3jTmvgI,10616
|
|
305
|
+
bbot/test/test_step_2/module_tests/test_module_aspnet_bin_exposure.py,sha256=x2WZxe4W08emvTUDf85AakIb-zq5Fu5NlAxbHCrD9bo,2757
|
|
304
306
|
bbot/test/test_step_2/module_tests/test_module_asset_inventory.py,sha256=NEMSPBlczpA5NbQpIcRBpRXpVnfS9lmSS1U7eJmIXAU,3878
|
|
305
307
|
bbot/test/test_step_2/module_tests/test_module_azure_realm.py,sha256=gPRvGA9RHsAcYlHxQG0lHZOYolyzbe6L-ALGIvW-Mg0,1288
|
|
306
308
|
bbot/test/test_step_2/module_tests/test_module_azure_tenant.py,sha256=Aaid6Ftb_qBOmjcUDauXeI6WZcBz49Wli5Yk8FWrZVc,4805
|
|
@@ -368,7 +370,7 @@ bbot/test/test_step_2/module_tests/test_module_http.py,sha256=KhsQvqpVa6zmMa79jV
|
|
|
368
370
|
bbot/test/test_step_2/module_tests/test_module_httpx.py,sha256=qgwtfB-X5Syq1jIm9GN6sz1wRGE7MhwUySsubarCdUs,7070
|
|
369
371
|
bbot/test/test_step_2/module_tests/test_module_hunt.py,sha256=lRCtas8uAq02W-DkLg0YsJLxt2eiYmSErIdanwoKZdo,1564
|
|
370
372
|
bbot/test/test_step_2/module_tests/test_module_hunterio.py,sha256=s0ENxJzLuUu7MD-_-H0ClpLqPuhsQbX-3IgTuiHR5Xs,6982
|
|
371
|
-
bbot/test/test_step_2/module_tests/test_module_iis_shortnames.py,sha256=
|
|
373
|
+
bbot/test/test_step_2/module_tests/test_module_iis_shortnames.py,sha256=91B1S41PVMrqlCTJq17MG7baB7x7JUsjdXnT-E2FozU,5528
|
|
372
374
|
bbot/test/test_step_2/module_tests/test_module_ip2location.py,sha256=VRuXQelBc3hTNXiAJZD0ow5R4t6L8xAi_tS62TFLJKA,1123
|
|
373
375
|
bbot/test/test_step_2/module_tests/test_module_ipneighbor.py,sha256=Bc5xaiIpleC7j5Lz2Y8S9i6PHETOg4KmwiLNJ9HeMx8,608
|
|
374
376
|
bbot/test/test_step_2/module_tests/test_module_ipstack.py,sha256=C0Le03UqvShpATogq9M54V7FKfwJROBMWSvAYfOeOdo,2735
|
|
@@ -449,8 +451,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ZSIVebs7ptMvHx
|
|
|
449
451
|
bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
|
|
450
452
|
bbot/wordlists/valid_url_schemes.txt,sha256=0B_VAr9Dv7aYhwi6JSBDU-3M76vNtzN0qEC_RNLo7HE,3310
|
|
451
453
|
bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
|
|
452
|
-
bbot-2.5.0.
|
|
453
|
-
bbot-2.5.0.
|
|
454
|
-
bbot-2.5.0.
|
|
455
|
-
bbot-2.5.0.
|
|
456
|
-
bbot-2.5.0.
|
|
454
|
+
bbot-2.5.0.6765rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
|
|
455
|
+
bbot-2.5.0.6765rc0.dist-info/METADATA,sha256=TE4UX4SAN8on8fP6_s0fl0zErdTm1Nsr9lcajwTe8l8,18308
|
|
456
|
+
bbot-2.5.0.6765rc0.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
|
|
457
|
+
bbot-2.5.0.6765rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
|
|
458
|
+
bbot-2.5.0.6765rc0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|