bbot 2.7.0.6962rc0__py3-none-any.whl → 2.7.0.6989rc0__py3-none-any.whl

bbot/__init__.py

@@ -1,5 +1,5 @@
 # version placeholder (replaced by poetry-dynamic-versioning)
-__version__ = "v2.7.0.6962rc"
+__version__ = "v2.7.0.6989rc"
 
 from .scanner import Scanner, Preset
 

bbot/core/helpers/files.py

@@ -9,7 +9,7 @@ from .misc import rm_at_exit
 log = logging.getLogger("bbot.core.helpers.files")
 
 
-def tempfile(self, content, pipe=True):
+def tempfile(self, content, pipe=True, extension=None):
     """
     Creates a temporary file or named pipe and populates it with content.
 
@@ -29,7 +29,7 @@ def tempfile(self, content, pipe=True):
         >>> tempfile(["Another", "temp", "file"], pipe=False)
         '/home/user/.bbot/temp/someotherfile'
     """
-    filename = self.temp_filename()
+    filename = self.temp_filename(extension)
     rm_at_exit(filename)
     try:
         if type(content) not in (set, list, tuple):

bbot/defaults.yml

@@ -187,8 +187,10 @@ url_extension_blacklist:
   - mov
   - flv
   - webm
-# Distribute URLs with these extensions only to httpx (these are omitted from output)
-url_extension_httpx_only:
+
+# URLs with these extensions are not distributed to modules unless the module opts in via `accept_url_special = True`
+# They are also excluded from output. If you want to see them in output, remove them from this list.
+url_extension_special:
   - js
 
 # These url extensions are almost always static, so we exclude them from modules that fuzz things

bbot/modules/base.py

@@ -53,6 +53,8 @@ class BaseModule:
 
         in_scope_only (bool): Accept only explicitly in-scope events, regardless of the scan's search distance. Default is False.
 
+        accept_url_special (bool): Accept "special" URLs not typically distributed to web modules, e.g. JS URLs. Default is False.
+
         options (Dict): Customizable options for the module, e.g., {"api_key": ""}. Empty dict by default.
 
         options_desc (Dict): Descriptions for options, e.g., {"api_key": "API Key"}. Empty dict by default.
@@ -97,7 +99,7 @@ class BaseModule:
     scope_distance_modifier = 0
     target_only = False
     in_scope_only = False
-
+    accept_url_special = False
     _module_threads = 1
     _batch_size = 1
 
@@ -785,10 +787,14 @@ class BaseModule:
             if "target" not in event.tags:
                 return False, "it did not meet target_only filter criteria"
 
-        # exclude certain URLs (e.g. javascript):
-        # TODO: revisit this after httpx rework
-        if event.type.startswith("URL") and self.name != "httpx" and "httpx-only" in event.tags:
-            return False, "its extension was listed in url_extension_httpx_only"
+        # limit js URLs to modules that opt in to receive them
+        if (not self.accept_url_special) and event.type.startswith("URL"):
+            extension = getattr(event, "url_extension", "")
+            if extension in self.scan.url_extension_special:
+                return (
+                    False,
+                    f"it is a special URL (extension {extension}) but the module does not opt in to receive special URLs",
+                )
 
         return True, "precheck succeeded"
 

bbot/modules/graphql_introspection.py

@@ -27,7 +27,6 @@ class graphql_introspection(BaseModule):
             self.output_dir = Path(output_folder) / "graphql-schemas"
         else:
             self.output_dir = self.scan.home / "graphql-schemas"
-        self.helpers.mkdir(self.output_dir)
         return True
 
     async def filter_event(self, event):
@@ -128,6 +127,7 @@ fragment TypeRef on __Type {
                 self.debug(f"Failed to parse JSON for {url}")
                 continue
             if response_json.get("data", {}).get("__schema", {}).get("types", []):
+                self.helpers.mkdir(self.output_dir)
                 filename = f"schema-{self.helpers.tagify(url)}.json"
                 filename = self.output_dir / filename
                 with open(filename, "w") as f:

bbot/modules/httpx.py

@@ -50,6 +50,8 @@ class httpx(BaseModule):
     _shuffle_incoming_queue = False
     _batch_size = 500
     _priority = 2
+    # accept Javascript URLs
+    accept_url_special = True
 
     async def setup(self):
         self.threads = self.config.get("threads", 50)

bbot/modules/output/base.py

@@ -38,11 +38,6 @@ class BaseOutputModule(BaseModule):
         if self._is_graph_important(event):
             return True, "event is critical to the graph"
 
-        # exclude certain URLs (e.g. javascript):
-        # TODO: revisit this after httpx rework
-        if event.type.startswith("URL") and self.name != "httpx" and "httpx-only" in event.tags:
-            return False, (f"Omitting {event} from output because it's marked as httpx-only")
-
         # omit certain event types
         if event._omit:
             if "target" in event.tags:

bbot/modules/retirejs.py

@@ -0,0 +1,238 @@
+import json
+from enum import IntEnum
+from bbot.modules.base import BaseModule
+
+
+class RetireJSSeverity(IntEnum):
+    NONE = 0
+    LOW = 1
+    MEDIUM = 2
+    HIGH = 3
+    CRITICAL = 4
+
+    @classmethod
+    def from_string(cls, severity_str):
+        try:
+            return cls[severity_str.upper()]
+        except (KeyError, AttributeError):
+            return cls.NONE
+
+
+class retirejs(BaseModule):
+    watched_events = ["URL_UNVERIFIED"]
+    produced_events = ["FINDING"]
+    flags = ["active", "safe", "web-thorough"]
+    meta = {
+        "description": "Detect vulnerable/out-of-date JavaScript libraries",
+        "created_date": "2025-08-19",
+        "author": "@liquidsec",
+    }
+    options = {
+        "version": "5.3.0",
+        "node_version": "18.19.1",
+        "severity": "medium",
+    }
+    options_desc = {
+        "version": "retire.js version",
+        "node_version": "Node.js version to install locally",
+        "severity": "Minimum severity level to report (none, low, medium, high, critical)",
+    }
+
+    deps_ansible = [
+        # Download Node.js binary (Linux x64)
+        {
+            "name": "Download Node.js binary (Linux x64)",
+            "get_url": {
+                "url": "https://nodejs.org/dist/v#{BBOT_MODULES_RETIREJS_NODE_VERSION}/node-v#{BBOT_MODULES_RETIREJS_NODE_VERSION}-linux-x64.tar.xz",
+                "dest": "#{BBOT_TEMP}/node-v#{BBOT_MODULES_RETIREJS_NODE_VERSION}-linux-x64.tar.xz",
+                "mode": "0644",
+            },
+        },
+        # Extract Node.js binary (x64)
+        {
+            "name": "Extract Node.js binary (x64)",
+            "unarchive": {
+                "src": "#{BBOT_TEMP}/node-v#{BBOT_MODULES_RETIREJS_NODE_VERSION}-linux-x64.tar.xz",
+                "dest": "#{BBOT_TOOLS}",
+                "remote_src": True,
+            },
+        },
+        # Remove existing node directory if it exists
+        {
+            "name": "Remove existing node directory",
+            "file": {"path": "#{BBOT_TOOLS}/node", "state": "absent"},
+        },
+        # Rename extracted directory to 'node' (x64)
+        {
+            "name": "Rename Node.js directory (x64)",
+            "command": "mv #{BBOT_TOOLS}/node-v#{BBOT_MODULES_RETIREJS_NODE_VERSION}-linux-x64 #{BBOT_TOOLS}/node",
+        },
+        # Make Node.js binary executable
+        {
+            "name": "Make Node.js binary executable",
+            "file": {"path": "#{BBOT_TOOLS}/node/bin/node", "mode": "0755"},
+        },
+        # Make npm executable
+        {
+            "name": "Make npm executable",
+            "file": {"path": "#{BBOT_TOOLS}/node/bin/npm", "mode": "0755"},
+        },
+        # Remove existing retirejs directory if it exists
+        {
+            "name": "Remove existing retirejs directory",
+            "file": {"path": "#{BBOT_TOOLS}/retirejs", "state": "absent"},
+        },
+        # Create retire.js local directory
+        {
+            "name": "Create retire.js directory in BBOT_TOOLS",
+            "file": {"path": "#{BBOT_TOOLS}/retirejs", "state": "directory", "mode": "0755"},
+        },
+        # Install retire.js locally using local Node.js
+        {
+            "name": "Install retire.js locally",
+            "shell": "cd #{BBOT_TOOLS}/retirejs && #{BBOT_TOOLS}/node/bin/node #{BBOT_TOOLS}/node/lib/node_modules/npm/bin/npm-cli.js install retire@#{BBOT_MODULES_RETIREJS_VERSION} --no-fund --no-audit --silent --no-optional",
+            "args": {"creates": "#{BBOT_TOOLS}/retirejs/node_modules/.bin/retire"},
+            "timeout": 600,
+            "ignore_errors": False,
+        },
+        # Fix retire script shebang to use our local node binary
+        {
+            "name": "Fix retire script shebang",
+            "shell": "sed -i '1s|#!/usr/bin/env node|#!#{BBOT_TOOLS}/node/bin/node|' #{BBOT_TOOLS}/retirejs/node_modules/.bin/retire",
+        },
+        # Make retire script executable
+        {
+            "name": "Make retire script executable",
+            "file": {"path": "#{BBOT_TOOLS}/retirejs/node_modules/.bin/retire", "mode": "0755"},
+        },
+        # Create retire cache directory
+        {
+            "name": "Create retire cache directory",
+            "file": {"path": "#{BBOT_CACHE}/retire_cache", "state": "directory", "mode": "0755"},
+        },
+    ]
+
+    accept_url_special = True
+    scope_distance_modifier = 1
+    _module_threads = 4
+
+    async def setup(self):
+        excavate_enabled = self.scan.config.get("excavate")
+        if not excavate_enabled:
+            return None, "retirejs will not function without excavate enabled"
+
+        # Validate severity level
+        valid_severities = ["none", "low", "medium", "high", "critical"]
+        configured_severity = self.config.get("severity", "medium").lower()
+        if configured_severity not in valid_severities:
+            return (
+                False,
+                f"Invalid severity level '{configured_severity}'. Valid options are: {', '.join(valid_severities)}",
+            )
+
+        self.repofile = await self.helpers.download(
+            "https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository-v4.json", cache_hrs=24
+        )
+        if not self.repofile:
+            return False, "failed to download retire.js repository file"
+        return True
+
+    async def handle_event(self, event):
+        js_file = await self.helpers.request(event.data)
+        if js_file:
+            js_file_body = js_file.text
+            if js_file_body:
+                js_file_body_saved = self.helpers.tempfile(js_file_body, pipe=False, extension="js")
+                results = await self.execute_retirejs(js_file_body_saved)
+                if not results:
+                    self.warning("no output from retire.js")
+                    return
+                results_json = json.loads(results)
+                if results_json.get("data"):
+                    for file_result in results_json["data"]:
+                        for component_result in file_result.get("results", []):
+                            component = component_result.get("component", "unknown")
+                            version = component_result.get("version", "unknown")
+                            vulnerabilities = component_result.get("vulnerabilities", [])
+                            for vuln in vulnerabilities:
+                                severity = vuln.get("severity", "unknown")
+
+                                # Filter by minimum severity level
+                                min_severity = RetireJSSeverity.from_string(self.config.get("severity", "medium"))
+                                vuln_severity = RetireJSSeverity.from_string(severity)
+                                if vuln_severity < min_severity:
+                                    self.debug(
+                                        f"Skipping vulnerability with severity '{severity}' (below minimum '{min_severity.name.lower()}')"
+                                    )
+                                    continue
+
+                                identifiers = vuln.get("identifiers", {})
+                                summary = identifiers.get("summary", "Unknown vulnerability")
+                                cves = identifiers.get("CVE", [])
+                                description_parts = [
+                                    f"Vulnerable JavaScript library detected: {component} v{version}",
+                                    f"Severity: {severity.upper()}",
+                                    f"Summary: {summary}",
+                                    f"JavaScript URL: {event.data}",
+                                ]
+                                if cves:
+                                    description_parts.append(f"CVE(s): {', '.join(cves)}")
+
+                                below_version = vuln.get("below", "")
+                                at_or_above = vuln.get("atOrAbove", "")
+                                if at_or_above and below_version:
+                                    description_parts.append(f"Affected versions: [{at_or_above} to {below_version})")
+                                elif below_version:
+                                    description_parts.append(f"Affected versions: [< {below_version}]")
+                                elif at_or_above:
+                                    description_parts.append(f"Affected versions: [>= {at_or_above}]")
+                                description = " ".join(description_parts)
+                                data = {
+                                    "description": description,
+                                    "severity": severity,
+                                    "component": component,
+                                    "url": event.parent.data["url"],
+                                }
+                                await self.emit_event(
+                                    data,
+                                    "FINDING",
+                                    parent=event,
+                                    context=f"{{module}} identified vulnerable JavaScript library {component} v{version} ({severity} severity)",
+                                )
+
+    async def filter_event(self, event):
+        url_extension = getattr(event, "url_extension", "")
+        if url_extension != "js":
+            return False, f"it is a {url_extension} URL but retirejs only accepts js URLs"
+        return True
+
+    async def execute_retirejs(self, js_file):
+        cache_dir = self.helpers.cache_dir / "retire_cache"
+        retire_dir = self.scan.helpers.tools_dir / "retirejs"
+
+        # Use the retire CLI script directly with our local node binary
+        local_node_dir = self.scan.helpers.tools_dir / "node"
+        retire_cli_script = retire_dir / "node_modules" / "retire" / "lib" / "cli.js"
+
+        command = [
+            str(local_node_dir / "bin" / "node"),
+            str(retire_cli_script),
+            "--outputformat",
+            "json",
+            "--cachedir",
+            str(cache_dir),
+            "--path",
+            js_file,
+            "--jsrepo",
+            str(self.repofile),
+        ]
+
+        proxy = self.scan.web_config.get("http_proxy")
+        if proxy:
+            command.extend(["--proxy", proxy])
+
+        self.verbose(f"Running retire.js on {js_file}")
+        self.verbose(f"retire.js command: {command}")
+
+        result = await self.run_process(command)
+        return result.stdout

bbot/scanner/manager.py

@@ -94,10 +94,6 @@ class ScanIngress(BaseInterceptModule):
         # special handling of URL extensions
         url_extension = getattr(event, "url_extension", None)
         if url_extension is not None:
-            if url_extension in self.scan.url_extension_httpx_only:
-                event.add_tag("httpx-only")
-                event._omit = True
-
             # blacklist by extension
             if url_extension in self.scan.url_extension_blacklist:
                 self.debug(
@@ -209,6 +205,13 @@ class ScanEgress(BaseInterceptModule):
             )
             event.internal = True
 
+        # mark special URLs (e.g. Javascript) as internal so they don't get output except when they're critical to the graph
+        if event.type.startswith("URL"):
+            extension = getattr(event, "url_extension", "")
+            if extension in self.scan.url_extension_special:
+                event.internal = True
+                self.debug(f"Making {event} internal because it is a special URL (extension {extension})")
+
         if event.type in self.scan.omitted_event_types:
             self.debug(f"Omitting {event} because its type is omitted in the config")
             event._omit = True

bbot/scanner/scanner.py

@@ -230,8 +230,8 @@ class Scanner:
             )
 
         # url file extensions
+        self.url_extension_special = {e.lower() for e in self.config.get("url_extension_special", [])}
         self.url_extension_blacklist = {e.lower() for e in self.config.get("url_extension_blacklist", [])}
-        self.url_extension_httpx_only = {e.lower() for e in self.config.get("url_extension_httpx_only", [])}
 
         # url querystring behavior
         self.url_querystring_remove = self.config.get("url_querystring_remove", True)

bbot/test/test_step_1/test_bbot_fastapi.py

@@ -22,8 +22,8 @@ def test_bbot_multiprocess(bbot_httpserver):
     queue = multiprocessing.Queue()
     events_process = multiprocessing.Process(target=run_bbot_multiprocess, args=(queue,))
     events_process.start()
-    events_process.join()
-    events = queue.get()
+    events_process.join(timeout=300)
+    events = queue.get(timeout=10)
     assert len(events) >= 3
     scan_events = [e for e in events if e["type"] == "SCAN"]
     assert len(scan_events) == 2

bbot/test/test_step_1/test_events.py

@@ -209,7 +209,6 @@ async def test_events(events, helpers):
     javascript_event = scan.make_event("http://evilcorp.com/asdf/a.js?b=c#d", "URL_UNVERIFIED", parent=scan.root_event)
     assert "extension-js" in javascript_event.tags
     await scan.ingress_module.handle_event(javascript_event)
-    assert "httpx-only" in javascript_event.tags
 
     # scope distance
     event1 = scan.make_event("1.2.3.4", dummy=True)

bbot/test/test_step_1/test_scan.py

@@ -147,24 +147,18 @@ async def test_task_scan_handle_event_timeout(bbot_scanner):
 
 @pytest.mark.asyncio
 async def test_url_extension_handling(bbot_scanner):
-    scan = bbot_scanner(config={"url_extension_blacklist": ["css"], "url_extension_httpx_only": ["js"]})
+    scan = bbot_scanner(config={"url_extension_blacklist": ["css"]})
     await scan._prep()
     assert scan.url_extension_blacklist == {"css"}
-    assert scan.url_extension_httpx_only == {"js"}
     good_event = scan.make_event("https://evilcorp.com/a.txt", "URL", tags=["status-200"], parent=scan.root_event)
     bad_event = scan.make_event("https://evilcorp.com/a.css", "URL", tags=["status-200"], parent=scan.root_event)
-    httpx_event = scan.make_event("https://evilcorp.com/a.js", "URL", tags=["status-200"], parent=scan.root_event)
     assert "blacklisted" not in bad_event.tags
-    assert "httpx-only" not in httpx_event.tags
     result = await scan.ingress_module.handle_event(good_event)
     assert result is None
     result, reason = await scan.ingress_module.handle_event(bad_event)
     assert result is False
     assert reason == "event is blacklisted"
     assert "blacklisted" in bad_event.tags
-    result = await scan.ingress_module.handle_event(httpx_event)
-    assert result is None
-    assert "httpx-only" in httpx_event.tags
 
     await scan._cleanup()
 

bbot/test/test_step_2/module_tests/base.py

@@ -61,6 +61,7 @@ class ModuleTestBase:
                 config=self.config,
                 whitelist=module_test_base.whitelist,
                 blacklist=module_test_base.blacklist,
+                force_start=getattr(module_test_base, "force_start", False),
             )
             self.events = []
             self.log = logging.getLogger(f"bbot.test.{module_test_base.name}")

bbot/test/test_step_2/module_tests/test_module_excavate.py

@@ -24,14 +24,13 @@ class TestExcavate(ModuleTestBase):
         \\x3dwww6.test.notreal
         %0awww7.test.notreal
         \\u000awww8.test.notreal
-        # these ones shouldn't get emitted because they're .js (url_extension_httpx_only)
-        <a href="/a_relative.js">
-        <link href="/link_relative.js">
-        # these ones should
         <a href="/a_relative.txt">
         <link href="/link_relative.txt">
         <a href="mailto:bob@evilcorp.org?subject=help">Help</a>
         <li class="toctree-l3"><a class="reference internal" href="miscellaneous.html#x50-uart-driver">16x50 UART Driver</a></li>
+        # these ones should get emitted as URL_UNVERIFIED events (processed by httpx which has accept_js_url=True)
+        <a href="/a_relative.js">
+        <link href="/link_relative.js">
         """
         expect_args = {"method": "GET", "uri": "/"}
         respond_args = {"response_data": response_data}
@@ -63,8 +62,9 @@ class TestExcavate(ModuleTestBase):
         assert "www6.test.notreal" in event_data
         assert "www7.test.notreal" in event_data
         assert "www8.test.notreal" in event_data
-        assert "http://127.0.0.1:8888/a_relative.js" not in event_data
-        assert "http://127.0.0.1:8888/link_relative.js" not in event_data
+        # .js files should be emitted as URL_UNVERIFIED events (they are processed by httpx which has accept_js_url=True)
+        assert "http://127.0.0.1:8888/a_relative.js" in event_data
+        assert "http://127.0.0.1:8888/link_relative.js" in event_data
         assert "http://127.0.0.1:8888/a_relative.txt" in event_data
         assert "http://127.0.0.1:8888/link_relative.txt" in event_data
 

bbot/test/test_step_2/module_tests/test_module_retirejs.py

@@ -0,0 +1,159 @@
+from .base import ModuleTestBase
+
+
+class TestRetireJS(ModuleTestBase):
+    targets = ["http://127.0.0.1:8888"]
+    modules_overrides = ["httpx", "excavate", "retirejs"]
+
+    # HTML page with vulnerable JavaScript libraries
+    vulnerable_html = """<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <title>retire.js test page</title>
+</head>
+<body>
+  <h1>retire.js test page</h1>
+  <p>This page includes JavaScript libraries for testing.</p>
+
+  <!-- jQuery 3.4.1 -->
+  <script src="/jquery-3.4.1.min.js"></script>
+
+  <!-- Lodash 4.17.11 -->
+  <script src="/lodash.min.js"></script>
+
+  <!-- Handlebars 4.0.5 -->
+  <script src="/handlebars.min.js"></script>
+
+  <script>
+    console.log('Libraries loaded');
+  </script>
+</body>
+</html>"""
+
+    # Sample jQuery 3.4.1 content
+    jquery_content = """/*!
+ * jQuery JavaScript Library v3.4.1
+ * https://jquery.com/
+ */
+(function( global, factory ) {
+    "use strict";
+    factory( global );
+})(typeof window !== "undefined" ? window : this, function( window, noGlobal ) {
+    var jQuery = function( selector, context ) {
+        return new jQuery.fn.init( selector, context );
+    };
+    jQuery.fn = jQuery.prototype = {};
+    jQuery.fn.jquery = "3.4.1";
+    if ( typeof noGlobal === "undefined" ) {
+        window.jQuery = window.$ = jQuery;
+    }
+    return jQuery;
+});"""
+
+    # Sample Lodash 4.17.11 content
+    lodash_content = """/**
+ * @license
+ * Lodash lodash.com/license | Underscore.js 1.8.3 underscorejs.org/LICENSE
+ */
+;(function(){
+var i="4.17.11";
+var Mn={VERSION:i};
+if(typeof define=="function"&&define.amd)define(function(){return Mn});else if(typeof module=="object"&&module.exports)module.exports=Mn;else this._=Mn}());"""
+
+    # Sample Handlebars 4.0.5 content
+    handlebars_content = """/*!
+ handlebars v4.0.5
+*/
+!function(a,b){"object"==typeof exports&&"object"==typeof module?module.exports=b():"function"==typeof define&&define.amd?define([],b):"object"==typeof exports?exports.Handlebars=b():a.Handlebars=b()}(this,function(){
+var Handlebars={};
+Handlebars.VERSION="4.0.5";
+return Handlebars;
+});"""
+
+    async def setup_after_prep(self, module_test):
+        expect_args = {"uri": "/"}
+        respond_args = {"response_data": self.vulnerable_html}
+        module_test.set_expect_requests(expect_args, respond_args)
+
+        expect_args = {"uri": "/jquery-3.4.1.min.js"}
+        respond_args = {"response_data": self.jquery_content}
+        module_test.set_expect_requests(expect_args, respond_args)
+
+        expect_args = {"uri": "/lodash.min.js"}
+        respond_args = {"response_data": self.lodash_content}
+        module_test.set_expect_requests(expect_args, respond_args)
+
+        expect_args = {"uri": "/handlebars.min.js"}
+        respond_args = {"response_data": self.handlebars_content}
+        module_test.set_expect_requests(expect_args, respond_args)
+
+    def check(self, module_test, events):
+        # Check that excavate found the JavaScript URLs
+        url_unverified_events = [e for e in events if e.type == "URL_UNVERIFIED"]
+        js_url_events = [e for e in url_unverified_events if "extension-js" in e.tags]
+
+        # We should have found the JavaScript URLs
+        assert len(url_unverified_events) > 0, "No URL_UNVERIFIED events found - excavate may not be working"
+        assert len(js_url_events) >= 3, f"Expected at least 3 JavaScript URLs, found {len(js_url_events)}"
+
+        # Check for FINDING events generated by retirejs
+        finding_events = [e for e in events if e.type == "FINDING"]
+        retirejs_findings = [
+            e
+            for e in finding_events
+            if "vulnerable javascript library detected:" in e.data.get("description", "").lower()
+        ]
+
+        # We should have at least some findings from our vulnerable libraries
+        assert len(retirejs_findings) > 0, (
+            f"Expected retirejs to find vulnerabilities, but got {len(retirejs_findings)} findings"
+        )
+
+        # Check for specific expected vulnerability descriptions
+        descriptions = [finding.data.get("description", "") for finding in retirejs_findings]
+        all_descriptions = "\n".join(descriptions)
+
+        # Look for specific vulnerabilities we expect to find
+        expected_handlebars_vuln = "Vulnerable JavaScript library detected: handlebars v4.0.5 Severity: HIGH Summary: Regular Expression Denial of Service in Handlebars JavaScript URL: http://127.0.0.1:8888/handlebars.min.js CVE(s): CVE-2019-20922 Affected versions: [4.0.0 to 4.4.5)"
+        expected_jquery_vuln = "Vulnerable JavaScript library detected: jquery v3.4.1 Severity: MEDIUM Summary: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS JavaScript URL: http://127.0.0.1:8888/jquery-3.4.1.min.js CVE(s): CVE-2020-11022 Affected versions: [1.2.0 to 3.5.0)"
+
+        # Verify at least one of the expected vulnerabilities is found
+        handlebars_found = expected_handlebars_vuln in all_descriptions
+        jquery_found = expected_jquery_vuln in all_descriptions
+
+        assert handlebars_found and jquery_found, (
+            f"Expected to find specific vulnerabilities but didn't find them. Found descriptions:\n{all_descriptions}"
+        )
+
+        # Basic validation of findings structure
+        for finding in retirejs_findings:
+            assert "description" in finding.data, "Finding should have description"
+            assert "url" in finding.data, "Finding should have url"
+            assert finding.parent.type == "URL_UNVERIFIED", "Parent should be URL_UNVERIFIED"
+
+
+class TestRetireJSNoExcavate(ModuleTestBase):
+    targets = ["http://127.0.0.1:8888"]
+    modules_overrides = ["httpx", "retirejs"]
+    force_start = True  # Allow scan to continue even if modules fail setup
+    config_overrides = {
+        "excavate": False,
+    }
+
+    def check(self, module_test, events):
+        # When excavate is disabled, retirejs should fail setup but scan should still run
+        retirejs_module = module_test.scan.modules.get("retirejs")
+
+        if retirejs_module:
+            # Check that the module exists but setup failed
+            setup_status = getattr(retirejs_module, "_setup_status", None)
+            if setup_status is not None:
+                success, error_msg = setup_status
+                assert success is False, "retirejs setup should have failed without excavate"
+                expected_error = "retirejs will not function without excavate enabled"
+                assert error_msg == expected_error, f"Expected error message '{expected_error}', but got '{error_msg}'"
+
+        # No retirejs findings should be generated since setup failed
+        retirejs_findings = [e for e in events if e.type == "FINDING" and getattr(e, "module", None) == "retirejs"]
+        assert len(retirejs_findings) == 0, "retirejs should not generate findings when setup fails"

{bbot-2.7.0.6962rc0.dist-info → bbot-2.7.0.6989rc0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: bbot
-Version: 2.7.0.6962rc0
+Version: 2.7.0.6989rc0
 Summary: OSINT automation for hackers.
 License: GPL-3.0
 Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool

{bbot-2.7.0.6962rc0.dist-info → bbot-2.7.0.6989rc0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-bbot/__init__.py,sha256=sl7Uz8uS9blFFoPuBAG5Q5s4a3n87_KdTeY83faWg3E,163
+bbot/__init__.py,sha256=KqGrJ3EqVq7g_ze809iQbwFcd5RlmZeXtHWN9bjQaVY,163
 bbot/cli.py,sha256=1QJbANVw9Q3GFM92H2QRV2ds5756ulm08CDZwzwPpeI,11888
 bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
 bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
@@ -25,7 +25,7 @@ bbot/core/helpers/dns/dns.py,sha256=erinIU5Ss2oBd0jgHucPwAgArBlQh2lQGeAZbxhq5lc,
 bbot/core/helpers/dns/engine.py,sha256=Xs2VyjvQFmjKciQOlEWO0ELUmXiUxwoj8YX3InVlOic,28777
 bbot/core/helpers/dns/helpers.py,sha256=aQroIuz5TxrCZ4zoplOaqLj3ZNgOgDRKn0xM8GKz2dA,8505
 bbot/core/helpers/dns/mock.py,sha256=FCPrihu6O4kun38IH70RfktsXIKKfe0Qx5PMzZVUdsY,2588
-bbot/core/helpers/files.py,sha256=9tVr3973QvX8l6o3TweD5_MCZiQpuJVffbzW0U7Z30U,5786
+bbot/core/helpers/files.py,sha256=vWxx5AfH8khboawBdUi-KYvbjpybSMLGZpixylitGMQ,5811
 bbot/core/helpers/helper.py,sha256=u-q_Ka9pY1atvC-FChxYpURM7b3_0gaCNIHSG__Wi74,8538
 bbot/core/helpers/interactsh.py,sha256=VBYYH6-rWBofRsgemndK6iZNmyifOps8vgQOw2mac4k,12624
 bbot/core/helpers/libmagic.py,sha256=QMHyxjgDLb2jyjBvK1MQ-xt6WkGXhKcHu9ZP1li-sik,3460
@@ -50,7 +50,7 @@ bbot/core/modules.py,sha256=G4rRVF1bQzp62kwpgxwMa_FTV4-huWwtcd6HpW9jQf0,31970
 bbot/core/multiprocess.py,sha256=ocQHanskJ09gHwe7RZmwNdZyCOQyeyUoIHCtLbtvXUk,1771
 bbot/core/shared_deps.py,sha256=NeJmyakKxQQjN-H3rYGwGuHeVxDiVM_KnDfeVEeIbf4,9498
 bbot/db/sql/models.py,sha256=SrUdDOBCICzXJBY29p0VvILhMQ1JCuh725bqvIYogX0,4884
-bbot/defaults.yml,sha256=TTxtlnyE9vPihXjkGMDbBpNRlGa48GhRXS23iFsKUAg,7830
+bbot/defaults.yml,sha256=-RAGZs-0wXTHKxCbU2i7XyX8AGZx2woN0_ID5P6GtFI,7961
 bbot/errors.py,sha256=xwQcD26nU9oc7-o0kv5jmEDTInmi8_W8eKAgQZZxdVM,953
 bbot/logger.py,sha256=wE-532v5FyKuSSoTdyW1xSfaOnLZB1axAJnB-uW2xrI,2745
 bbot/modules/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -64,7 +64,7 @@ bbot/modules/baddns.py,sha256=vSWWBiPfVowAg1yrBAx0rm8ViSh1O3VX7nI9Pn2Z5mo,6694
 bbot/modules/baddns_direct.py,sha256=G5WTKQ-jKJnSLijsOjyQKoR2Sx49fvACBvAC-b_yPck,3820
 bbot/modules/baddns_zone.py,sha256=8s2vIbU2MsLW6w12bDyw8FWBfdDRn2A2gWoMFEX4gPw,1036
 bbot/modules/badsecrets.py,sha256=2M515_nmDg24WTDqM01w-2DNN2H8BewvqnG_8hG6n3o,5110
-bbot/modules/base.py,sha256=EtFx7IUV-tBXlVt0UxwsmJRCaef20rp4yyWO6ko-KR0,78473
+bbot/modules/base.py,sha256=uatsSs15fcaawbu7JTfQiY8WhkKQ-6WGGG41hIT2YeQ,78811
 bbot/modules/bevigil.py,sha256=0VLIxmeXRUI2-EoR6IzuHJMcX8KCHNNta-WYa3gVlDg,2862
 bbot/modules/bucket_amazon.py,sha256=mwjYeEAcdfOpjbOa1sD8U9KBMMVY_c8FoHjSGR9GQbg,730
 bbot/modules/bucket_azure.py,sha256=Jaa9XEL7w7VM0a-WAp05MOGdP5nt7hMpLzBsPq74_IM,1284
@@ -113,10 +113,10 @@ bbot/modules/github_workflows.py,sha256=xKntAFDeGuE4MqbEmhJyYXKbzoSh9tWYlHNlnF37
 bbot/modules/gitlab.py,sha256=9oWWpBijeHCjuFBfWW4HvNqt7bvJvrBgBjaaz_UPPnE,5964
 bbot/modules/google_playstore.py,sha256=N4QjzQag_bgDXfX17rytBiiWA-SQtYI2N0J_ZNEOdv0,3701
 bbot/modules/gowitness.py,sha256=hMhCz4O1sDJCzCzRIcmu0uNDgDDf9JzkFBwL1WuUum0,13144
-bbot/modules/graphql_introspection.py,sha256=-BAzNhBegup2sIYQdJ0jcafZFTGTZl3WoMygilyvfVA,4144
+bbot/modules/graphql_introspection.py,sha256=xcrdW9lUJhxgIxJyZxfFQSk9vQxyBpvQmMoKWhRLdUA,4152
 bbot/modules/hackertarget.py,sha256=IsKs9PtxUHdLJKZydlRdW_loBE2KphQYi3lKDAd4odc,1029
 bbot/modules/host_header.py,sha256=uDjwidMdeNPMRfzQ2YW4REEGsZqnGOZHbOS6GgdNd9s,7686
-bbot/modules/httpx.py,sha256=z0sgnfLqIXyiadM0rKQK2p86lka7rC4pGCfTVUqU5Lk,8118
+bbot/modules/httpx.py,sha256=tlQ6NKw8FJ6rGaNI1BnwKqjxZFn1MZeItGZgNab_Ydo,8177
 bbot/modules/hunt.py,sha256=zt-RKBiOlAKozHA-ZvuPeSOISEu7rIo2aHXQWEsILhw,6607
 bbot/modules/hunterio.py,sha256=dL8IUecJQzNJgvtHArQ1Lz574MbRTF7GbLxp6lLcs0o,2644
 bbot/modules/iis_shortnames.py,sha256=TD4kow8TB9slz0SENrfxmQ0Yo9WwsY6DB3j0vvgUIbA,16296
@@ -152,7 +152,7 @@ bbot/modules/oauth.py,sha256=s-Q6PYJl1OLncGgHzCV0QAzbkewT5zzKCRaa8GidBqc,6720
 bbot/modules/otx.py,sha256=GYi5GFLKlKuRHPYMqtq42bSulerkSpAWHM6ex5eK7ww,913
 bbot/modules/output/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bbot/modules/output/asset_inventory.py,sha256=nOIclasA3dGWfgzkgucQSivvXHQquEq312Y0Z6In49I,15479
-bbot/modules/output/base.py,sha256=HUkgtUNNfmSBVsVLr6XNfgXyBn9jWXBVm-ECJFWa3vQ,3820
+bbot/modules/output/base.py,sha256=9qtuU3dqpyw5r9txGwLc3nuK5Cg9NDD3Ol80JKPxyKI,3530
 bbot/modules/output/csv.py,sha256=Nh8zcapgNAqbUKm-Jjb5kVL-INXwkn13oZ_Id-BEwUk,2865
 bbot/modules/output/discord.py,sha256=-6Dny6ZFG9W1OV54nqyamRZQk7TPzxw05nrSlb2Lwqw,730
 bbot/modules/output/emails.py,sha256=mzZideMCNfB8-naQANO5g8Y9HdgviAihRsdY_xPQjbQ,1095
@@ -187,6 +187,7 @@ bbot/modules/reflected_parameters.py,sha256=RjS-4C-XC9U-jC9J7AYNqwn6I-O2y3LvTRhB
 bbot/modules/report/affiliates.py,sha256=vvus8LylqOfP-lfGid0z4FS6MwOpNuRTcSJ9aSnybp4,1713
 bbot/modules/report/asn.py,sha256=D0jQkcZe_gEbmSokgSisYw6QolVJI9l71ksSMlOVTfo,9687
 bbot/modules/report/base.py,sha256=hOtZF41snTSlHZmzZndmOjfmtdKPy2-tfFBAxxbHcao,105
+bbot/modules/retirejs.py,sha256=m56ESnaMg_xcsNgSCyPmMYFX3iXowh1B7IUxnr7nvpA,10423
 bbot/modules/robots.py,sha256=LGG6ixsxrlaCk-mi4Lp6kB2RB1v-25NhTAQxdQEtH8s,2172
 bbot/modules/securitytrails.py,sha256=5Jk_HTQP8FRq6A30sN19FU79uLJt7aiOsI2dxNkLDcM,1148
 bbot/modules/securitytxt.py,sha256=nwaTOnRAl2NWcEc3i_I9agB56QjqK8dHqiKRHPPkCPE,4558
@@ -248,14 +249,14 @@ bbot/presets/web-screenshots.yml,sha256=Kh5yDh2kKLJPxO5A67VxKWzou6XU1Ct-NFZqYsa6
 bbot/presets/web-thorough.yml,sha256=d7m8R64l9dcliuIhjVi0Q_PPAKk59Y6vkJSyLJe8LGI,115
 bbot/scanner/__init__.py,sha256=sJ7FoLQ1vwLscH8hju2PEUyGTZ_OwMVvW9b11CrCWdI,89
 bbot/scanner/dispatcher.py,sha256=_hsIegfUDrt8CUdXqgRvp1J0UwwzqVSDxjQmiviO41c,793
-bbot/scanner/manager.py,sha256=eyd_0IjnPH3e-tJSOwY-rxauVI6L9Ltr3pWmpPSO5Jc,11019
+bbot/scanner/manager.py,sha256=HD83B5ZCUwZQZ5tDqCoQ7ZLq7XF2Y5hoqJt4xUwNx34,11304
 bbot/scanner/preset/__init__.py,sha256=If_YqKILIxjlaJvf8lFc5zQTHDkounLdC8x_72N-V10,49
 bbot/scanner/preset/args.py,sha256=Oto4sO8E9hKeQn6Fp8ua_WB3xvYI97GgnBFg5f4jh0Y,19547
 bbot/scanner/preset/conditions.py,sha256=hFL9cSIWGEsv2TfM5UGurf0c91cyaM8egb5IngBmIjA,1569
 bbot/scanner/preset/environ.py,sha256=9KbEOLWkUdoAf5Ez_2A1NNm6QduQElbnNnrPi6VDhZs,4731
 bbot/scanner/preset/path.py,sha256=X32-ZUmL7taIv37VKF1KfmeiK9fjuQOE7pWUTEbPK8c,2483
 bbot/scanner/preset/preset.py,sha256=G_aMMI33d2OlzNUwjfi5ddJdxa8nK0oF5HrYAsuregU,40708
-bbot/scanner/scanner.py,sha256=1b_M7OCeTUePi8Va9uvx-ZLD7L6-4fYCaxIcPMjNWC8,55584
+bbot/scanner/scanner.py,sha256=Zz_syqeBpzc0Df1RH5HizylM2IPbFe7ZKd6e9quHWY4,55578
 bbot/scanner/stats.py,sha256=re93sArKXZSiD0Owgqk2J3Kdvfm3RL4Y9Qy_VOcaVk8,3623
 bbot/scanner/target.py,sha256=lI0Tn5prQiPiJE3WW-ZLx_l6EFqzAVabtyL-nfXJ8cE,10636
 bbot/scripts/docs.py,sha256=aYAHlcHtMAhM-XGTDiSpzccnX1dh0Xi_WxmC2bgylQ4,11373
@@ -270,7 +271,7 @@ bbot/test/test.conf,sha256=JX0-Wl7N7VN6x_hhkFL-RF4TDAHgL9OfNNdujfD7tHo,994
 bbot/test/test_output.ndjson,sha256=Jfor8nUJ3QTEwXxD6UULrFXM4zhP5wflWo_UNekM3V8,323
 bbot/test/test_step_1/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bbot/test/test_step_1/test__module__tests.py,sha256=SZGsvbq8mG7dIn93Ka8hnJsFt4QDXmrdvPavsU8NN40,1479
-bbot/test/test_step_1/test_bbot_fastapi.py,sha256=FNGvlax4lFZVd0T3HvV9SJh1lsngOX58GrUnJVzoy20,2531
+bbot/test/test_step_1/test_bbot_fastapi.py,sha256=jujpDw4yedGpE2frPRMNV8mq4a5KuzW-_DGSkodxH_o,2552
 bbot/test/test_step_1/test_bloom_filter.py,sha256=Uy6qUZr4mSbD1VmU8Yq8u3ezqZziCjmZQiE844_FoX8,2143
 bbot/test/test_step_1/test_cli.py,sha256=yp61_di0vaEeC6USNCEOibc-Uh81fvEcqgfxLfNk09w,27586
 bbot/test/test_step_1/test_command.py,sha256=5IeGV6TKB0xtFEsfsU_0mNrOmEdIQiQ3FHkUmsBNoOI,6485
@@ -280,7 +281,7 @@ bbot/test/test_step_1/test_dns.py,sha256=6dKAhdQRZ_bceBrICIpaaV5MBGHeDVBQ-qSYD9B
 bbot/test/test_step_1/test_docs.py,sha256=YWVGNRfzcrvDmFekX0Cq9gutQplsqvhKTpZ0XK4tWvo,82
 bbot/test/test_step_1/test_engine.py,sha256=3HkCPtYhUxiZzfA-BRHpLsyaRj9wIXKbb49BCk9dILM,4267
 bbot/test/test_step_1/test_event_seeds.py,sha256=s_0BRqkahX4MYYqkmPqgcCsFrMbiXdTfLuKqNU2jkEU,6652
-bbot/test/test_step_1/test_events.py,sha256=Evm_rw5Y6W3H6eAGTlNcSWGALVo9PpKi_Rs80trPuXE,54312
+bbot/test/test_step_1/test_events.py,sha256=FWSXAVFdVZaxxDS4anFKYTLm8AHVSULI9ZMHzKcaOLY,54263
 bbot/test/test_step_1/test_files.py,sha256=5Q_3jPpMXULxDHsanSDUaj8zF8bXzKdiJZHOmoYpLhQ,699
 bbot/test/test_step_1/test_helpers.py,sha256=7GP6-95yWRBGhx0-p6N7zZVEDcF9EO9wc0rkhs1JDsg,40281
 bbot/test/test_step_1/test_manager_deduplication.py,sha256=hZQpDXzg6zvzxFolVOcJuY-ME8NXjZUsqS70BRNXp8A,15594
@@ -289,14 +290,14 @@ bbot/test/test_step_1/test_modules_basic.py,sha256=ELpGlsthSq8HaxB5My8-ESVHqMxqd
 bbot/test/test_step_1/test_presets.py,sha256=HnJhKwDnVh9Y6adgxqe85677rWpnFil_WS5GjX21ZvM,40959
 bbot/test/test_step_1/test_python_api.py,sha256=Fk5bxEsPSjsMZ_CcRMTJft8I48EizwHJivG9Fy4jIu0,5502
 bbot/test/test_step_1/test_regexes.py,sha256=GEJE4NY6ge0WnG3BcFgRiT78ksy2xpFk6UdS9vGQMPs,15254
-bbot/test/test_step_1/test_scan.py,sha256=vnUF646MinLTdRAD_AwZ5sAqq6gmoHV7WlgNp5sjc_M,10875
+bbot/test/test_step_1/test_scan.py,sha256=2tnIvh1PYDq1YoxT2MJZAMf_gg02v5aDaB6aknMjtmI,10490
 bbot/test/test_step_1/test_scope.py,sha256=S2nssENKJKCvgXUMyU8MFQmXHeUIz0C_sbWGkdYti2A,3063
 bbot/test/test_step_1/test_target.py,sha256=4Xz6Fns_6wa2O3AXDBvd7W04LCfZSCiit2lezQJicTI,19472
 bbot/test/test_step_1/test_web.py,sha256=qzMb5v_1l6fK6SvJZoHpBI3Zb7iaHU_VnenQ8UQIK-4,19637
 bbot/test/test_step_1/test_web_envelopes.py,sha256=28cwm_HZvdGo__uiaShO2AwTJ728FTKwpESRB418AIc,18259
 bbot/test/test_step_2/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bbot/test/test_step_2/module_tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-bbot/test/test_step_2/module_tests/base.py,sha256=tLaO3Csb4DPv4Nuu5xjEPdYhsj70f_vZVV0voTisjyM,5942
+bbot/test/test_step_2/module_tests/base.py,sha256=YBtOa38-NErIQAQ2W7b2a6Vd2ZBq2YHWFJpsNVJ5dwI,6019
 bbot/test/test_step_2/module_tests/test_module_affiliates.py,sha256=d6uAzb_MF4oNGFEBG7Y6T2y0unWpf1gqNxUXRaYqOdk,673
 bbot/test/test_step_2/module_tests/test_module_aggregate.py,sha256=hjxbMxAEFhS7W8RamBrM1t6T-tsLHq95MmQVfrYsock,487
 bbot/test/test_step_2/module_tests/test_module_ajaxpro.py,sha256=S2pFV0TgOJ01SMHnIxcoBkGZ8SAaQVY9o32DOFoZ1u4,3857
@@ -347,7 +348,7 @@ bbot/test/test_step_2/module_tests/test_module_dockerhub.py,sha256=9T8CFcFP32MOp
 bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=Q7M3hrbEwOuORZXPS-pIGFTRzB2-g4cEvGtsEcTp7t8,8049
 bbot/test/test_step_2/module_tests/test_module_emailformat.py,sha256=cKxBPnEQ4AiRKV_-hSYEE6756ypst3hi6MN0L5RTukY,461
 bbot/test/test_step_2/module_tests/test_module_emails.py,sha256=bZjtO8N3GG2_g6SUEYprAFLcsi7SlwNPJJ0nODfrWYU,944
-bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=a-r8ZQwDVFlCCXQsM93j80FLY9jeb2N2HHY85Q3Q2aI,61475
+bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=ywg-J2yl6LynHKIxEWmxBvV1RNFOZC2uCu1pGSbaoFo,61586
 bbot/test/test_step_2/module_tests/test_module_extractous.py,sha256=6wuZ978y5YIPYdR7av6otrY_5jUlzzuJDZ-DsBNOoLA,18197
 bbot/test/test_step_2/module_tests/test_module_ffuf.py,sha256=z8ihAM1WYss7QGXIjbi67cekg8iOemDjaM8YR9_qSEs,4100
 bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py,sha256=0-a9J-gq8bUtmxl_-QPVidwZ9KkCvgvoG30Ot3a8lqM,8406
@@ -403,6 +404,7 @@ bbot/test/test_step_2/module_tests/test_module_postman_download.py,sha256=u3lF7U
 bbot/test/test_step_2/module_tests/test_module_python.py,sha256=6UQVXGJ1ugfNbt9l_nN0q5FVxNWlpq6j0sZcB0Nh_Pg,184
 bbot/test/test_step_2/module_tests/test_module_rapiddns.py,sha256=zXHNLnUjLO22yRwrDFCZ40sRTmFVZEj9q_dyK8w1TYM,4441
 bbot/test/test_step_2/module_tests/test_module_reflected_parameters.py,sha256=4cY8yK9iImB1O68pi1lACcPEtNQ9-sud9Xl16fYB8cU,9003
+bbot/test/test_step_2/module_tests/test_module_retirejs.py,sha256=1nzTxoMnq10N7X33soJ1hKNBvWXhAo5hdXo7HKaYRfw,6829
 bbot/test/test_step_2/module_tests/test_module_robots.py,sha256=8rRw4GpGE6tN_W3ohtpfWiji_bEEmD31wvxz7r1FqnI,1564
 bbot/test/test_step_2/module_tests/test_module_securitytrails.py,sha256=NB8_PhWN1-2s8wporRjI6rrQeQW4inoz4Z_mBhhycXo,758
 bbot/test/test_step_2/module_tests/test_module_securitytxt.py,sha256=ZGl1iZVVE_JfqC_AAYSLLdXGOu57rCM1rnCYlRNxrM0,2390
@@ -453,8 +455,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ZSIVebs7ptMvHx
 bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
 bbot/wordlists/valid_url_schemes.txt,sha256=0B_VAr9Dv7aYhwi6JSBDU-3M76vNtzN0qEC_RNLo7HE,3310
 bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
-bbot-2.7.0.6962rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
-bbot-2.7.0.6962rc0.dist-info/METADATA,sha256=DTH-2tKHw4l3E3TgGl0LOvsdZGhRqrEb44Ct2HxSnag,18308
-bbot-2.7.0.6962rc0.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
-bbot-2.7.0.6962rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
-bbot-2.7.0.6962rc0.dist-info/RECORD,,
+bbot-2.7.0.6989rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
+bbot-2.7.0.6989rc0.dist-info/METADATA,sha256=NO1Ezqw8WggKJwkDLTHpsQ3W5ZLHjZSFywDAl6XT9Vg,18308
+bbot-2.7.0.6989rc0.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
+bbot-2.7.0.6989rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
+bbot-2.7.0.6989rc0.dist-info/RECORD,,