bbot 2.7.0.6989rc0__py3-none-any.whl → 2.7.0.6995rc0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of bbot might be problematic. Click here for more details.
- bbot/__init__.py +1 -1
- bbot/test/test_step_2/module_tests/test_module_excavate.py +29 -0
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.6995rc0.dist-info}/METADATA +1 -1
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.6995rc0.dist-info}/RECORD +7 -7
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.6995rc0.dist-info}/LICENSE +0 -0
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.6995rc0.dist-info}/WHEEL +0 -0
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.6995rc0.dist-info}/entry_points.txt +0 -0
bbot/__init__.py
CHANGED
|
@@ -167,6 +167,35 @@ class TestExcavate2(TestExcavate):
|
|
|
167
167
|
assert not root_page_confusion_2, "Incorrectly detected root-relative URL"
|
|
168
168
|
|
|
169
169
|
|
|
170
|
+
class TestExcavateInScopeJavascript(TestExcavate):
|
|
171
|
+
targets = ["http://127.0.0.1:8888/"]
|
|
172
|
+
modules_overrides = ["excavate", "httpx", "badsecrets"]
|
|
173
|
+
|
|
174
|
+
async def setup_before_prep(self, module_test):
|
|
175
|
+
module_test.httpserver.expect_request("/").respond_with_data(
|
|
176
|
+
"<script>window.location.href = 'http://127.0.0.1:8888/script.js';</script>"
|
|
177
|
+
)
|
|
178
|
+
module_test.httpserver.expect_request("/script.js").respond_with_data(
|
|
179
|
+
"var = 'eyJhbGciOiJIUzI1NiJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkJhZFNlY3JldHMiLCJleHAiOjE1OTMxMzM0ODMsImlhdCI6MTQ2NjkwMzA4M30.ovqRikAo_0kKJ0GVrAwQlezymxrLGjcEiW_s3UJMMCo';"
|
|
180
|
+
)
|
|
181
|
+
|
|
182
|
+
def check(self, module_test, events):
|
|
183
|
+
found_js_url_event = False
|
|
184
|
+
found_badsecrets_vulnerability = False
|
|
185
|
+
found_excavate_jwt_finding = False
|
|
186
|
+
for e in events:
|
|
187
|
+
if e.type == "URL" and e.data == "http://127.0.0.1:8888/script.js":
|
|
188
|
+
found_js_url_event = True
|
|
189
|
+
if e.type == "FINDING" and "JWT" in e.data["description"] and str(e.module) == "excavate":
|
|
190
|
+
found_excavate_jwt_finding = True
|
|
191
|
+
if e.type == "VULNERABILITY":
|
|
192
|
+
found_badsecrets_vulnerability = True
|
|
193
|
+
|
|
194
|
+
assert found_js_url_event, "Failed to find URL event for script.js"
|
|
195
|
+
assert found_badsecrets_vulnerability, "Failed to find BADSECRETs event from script.js"
|
|
196
|
+
assert found_excavate_jwt_finding, "Failed to find JWT finding from script.js"
|
|
197
|
+
|
|
198
|
+
|
|
170
199
|
class TestExcavateRedirect(TestExcavate):
|
|
171
200
|
targets = ["http://127.0.0.1:8888/", "http://127.0.0.1:8888/relative/", "http://127.0.0.1:8888/nonhttpredirect/"]
|
|
172
201
|
config_overrides = {"scope": {"report_distance": 1}}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: bbot
|
|
3
|
-
Version: 2.7.0.
|
|
3
|
+
Version: 2.7.0.6995rc0
|
|
4
4
|
Summary: OSINT automation for hackers.
|
|
5
5
|
License: GPL-3.0
|
|
6
6
|
Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
bbot/__init__.py,sha256=
|
|
1
|
+
bbot/__init__.py,sha256=8zvR_CBXayNG4n927UT2yACaxPAUGcsox_LrkFHI94M,163
|
|
2
2
|
bbot/cli.py,sha256=1QJbANVw9Q3GFM92H2QRV2ds5756ulm08CDZwzwPpeI,11888
|
|
3
3
|
bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
|
|
4
4
|
bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
|
|
@@ -348,7 +348,7 @@ bbot/test/test_step_2/module_tests/test_module_dockerhub.py,sha256=9T8CFcFP32MOp
|
|
|
348
348
|
bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=Q7M3hrbEwOuORZXPS-pIGFTRzB2-g4cEvGtsEcTp7t8,8049
|
|
349
349
|
bbot/test/test_step_2/module_tests/test_module_emailformat.py,sha256=cKxBPnEQ4AiRKV_-hSYEE6756ypst3hi6MN0L5RTukY,461
|
|
350
350
|
bbot/test/test_step_2/module_tests/test_module_emails.py,sha256=bZjtO8N3GG2_g6SUEYprAFLcsi7SlwNPJJ0nODfrWYU,944
|
|
351
|
-
bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=
|
|
351
|
+
bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=AUh9fegqoxZjZHISWryuJgK3HJqKEUhFsRtMTROFfa4,63067
|
|
352
352
|
bbot/test/test_step_2/module_tests/test_module_extractous.py,sha256=6wuZ978y5YIPYdR7av6otrY_5jUlzzuJDZ-DsBNOoLA,18197
|
|
353
353
|
bbot/test/test_step_2/module_tests/test_module_ffuf.py,sha256=z8ihAM1WYss7QGXIjbi67cekg8iOemDjaM8YR9_qSEs,4100
|
|
354
354
|
bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py,sha256=0-a9J-gq8bUtmxl_-QPVidwZ9KkCvgvoG30Ot3a8lqM,8406
|
|
@@ -455,8 +455,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ZSIVebs7ptMvHx
|
|
|
455
455
|
bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
|
|
456
456
|
bbot/wordlists/valid_url_schemes.txt,sha256=0B_VAr9Dv7aYhwi6JSBDU-3M76vNtzN0qEC_RNLo7HE,3310
|
|
457
457
|
bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
|
|
458
|
-
bbot-2.7.0.
|
|
459
|
-
bbot-2.7.0.
|
|
460
|
-
bbot-2.7.0.
|
|
461
|
-
bbot-2.7.0.
|
|
462
|
-
bbot-2.7.0.
|
|
458
|
+
bbot-2.7.0.6995rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
|
|
459
|
+
bbot-2.7.0.6995rc0.dist-info/METADATA,sha256=2bJOdQ8IgUMs-IENkizinMmhvmsOtK3nBf4w3hc8xwo,18308
|
|
460
|
+
bbot-2.7.0.6995rc0.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
|
|
461
|
+
bbot-2.7.0.6995rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
|
|
462
|
+
bbot-2.7.0.6995rc0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|