bbot 2.7.0.6989rc0__py3-none-any.whl → 2.7.0.7002rc0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of bbot might be problematic. Click here for more details.
- bbot/__init__.py +1 -1
- bbot/modules/retirejs.py +9 -15
- bbot/test/test_step_2/module_tests/test_module_excavate.py +29 -0
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.7002rc0.dist-info}/METADATA +1 -1
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.7002rc0.dist-info}/RECORD +8 -8
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.7002rc0.dist-info}/LICENSE +0 -0
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.7002rc0.dist-info}/WHEEL +0 -0
- {bbot-2.7.0.6989rc0.dist-info → bbot-2.7.0.7002rc0.dist-info}/entry_points.txt +0 -0
bbot/__init__.py
CHANGED
bbot/modules/retirejs.py
CHANGED
|
@@ -67,16 +67,16 @@ class retirejs(BaseModule):
|
|
|
67
67
|
"name": "Rename Node.js directory (x64)",
|
|
68
68
|
"command": "mv #{BBOT_TOOLS}/node-v#{BBOT_MODULES_RETIREJS_NODE_VERSION}-linux-x64 #{BBOT_TOOLS}/node",
|
|
69
69
|
},
|
|
70
|
+
# Set permissions on entire Node.js bin directory
|
|
71
|
+
{
|
|
72
|
+
"name": "Set permissions on Node.js bin directory",
|
|
73
|
+
"file": {"path": "#{BBOT_TOOLS}/node/bin", "mode": "0755", "recurse": "yes"},
|
|
74
|
+
},
|
|
70
75
|
# Make Node.js binary executable
|
|
71
76
|
{
|
|
72
77
|
"name": "Make Node.js binary executable",
|
|
73
78
|
"file": {"path": "#{BBOT_TOOLS}/node/bin/node", "mode": "0755"},
|
|
74
79
|
},
|
|
75
|
-
# Make npm executable
|
|
76
|
-
{
|
|
77
|
-
"name": "Make npm executable",
|
|
78
|
-
"file": {"path": "#{BBOT_TOOLS}/node/bin/npm", "mode": "0755"},
|
|
79
|
-
},
|
|
80
80
|
# Remove existing retirejs directory if it exists
|
|
81
81
|
{
|
|
82
82
|
"name": "Remove existing retirejs directory",
|
|
@@ -90,16 +90,11 @@ class retirejs(BaseModule):
|
|
|
90
90
|
# Install retire.js locally using local Node.js
|
|
91
91
|
{
|
|
92
92
|
"name": "Install retire.js locally",
|
|
93
|
-
"shell": "cd #{BBOT_TOOLS}/retirejs && #{BBOT_TOOLS}/node/bin/node #{BBOT_TOOLS}/node/lib/node_modules/npm/bin/npm-cli.js install retire@#{BBOT_MODULES_RETIREJS_VERSION} --no-fund --no-audit --silent --no-optional",
|
|
93
|
+
"shell": "cd #{BBOT_TOOLS}/retirejs && #{BBOT_TOOLS}/node/bin/node #{BBOT_TOOLS}/node/lib/node_modules/npm/bin/npm-cli.js install --prefix . retire@#{BBOT_MODULES_RETIREJS_VERSION} --no-fund --no-audit --silent --no-optional",
|
|
94
94
|
"args": {"creates": "#{BBOT_TOOLS}/retirejs/node_modules/.bin/retire"},
|
|
95
95
|
"timeout": 600,
|
|
96
96
|
"ignore_errors": False,
|
|
97
97
|
},
|
|
98
|
-
# Fix retire script shebang to use our local node binary
|
|
99
|
-
{
|
|
100
|
-
"name": "Fix retire script shebang",
|
|
101
|
-
"shell": "sed -i '1s|#!/usr/bin/env node|#!#{BBOT_TOOLS}/node/bin/node|' #{BBOT_TOOLS}/retirejs/node_modules/.bin/retire",
|
|
102
|
-
},
|
|
103
98
|
# Make retire script executable
|
|
104
99
|
{
|
|
105
100
|
"name": "Make retire script executable",
|
|
@@ -209,14 +204,13 @@ class retirejs(BaseModule):
|
|
|
209
204
|
async def execute_retirejs(self, js_file):
|
|
210
205
|
cache_dir = self.helpers.cache_dir / "retire_cache"
|
|
211
206
|
retire_dir = self.scan.helpers.tools_dir / "retirejs"
|
|
212
|
-
|
|
213
|
-
# Use the retire CLI script directly with our local node binary
|
|
214
207
|
local_node_dir = self.scan.helpers.tools_dir / "node"
|
|
215
|
-
retire_cli_script = retire_dir / "node_modules" / "retire" / "lib" / "cli.js"
|
|
216
208
|
|
|
209
|
+
# Use the retire binary directly with our local Node.js
|
|
210
|
+
retire_binary_path = retire_dir / "node_modules" / ".bin" / "retire"
|
|
217
211
|
command = [
|
|
218
212
|
str(local_node_dir / "bin" / "node"),
|
|
219
|
-
str(
|
|
213
|
+
str(retire_binary_path),
|
|
220
214
|
"--outputformat",
|
|
221
215
|
"json",
|
|
222
216
|
"--cachedir",
|
|
@@ -167,6 +167,35 @@ class TestExcavate2(TestExcavate):
|
|
|
167
167
|
assert not root_page_confusion_2, "Incorrectly detected root-relative URL"
|
|
168
168
|
|
|
169
169
|
|
|
170
|
+
class TestExcavateInScopeJavascript(TestExcavate):
|
|
171
|
+
targets = ["http://127.0.0.1:8888/"]
|
|
172
|
+
modules_overrides = ["excavate", "httpx", "badsecrets"]
|
|
173
|
+
|
|
174
|
+
async def setup_before_prep(self, module_test):
|
|
175
|
+
module_test.httpserver.expect_request("/").respond_with_data(
|
|
176
|
+
"<script>window.location.href = 'http://127.0.0.1:8888/script.js';</script>"
|
|
177
|
+
)
|
|
178
|
+
module_test.httpserver.expect_request("/script.js").respond_with_data(
|
|
179
|
+
"var = 'eyJhbGciOiJIUzI1NiJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkJhZFNlY3JldHMiLCJleHAiOjE1OTMxMzM0ODMsImlhdCI6MTQ2NjkwMzA4M30.ovqRikAo_0kKJ0GVrAwQlezymxrLGjcEiW_s3UJMMCo';"
|
|
180
|
+
)
|
|
181
|
+
|
|
182
|
+
def check(self, module_test, events):
|
|
183
|
+
found_js_url_event = False
|
|
184
|
+
found_badsecrets_vulnerability = False
|
|
185
|
+
found_excavate_jwt_finding = False
|
|
186
|
+
for e in events:
|
|
187
|
+
if e.type == "URL" and e.data == "http://127.0.0.1:8888/script.js":
|
|
188
|
+
found_js_url_event = True
|
|
189
|
+
if e.type == "FINDING" and "JWT" in e.data["description"] and str(e.module) == "excavate":
|
|
190
|
+
found_excavate_jwt_finding = True
|
|
191
|
+
if e.type == "VULNERABILITY":
|
|
192
|
+
found_badsecrets_vulnerability = True
|
|
193
|
+
|
|
194
|
+
assert found_js_url_event, "Failed to find URL event for script.js"
|
|
195
|
+
assert found_badsecrets_vulnerability, "Failed to find BADSECRETs event from script.js"
|
|
196
|
+
assert found_excavate_jwt_finding, "Failed to find JWT finding from script.js"
|
|
197
|
+
|
|
198
|
+
|
|
170
199
|
class TestExcavateRedirect(TestExcavate):
|
|
171
200
|
targets = ["http://127.0.0.1:8888/", "http://127.0.0.1:8888/relative/", "http://127.0.0.1:8888/nonhttpredirect/"]
|
|
172
201
|
config_overrides = {"scope": {"report_distance": 1}}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: bbot
|
|
3
|
-
Version: 2.7.0.
|
|
3
|
+
Version: 2.7.0.7002rc0
|
|
4
4
|
Summary: OSINT automation for hackers.
|
|
5
5
|
License: GPL-3.0
|
|
6
6
|
Keywords: python,cli,automation,osint,threat-intel,intelligence,neo4j,scanner,python-library,hacking,recursion,pentesting,recon,command-line-tool,bugbounty,subdomains,security-tools,subdomain-scanner,osint-framework,attack-surface,subdomain-enumeration,osint-tool
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
bbot/__init__.py,sha256=
|
|
1
|
+
bbot/__init__.py,sha256=nZBigwfdyXf7yqicWEvudUnyyst9EsHHiKAZo_DNg1A,163
|
|
2
2
|
bbot/cli.py,sha256=1QJbANVw9Q3GFM92H2QRV2ds5756ulm08CDZwzwPpeI,11888
|
|
3
3
|
bbot/core/__init__.py,sha256=l255GJE_DvUnWvrRb0J5lG-iMztJ8zVvoweDOfegGtI,46
|
|
4
4
|
bbot/core/config/__init__.py,sha256=zYNw2Me6tsEr8hOOkLb4BQ97GB7Kis2k--G81S8vofU,342
|
|
@@ -187,7 +187,7 @@ bbot/modules/reflected_parameters.py,sha256=RjS-4C-XC9U-jC9J7AYNqwn6I-O2y3LvTRhB
|
|
|
187
187
|
bbot/modules/report/affiliates.py,sha256=vvus8LylqOfP-lfGid0z4FS6MwOpNuRTcSJ9aSnybp4,1713
|
|
188
188
|
bbot/modules/report/asn.py,sha256=D0jQkcZe_gEbmSokgSisYw6QolVJI9l71ksSMlOVTfo,9687
|
|
189
189
|
bbot/modules/report/base.py,sha256=hOtZF41snTSlHZmzZndmOjfmtdKPy2-tfFBAxxbHcao,105
|
|
190
|
-
bbot/modules/retirejs.py,sha256=
|
|
190
|
+
bbot/modules/retirejs.py,sha256=9RjTHtBfWY0GmD_DPILjYyylGqGUN-DERaGgLfaObSs,10210
|
|
191
191
|
bbot/modules/robots.py,sha256=LGG6ixsxrlaCk-mi4Lp6kB2RB1v-25NhTAQxdQEtH8s,2172
|
|
192
192
|
bbot/modules/securitytrails.py,sha256=5Jk_HTQP8FRq6A30sN19FU79uLJt7aiOsI2dxNkLDcM,1148
|
|
193
193
|
bbot/modules/securitytxt.py,sha256=nwaTOnRAl2NWcEc3i_I9agB56QjqK8dHqiKRHPPkCPE,4558
|
|
@@ -348,7 +348,7 @@ bbot/test/test_step_2/module_tests/test_module_dockerhub.py,sha256=9T8CFcFP32MOp
|
|
|
348
348
|
bbot/test/test_step_2/module_tests/test_module_dotnetnuke.py,sha256=Q7M3hrbEwOuORZXPS-pIGFTRzB2-g4cEvGtsEcTp7t8,8049
|
|
349
349
|
bbot/test/test_step_2/module_tests/test_module_emailformat.py,sha256=cKxBPnEQ4AiRKV_-hSYEE6756ypst3hi6MN0L5RTukY,461
|
|
350
350
|
bbot/test/test_step_2/module_tests/test_module_emails.py,sha256=bZjtO8N3GG2_g6SUEYprAFLcsi7SlwNPJJ0nODfrWYU,944
|
|
351
|
-
bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=
|
|
351
|
+
bbot/test/test_step_2/module_tests/test_module_excavate.py,sha256=AUh9fegqoxZjZHISWryuJgK3HJqKEUhFsRtMTROFfa4,63067
|
|
352
352
|
bbot/test/test_step_2/module_tests/test_module_extractous.py,sha256=6wuZ978y5YIPYdR7av6otrY_5jUlzzuJDZ-DsBNOoLA,18197
|
|
353
353
|
bbot/test/test_step_2/module_tests/test_module_ffuf.py,sha256=z8ihAM1WYss7QGXIjbi67cekg8iOemDjaM8YR9_qSEs,4100
|
|
354
354
|
bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py,sha256=0-a9J-gq8bUtmxl_-QPVidwZ9KkCvgvoG30Ot3a8lqM,8406
|
|
@@ -455,8 +455,8 @@ bbot/wordlists/raft-small-extensions-lowercase_CLEANED.txt,sha256=ZSIVebs7ptMvHx
|
|
|
455
455
|
bbot/wordlists/top_open_ports_nmap.txt,sha256=LmdFYkfapSxn1pVuQC2LkOIY2hMLgG-Xts7DVtYzweM,42727
|
|
456
456
|
bbot/wordlists/valid_url_schemes.txt,sha256=0B_VAr9Dv7aYhwi6JSBDU-3M76vNtzN0qEC_RNLo7HE,3310
|
|
457
457
|
bbot/wordlists/wordninja_dns.txt.gz,sha256=DYHvvfW0TvzrVwyprqODAk4tGOxv5ezNmCPSdPuDUnQ,570241
|
|
458
|
-
bbot-2.7.0.
|
|
459
|
-
bbot-2.7.0.
|
|
460
|
-
bbot-2.7.0.
|
|
461
|
-
bbot-2.7.0.
|
|
462
|
-
bbot-2.7.0.
|
|
458
|
+
bbot-2.7.0.7002rc0.dist-info/LICENSE,sha256=GzeCzK17hhQQDNow0_r0L8OfLpeTKQjFQwBQU7ZUymg,32473
|
|
459
|
+
bbot-2.7.0.7002rc0.dist-info/METADATA,sha256=GoJDZxCaWD9bvePyFrOTUQOOvYepdPoViowhPj_LM0o,18308
|
|
460
|
+
bbot-2.7.0.7002rc0.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
|
|
461
|
+
bbot-2.7.0.7002rc0.dist-info/entry_points.txt,sha256=cWjvcU_lLrzzJgjcjF7yeGuRA_eDS8pQ-kmPUAyOBfo,38
|
|
462
|
+
bbot-2.7.0.7002rc0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|