Movatterモバイル変換

blacklanternsecurity/bbotPublic

NotificationsYou must be signed in to change notification settings
Fork653
Star8.4k

The recursive internet scanner for hackers. 🧡

www.blacklanternsecurity.com/bbot/

License

GPL-3.0 license

8.4k stars 653 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 6,112 Commits
.github		.github
bbot		bbot
docs		docs
examples		examples
extra_sass		extra_sass
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitmodules		.gitmodules
.pre-commit-config.yaml		.pre-commit-config.yaml
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
bbot-docker.sh		bbot-docker.sh
codecov.yml		codecov.yml
funding.yml		funding.yml
mkdocs.yml		mkdocs.yml
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml

Repository files navigation

BEE·bot is a multipurpose scanner inspired bySpiderfoot, built to automate yourRecon,Bug Bounties, andASM!

first-bbot-scan.mp4

A BBOT scan in real-time - visualization withVivaGraphJS

Installation

# stable versionpipx install bbot# bleeding edge (dev branch)pipx install --pip-args'\--pre' bbot

For more installation methods, includingDocker, seeGetting Started

Example Commands

1) Subdomain Finder

Passive API sources plus a recursive DNS brute-force with target-specific subdomain mutations.

# find subdomains of evilcorp.combbot -t evilcorp.com -p subdomain-enum# passive sources onlybbot -t evilcorp.com -p subdomain-enum -rf passive

subdomain-enum.yml

description:Enumerate subdomains via APIs, brute-forceflags:# enable every module with the subdomain-enum flag  -subdomain-enumoutput_modules:# output unique subdomains to TXT file  -subdomainsconfig:dns:threads:25brute_threads:1000# put your API keys here# modules:#   github:#     api_key: ""#   chaos:#     api_key: ""#   securitytrails:#     api_key: ""

BBOT consistently finds 20-50% more subdomains than other tools. The bigger the domain, the bigger the difference. To learn how this is possible, seeHow It Works.

2) Web Spider

# crawl evilcorp.com, extracting emails and other goodiesbbot -t evilcorp.com -p spider

spider.yml

description:Recursive web spidermodules:  -httpxblacklist:# Prevent spider from invalidating sessions by logging out  -"RE:/.*(sign|log)[_-]?out"config:web:# how many links to follow in a rowspider_distance:2# don't follow links whose directory depth is higher than 4spider_depth:4# maximum number of links to follow per pagespider_links_per_page:25

3) Email Gatherer

# quick email enum with free APIs + scrapingbbot -t evilcorp.com -p email-enum# pair with subdomain enum + web spider for maximum yieldbbot -t evilcorp.com -p email-enum subdomain-enum spider

email-enum.yml

description:Enumerate email addresses from APIs, web crawling, etc.flags:  -email-enumoutput_modules:  -emails

4) Web Scanner

# run a light web scan against www.evilcorp.combbot -t www.evilcorp.com -p web-basic# run a heavy web scan against www.evilcorp.combbot -t www.evilcorp.com -p web-thorough

web-basic.yml

description:Quick web scaninclude:  -iis-shortnamesflags:  -web-basic

web-thorough.yml

description:Aggressive web scaninclude:# include the web-basic preset  -web-basicflags:  -web-thorough

5) Everything Everywhere All at Once

# everything everywhere all at oncebbot -t evilcorp.com -p kitchen-sink --allow-deadly# roughly equivalent to:bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots --allow-deadly

kitchen-sink.yml

description:Everything everywhere all at onceinclude:  -subdomain-enum  -cloud-enum  -code-enum  -email-enum  -spider  -web-basic  -paramminer  -dirbust-light  -web-screenshots  -baddns-intenseconfig:modules:baddns:enable_references:True

How it Works

Click the graph below to explore theinner workings of BBOT.

Output Modules

...andmore!

BBOT as a Python Library

Synchronous

frombbot.scannerimportScannerif__name__=="__main__":scan=Scanner("evilcorp.com",presets=["subdomain-enum"])foreventinscan.start():print(event)

Asynchronous

frombbot.scannerimportScannerasyncdefmain():scan=Scanner("evilcorp.com",presets=["subdomain-enum"])asyncforeventinscan.async_start():print(event.json())if__name__=="__main__":importasyncioasyncio.run(main())

SEE: This Nefarious Discord Bot

ABBOT Discord Bot that responds to the/scan command. Scan the internet from the comfort of your discord server!

Feature Overview

Support for Multiple Targets
Web Screenshots
Suite of Offensive Web Modules
NLP-powered Subdomain Mutations
Native Output to Neo4j (and more)
Automatic dependency install with Ansible
Search entire attack surface with custom YARA rules
Python API + Developer Documentation

Targets

BBOT accepts an unlimited number of targets via-t. You can specify targets either directly on the command line or in files (or both!):

bbot -t evilcorp.com evilcorp.org 1.2.3.0/24 -p subdomain-enum

Targets can be any of the following:

DNS Name (evilcorp.com)
IP Address (1.2.3.4)
IP Range (1.2.3.0/24)
Open TCP Port (192.168.0.1:80)
URL (https://www.evilcorp.com)
Email Address (bob@evilcorp.com)
Organization (ORG:evilcorp)
Username (USER:bobsmith)
Filesystem (FILESYSTEM:/tmp/asdf)
Mobile App (MOBILE_APP:https://play.google.com/store/apps/details?id=com.evilcorp.app)

For more information, seeTargets. To learn how BBOT handles scope, seeScope.

API Keys

Similar to Amass or Subfinder, BBOT supports API keys for various third-party services such as SecurityTrails, etc.

The standard way to do this is to enter your API keys in~/.config/bbot/bbot.yml. Note that multiple API keys are allowed:

modules:shodan_dns:api_key:4f41243847da693a4f356c0486114bc6c99:# multiple API keysapi_key:      -21a270d5f59c9b05813a72bb41707266      -ea8f243d9885cf8ce9876a580224fd3c      -5bc6ed268ab6488270e496d3183a1a27virustotal:api_key:dd5f0eee2e4a99b71a939bded450b246securitytrails:api_key:d9a05c3fd9a514497713c54b4455d0b0

If you like, you can also specify them on the command line:

bbot -c modules.virustotal.api_key=dd5f0eee2e4a99b71a939bded450b246

For details, seeConfiguration.

Complete Lists of Modules, Flags, etc.

Complete list ofModules.
Complete list ofFlags.
Complete list ofPresets.
- Complete list ofGlobal Config Options.
- Complete list ofModule Config Options.

Documentation

User Manual
- Basics
- Scanning
  - Scanning Overview
  - Presets
    - Overview
    - List of Presets
  - Events
  - Output
  - Tips and Tricks
  - Advanced Usage
  - Configuration
- Modules
- Misc
Developer Manual
- Development Overview
- Setting Up a Dev Environment
- BBOT Internal Architecture
- How to Write a BBOT Module
- Unit Tests
- Discord Bot Example
- Code Reference
  - Scanner
  - Presets
  - Event
  - Target
  - BaseModule
  - BBOTCore
  - Engine
  - Helpers

Contribution

Some of the best BBOT modules were written by the community. BBOT is being constantly improved; every day it grows more powerful!

We welcome contributions. Not just code, but ideas too! If you have an idea for a new feature, please let us know inDiscussions. If you want to get your hands dirty, seeContribution. There you can find setup instructions and a simple tutorial on how to write a BBOT module. We also have extensiveDeveloper Documentation.

Thanks to these amazing people for contributing to BBOT! ❤️

Special thanks to:

@TheTechromancer for creating BBOT
@liquidsec for his extensive work on BBOT's web hacking features, includingbadsecrets andbaddns
Steve Micallef (@smicallef) for creating Spiderfoot
@kerrymilan for his Neo4j and Ansible expertise
@domwhewell-sage for his family of badass code-looting modules
@aconite33 and @amiremami for their ruthless testing
Aleksei Kornev (@alekseiko) for granting us ownership of the bbot Pypi repository <3