bbot 2.0.1

Description:

bbot 2.0.1

BEE·bot is a multipurpose scanner inspired by Spiderfoot, built to automate your Recon, Bug Bounties, and ASM!
https://github.com/blacklanternsecurity/bbot/assets/20261699/e539e89b-92ea-46fa-b893-9cde94eebf81
A BBOT scan in real-time - visualization with VivaGraphJS
Installation
# stable version
pipx install bbot

# bleeding edge (dev branch)
pipx install --pip-args '\--pre' bbot

For more installation methods, including Docker, see Getting Started
Example Commands
1) Subdomain Finder
Passive API sources plus a recursive DNS brute-force with target-specific subdomain mutations.
# find subdomains of evilcorp.com
bbot -t evilcorp.com -p subdomain-enum

# passive sources only
bbot -t evilcorp.com -p subdomain-enum -rf passive



subdomain-enum.yml
description: Enumerate subdomains via APIs, brute-force

flags:
# enable every module with the subdomain-enum flag
- subdomain-enum

output_modules:
# output unique subdomains to TXT file
- subdomains

config:
dns:
threads: 25
brute_threads: 1000
# put your API keys here
modules:
github:
api_key: ""
chaos:
api_key: ""
securitytrails:
api_key: ""



BBOT consistently finds 20-50% more subdomains than other tools. The bigger the domain, the bigger the difference. To learn how this is possible, see How It Works.

2) Web Spider
# crawl evilcorp.com, extracting emails and other goodies
bbot -t evilcorp.com -p spider



spider.yml
description: Recursive web spider

modules:
- httpx

config:
web:
# how many links to follow in a row
spider_distance: 2
# don't follow links whose directory depth is higher than 4
spider_depth: 4
# maximum number of links to follow per page
spider_links_per_page: 25



3) Email Gatherer
# quick email enum with free APIs + scraping
bbot -t evilcorp.com -p email-enum

# pair with subdomain enum + web spider for maximum yield
bbot -t evilcorp.com -p email-enum subdomain-enum spider



email-enum.yml
description: Enumerate email addresses from APIs, web crawling, etc.

flags:
- email-enum

output_modules:
- emails



4) Web Scanner
# run a light web scan against www.evilcorp.com
bbot -t www.evilcorp.com -p web-basic

# run a heavy web scan against www.evilcorp.com
bbot -t www.evilcorp.com -p web-thorough



web-basic.yml
description: Quick web scan

include:
- iis-shortnames

flags:
- web-basic





web-thorough.yml
description: Aggressive web scan

include:
# include the web-basic preset
- web-basic

flags:
- web-thorough



5) Everything Everywhere All at Once
# everything everywhere all at once
bbot -t evilcorp.com -p kitchen-sink

# roughly equivalent to:
bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots



kitchen-sink.yml
description: Everything everywhere all at once

include:
- subdomain-enum
- cloud-enum
- code-enum
- email-enum
- spider
- web-basic
- paramminer
- dirbust-light
- web-screenshots

config:
modules:
baddns:
enable_references: True



How it Works
Click the graph below to explore the inner workings of BBOT.

BBOT as a Python Library
Synchronous
from bbot.scanner import Scanner

if __name__ == "__main__":
scan = Scanner("evilcorp.com", presets=["subdomain-enum"])
for event in scan.start():
print(event)

Asynchronous
from bbot.scanner import Scanner

async def main():
scan = Scanner("evilcorp.com", presets=["subdomain-enum"])
async for event in scan.async_start():
print(event.json())

if __name__ == "__main__":
import asyncio
asyncio.run(main())


SEE: This Nefarious Discord Bot
A BBOT Discord Bot that responds to the /scan command. Scan the internet from the comfort of your discord server!


Feature Overview

Support for Multiple Targets
Web Screenshots
Suite of Offensive Web Modules
NLP-powered Subdomain Mutations
Native Output to Neo4j (and more)
Automatic dependency install with Ansible
Search entire attack surface with custom YARA rules
Python API + Developer Documentation

Targets
BBOT accepts an unlimited number of targets via -t. You can specify targets either directly on the command line or in files (or both!):
bbot -t evilcorp.com evilcorp.org 1.2.3.0/24 -p subdomain-enum

Targets can be any of the following:

DNS_NAME (evilcorp.com)
IP_ADDRESS (1.2.3.4)
IP_RANGE (1.2.3.0/24)
OPEN_TCP_PORT (192.168.0.1:80)
URL (https://www.evilcorp.com)

For more information, see Targets. To learn how BBOT handles scope, see Scope.
API Keys
Similar to Amass or Subfinder, BBOT supports API keys for various third-party services such as SecurityTrails, etc.
The standard way to do this is to enter your API keys in ~/.config/bbot/bbot.yml:
modules:
shodan_dns:
api_key: 4f41243847da693a4f356c0486114bc6
c99:
api_key: 21a270d5f59c9b05813a72bb41707266
virustotal:
api_key: dd5f0eee2e4a99b71a939bded450b246
securitytrails:
api_key: d9a05c3fd9a514497713c54b4455d0b0

If you like, you can also specify them on the command line:
bbot -c modules.virustotal.api_key=dd5f0eee2e4a99b71a939bded450b246

For details, see Configuration.
Complete Lists of Modules, Flags, etc.

Complete list of Modules.
Complete list of Flags.
Complete list of Presets.

Complete list of Global Config Options.
Complete list of Module Config Options.



Documentation


User Manual

Basics

Getting Started
How it Works
Comparison to Other Tools


Scanning

Scanning Overview
Presets

Overview
List of Presets


Events
Output
Tips and Tricks
Advanced Usage
Configuration


Modules

List of Modules
Nuclei


Misc

Contribution
Release History
Troubleshooting




Developer Manual

Development Overview
Setting Up a Dev Environment
BBOT Internal Architecture
How to Write a BBOT Module
Unit Tests
Discord Bot Example
Code Reference

Scanner
Presets
Event
Target
BaseModule
BBOTCore
Engine
Helpers

Overview
Command
DNS
Interactsh
Miscellaneous
Web
Word Cloud








Contribution
Some of the best BBOT modules were written by the community. BBOT is being constantly improved; every day it grows more powerful!
We welcome contributions. Not just code, but ideas too! If you have an idea for a new feature, please let us know in Discussions. If you want to get your hands dirty, see Contribution. There you can find setup instructions and a simple tutorial on how to write a BBOT module. We also have extensive Developer Documentation.
Thanks to these amazing people for contributing to BBOT! :heart:





Special thanks to:

@TheTechromancer for creating BBOT
@liquidsec for his extensive work on BBOT's web hacking features, including badsecrets and baddns
Steve Micallef (@smicallef) for creating Spiderfoot
@kerrymilan for his Neo4j and Ansible expertise
@domwhewell-sage for his family of badass code-looting modules
@aconite33 and @amiremami for their ruthless testing
Aleksei Kornev (@alekseiko) for granting us ownership of the bbot Pypi repository <3