Merge pull request #748 from blacklanternsecurity/target-for-event-co…

…rrelation

Use Target for Event Correlation in Massdns

bbot/core/helpers/helper.py

@@ -70,7 +70,7 @@ def clean_old_scans(self):
         _filter = lambda x: x.is_dir() and self.regexes.scan_name_regex.match(x.name)
         self.clean_old(self.scans_dir, keep=self.keep_old_scans, filter=_filter)
 
-    def make_target(self, events):
+    def make_target(self, *events):
         return Target(self.scan, *events)
 
     @property

bbot/modules/deadly/nuclei.py

@@ -128,7 +128,7 @@ async def setup(self):
         return True
 
     async def handle_batch(self, *events):
-        temp_target = self.helpers.make_target(events)
+        temp_target = self.helpers.make_target(*events)
         nuclei_input = [str(e.data) for e in events]
         async for severity, template, host, url, name, extracted_results in self.execute_nuclei(nuclei_input):
             # this is necessary because sometimes nuclei is inconsistent about the data returned in the host field

bbot/modules/massdns.py

@@ -65,7 +65,7 @@ class massdns(crobat):
     async def setup(self):
         self.found = dict()
         self.mutations_tried = set()
-        self.source_events = dict()
+        self.source_events = self.helpers.make_target()
         self.subdomain_file = await self.helpers.wordlist(self.config.get("wordlist"))
         self.max_resolvers = self.config.get("max_resolvers", 1000)
         self.max_mutations = self.config.get("max_mutations", 500)
@@ -94,9 +94,7 @@ async def filter_event(self, event):
 
     async def handle_event(self, event):
         query = self.make_query(event)
-        h = hash(query)
-        if not h in self.source_events:
-            self.source_events[h] = event
+        self.source_events.add_target(event)
 
         self.info(f"Brute-forcing subdomains for {query} (source: {event.data})")
         for hostname in await self.massdns(query, self.helpers.read_file(self.subdomain_file)):
@@ -354,7 +352,7 @@ def add_mutation(_domain_hash, m):
                         self.info(f"Trying {len(mutations):,} mutations against {domain} ({i+1}/{len(found)})")
                         results = list(await self.massdns(query, mutations))
                         for hostname in results:
-                            source_event = self.get_source_event(hostname)
+                            source_event = self.source_events.get(hostname)
                             if source_event is None:
                                 self.warning(f"Could not correlate source event from: {hostname}")
                                 source_event = self.scan.root_event
@@ -395,10 +393,3 @@ def gen_random_subdomains(self, n=50):
             yield subdomain
         for _ in range(5):
             yield self.helpers.rand_string(length=8, digits=False)
-
-    def get_source_event(self, hostname):
-        for p in self.helpers.domain_parents(hostname):
-            try:
-                return self.source_events[hash(p)]
-            except KeyError:
-                continue

bbot/modules/nmap.py

@@ -35,7 +35,7 @@ async def setup(self):
         return True
 
     async def handle_batch(self, *events):
-        target = self.helpers.make_target(events)
+        target = self.helpers.make_target(*events)
         targets = list(set(str(e.data) for e in events))
         command, output_file = self.construct_command(targets)
         try: