diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index db330df49..af6b2086b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -105,12 +105,12 @@ jobs: - name: Publish docs (stable branch) if: github.ref == 'refs/heads/stable' run: | - mkdocs build -f mkdocs.yml - mkdocs gh-deploy --force --dir=site + poetry run mkdocs build -f mkdocs.yml + poetry run mkdocs gh-deploy --force --dir=site - name: Publish docs (dev branch) if: github.ref == 'refs/heads/dev' run: | - mkdocs build -f mkdocs-dev.yml -d site/dev_branch + poetry run mkdocs build -f mkdocs-dev.yml -d site/dev_branch git config user.name github-actions git config user.email github-actions@github.com git checkout gh-pages diff --git a/README.md b/README.md index 58254732c..65656ea03 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -[![bbot_banner](https://user-images.githubusercontent.com/20261699/158000235-6c1ace81-a267-4f8e-90a1-f4c16884ebac.png)](https://github.com/blacklanternsecurity/bbot) +[![bbot_banner](https://github.com/user-attachments/assets/f02804ce-9478-4f1e-ac4d-9cf5620a3214)](https://github.com/blacklanternsecurity/bbot) -[![Python Version](https://img.shields.io/badge/python-3.9+-FF8400)](https://www.python.org) [![License](https://img.shields.io/badge/license-GPLv3-FF8400.svg)](https://github.com/blacklanternsecurity/bbot/blob/dev/LICENSE) [![DEF CON Demo Labs 2023](https://img.shields.io/badge/DEF%20CON%20Demo%20Labs-2023-FF8400.svg)](https://forum.defcon.org/node/246338) [![PyPi Downloads](https://static.pepy.tech/personalized-badge/bbot?right_color=orange&left_color=grey)](https://pepy.tech/project/bbot) [![Black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) [![Tests](https://github.com/blacklanternsecurity/bbot/actions/workflows/tests.yml/badge.svg?branch=stable)](https://github.com/blacklanternsecurity/bbot/actions?query=workflow%3A"tests") [![Codecov](https://codecov.io/gh/blacklanternsecurity/bbot/branch/dev/graph/badge.svg?token=IR5AZBDM5K)](https://codecov.io/gh/blacklanternsecurity/bbot) [![Discord](https://img.shields.io/discord/859164869970362439)](https://discord.com/invite/PZqkgxu5SA) +[![Python Version](https://img.shields.io/badge/python-3.9+-FF8400)](https://www.python.org) [![License](https://img.shields.io/badge/license-GPLv3-FF8400.svg)](https://github.com/blacklanternsecurity/bbot/blob/dev/LICENSE) [![DEF CON Recon Village 2024](https://img.shields.io/badge/DEF%20CON%20Demo%20Labs-2023-FF8400.svg)](https://www.reconvillage.org/talks) [![PyPi Downloads](https://static.pepy.tech/personalized-badge/bbot?right_color=orange&left_color=grey)](https://pepy.tech/project/bbot) [![Black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) [![Tests](https://github.com/blacklanternsecurity/bbot/actions/workflows/tests.yml/badge.svg?branch=stable)](https://github.com/blacklanternsecurity/bbot/actions?query=workflow%3A"tests") [![Codecov](https://codecov.io/gh/blacklanternsecurity/bbot/branch/dev/graph/badge.svg?token=IR5AZBDM5K)](https://codecov.io/gh/blacklanternsecurity/bbot) [![Discord](https://img.shields.io/discord/859164869970362439)](https://discord.com/invite/PZqkgxu5SA) ### **BEEĀ·bot** is a multipurpose scanner inspired by [Spiderfoot](https://github.com/smicallef/spiderfoot), built to automate your **Recon**, **Bug Bounties**, and **ASM**! @@ -238,9 +238,10 @@ Click the graph below to explore the [inner workings](https://www.blacklanternse ```python from bbot.scanner import Scanner -scan = Scanner("evilcorp.com", presets=["subdomain-enum"]) -for event in scan.start(): - print(event) +if __name__ == "__main__": + scan = Scanner("evilcorp.com", presets=["subdomain-enum"]) + for event in scan.start(): + print(event) ``` #### Asynchronous @@ -252,8 +253,9 @@ async def main(): async for event in scan.async_start(): print(event.json()) -import asyncio -asyncio.run(main()) +if __name__ == "__main__": + import asyncio + asyncio.run(main()) ```
diff --git a/docs/dev/index.md b/docs/dev/index.md index 526f03ce9..8a29e48a7 100644 --- a/docs/dev/index.md +++ b/docs/dev/index.md @@ -10,9 +10,10 @@ Documented in this section are commonly-used classes and functions within BBOT, ```python from bbot.scanner import Scanner -scan = Scanner("evilcorp.com", presets=["subdomain-enum"]) -for event in scan.start(): - print(event) +if __name__ == "__main__": + scan = Scanner("evilcorp.com", presets=["subdomain-enum"]) + for event in scan.start(): + print(event) ``` #### Asynchronous @@ -24,8 +25,9 @@ async def main(): async for event in scan.async_start(): print(event.json()) -import asyncio -asyncio.run(main()) +if __name__ == "__main__": + import asyncio + asyncio.run(main()) ``` For a full listing of `Scanner` attributes and functions, see the [`Scanner` Code Reference](./scanner.md). diff --git a/docs/scanning/advanced.md b/docs/scanning/advanced.md index e72679322..7ea090c92 100644 --- a/docs/scanning/advanced.md +++ b/docs/scanning/advanced.md @@ -4,29 +4,28 @@ Below you can find some advanced uses of BBOT. ## BBOT as a Python library -**Synchronous** - +#### Synchronous ```python from bbot.scanner import Scanner -# any number of targets can be specified -scan = Scanner("example.com", "scanme.nmap.org", modules=["portscan", "sslcert"]) -for event in scan.start(): - print(event.json()) +if __name__ == "__main__": + scan = Scanner("evilcorp.com", presets=["subdomain-enum"]) + for event in scan.start(): + print(event) ``` -**Asynchronous** - +#### Asynchronous ```python from bbot.scanner import Scanner async def main(): - scan = Scanner("example.com", "scanme.nmap.org", modules=["portscan", "sslcert"]) + scan = Scanner("evilcorp.com", presets=["subdomain-enum"]) async for event in scan.async_start(): print(event.json()) -import asyncio -asyncio.run(main()) +if __name__ == "__main__": + import asyncio + asyncio.run(main()) ``` ## Command-Line Help diff --git a/docs/scanning/presets.md b/docs/scanning/presets.md index 8814e5b47..e70c20700 100644 --- a/docs/scanning/presets.md +++ b/docs/scanning/presets.md @@ -3,7 +3,7 @@ Once you start customizing BBOT, your commands can start to get really long. Presets let you put all your scan settings in a single file: ```bash -bbot -t my_preset.yml +bbot -p ./my_preset.yml ``` A Preset is a YAML file that can include scan targets, modules, and config options like API keys. @@ -69,7 +69,8 @@ modules: config: # global config options - http_proxy: http://127.0.0.1:8080 + web: + http_proxy: http://127.0.0.1:8080 # module config options modules: # api keys diff --git a/docs/scanning/tips_and_tricks.md b/docs/scanning/tips_and_tricks.md index 72db6dcb1..32b55448f 100644 --- a/docs/scanning/tips_and_tricks.md +++ b/docs/scanning/tips_and_tricks.md @@ -97,11 +97,11 @@ This nests the event's `.data` beneath its event type like so: ### Custom HTTP Proxy -Web pentesters may appreciate BBOT's ability to quickly populate Burp Suite site maps for all subdomains in a target. If your scan includes gowitness, this will capture the traffic as if you manually visited each website in your browser -- including auxiliary web resources and javascript API calls. To accomplish this, set the `http_proxy` config option like so: +Web pentesters may appreciate BBOT's ability to quickly populate Burp Suite site maps for all subdomains in a target. If your scan includes gowitness, this will capture the traffic as if you manually visited each website in your browser -- including auxiliary web resources and javascript API calls. To accomplish this, set the `web.http_proxy` config option like so: ```bash # enumerate subdomains, take web screenshots, proxy through Burp -bbot -t evilcorp.com -f subdomain-enum -m gowitness -c http_proxy=http://127.0.0.1:8080 +bbot -t evilcorp.com -f subdomain-enum -m gowitness -c web.http_proxy=http://127.0.0.1:8080 ``` ### Display `HTTP_RESPONSE` Events