From 4e17fdd8ef5c27e9e4eb93c6f33b0993c33ad48c Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 31 Oct 2024 17:04:25 -0400 Subject: [PATCH 01/12] remove invalid value --- .github/workflows/docs_updater.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docs_updater.yml b/.github/workflows/docs_updater.yml index 58afcbf3d..45685a57c 100644 --- a/.github/workflows/docs_updater.yml +++ b/.github/workflows/docs_updater.yml @@ -42,4 +42,3 @@ jobs: base: dev title: "Daily Docs Update" body: "This is an automated pull request to update the documentation." - update-existing: true From 5edb50f4350f04737afc79e021ba0f93c1ebca45 Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 31 Oct 2024 17:10:42 -0400 Subject: [PATCH 02/12] start fresh every time --- .github/workflows/docs_updater.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docs_updater.yml b/.github/workflows/docs_updater.yml index 45685a57c..dde85045a 100644 --- a/.github/workflows/docs_updater.yml +++ b/.github/workflows/docs_updater.yml @@ -26,6 +26,7 @@ jobs: poetry run bbot/scripts/docs.py - name: Commit and Push Changes run: | + git branch -D update-docs || true git config user.name "BBOT Docs Autopublish" git config user.email "info@blacklanternsecurity.com" git checkout -b update-docs From 315c821640bfb31a680cbe4dec7c0bafd1105b2b Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 31 Oct 2024 17:28:40 -0400 Subject: [PATCH 03/12] troubleshooting --- .github/workflows/docs_updater.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docs_updater.yml b/.github/workflows/docs_updater.yml index dde85045a..483c492fd 100644 --- a/.github/workflows/docs_updater.yml +++ b/.github/workflows/docs_updater.yml @@ -27,12 +27,14 @@ jobs: - name: Commit and Push Changes run: | git branch -D update-docs || true + git switch dev git config user.name "BBOT Docs Autopublish" git config user.email "info@blacklanternsecurity.com" - git checkout -b update-docs + git switch -c update-docs git add "*.md" "docs/data/chord_graph/*.json" git commit -m "Refresh module docs" git push -u origin update-docs --force + git switch dev env: GITHUB_TOKEN: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} - name: Create or Update Pull Request @@ -40,6 +42,5 @@ jobs: with: token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} branch: update-docs - base: dev title: "Daily Docs Update" body: "This is an automated pull request to update the documentation." From 8e6ac30c01a0fb14d0b8a61e47cd466130a9673d Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 31 Oct 2024 17:36:13 -0400 Subject: [PATCH 04/12] troubleshooting --- .github/workflows/docs_updater.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docs_updater.yml b/.github/workflows/docs_updater.yml index 483c492fd..ac23a9744 100644 --- a/.github/workflows/docs_updater.yml +++ b/.github/workflows/docs_updater.yml @@ -37,10 +37,10 @@ jobs: git switch dev env: GITHUB_TOKEN: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} - - name: Create or Update Pull Request - uses: peter-evans/create-pull-request@v7 - with: - token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} - branch: update-docs - title: "Daily Docs Update" - body: "This is an automated pull request to update the documentation." + # - name: Create or Update Pull Request + # uses: peter-evans/create-pull-request@v7 + # with: + # token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} + # branch: update-docs + # title: "Daily Docs Update" + # body: "This is an automated pull request to update the documentation." From c4aef34e5835b209f21bce5957016bed5185aeec Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 31 Oct 2024 17:41:38 -0400 Subject: [PATCH 05/12] more troubleshooting --- .github/workflows/docs_updater.yml | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/.github/workflows/docs_updater.yml b/.github/workflows/docs_updater.yml index ac23a9744..75ceb644a 100644 --- a/.github/workflows/docs_updater.yml +++ b/.github/workflows/docs_updater.yml @@ -22,25 +22,15 @@ jobs: pip install poetry poetry install - name: Generate docs - run: | - poetry run bbot/scripts/docs.py - - name: Commit and Push Changes run: | git branch -D update-docs || true git switch dev - git config user.name "BBOT Docs Autopublish" - git config user.email "info@blacklanternsecurity.com" git switch -c update-docs - git add "*.md" "docs/data/chord_graph/*.json" - git commit -m "Refresh module docs" - git push -u origin update-docs --force - git switch dev - env: - GITHUB_TOKEN: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} - # - name: Create or Update Pull Request - # uses: peter-evans/create-pull-request@v7 - # with: - # token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} - # branch: update-docs - # title: "Daily Docs Update" - # body: "This is an automated pull request to update the documentation." + poetry run bbot/scripts/docs.py + - name: Create or Update Pull Request + uses: peter-evans/create-pull-request@v7 + with: + token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} + branch: update-docs + title: "Daily Docs Update" + body: "This is an automated pull request to update the documentation." From d1ea7720903cf509255ff638d6809145e3d41cf2 Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 31 Oct 2024 17:43:17 -0400 Subject: [PATCH 06/12] more troubleshooting --- .github/workflows/docs_updater.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docs_updater.yml b/.github/workflows/docs_updater.yml index 75ceb644a..6fa0cc9ec 100644 --- a/.github/workflows/docs_updater.yml +++ b/.github/workflows/docs_updater.yml @@ -32,5 +32,6 @@ jobs: with: token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} branch: update-docs + base: dev title: "Daily Docs Update" body: "This is an automated pull request to update the documentation." From 937d983b94ff5714f149cb0eefb28e00d42433ec Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 31 Oct 2024 17:48:03 -0400 Subject: [PATCH 07/12] more --- .github/workflows/docs_updater.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docs_updater.yml b/.github/workflows/docs_updater.yml index 6fa0cc9ec..729d5c60c 100644 --- a/.github/workflows/docs_updater.yml +++ b/.github/workflows/docs_updater.yml @@ -23,9 +23,14 @@ jobs: poetry install - name: Generate docs run: | - git branch -D update-docs || true - git switch dev - git switch -c update-docs + git fetch origin + if git show-ref --verify --quiet refs/remotes/origin/update-docs; then + git switch update-docs + else + git switch dev + git switch -c update-docs + git push origin update-docs --set-upstream + fi poetry run bbot/scripts/docs.py - name: Create or Update Pull Request uses: peter-evans/create-pull-request@v7 From 3df5bda4f51c29907b4a6ce1c159c44374007483 Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 31 Oct 2024 17:50:28 -0400 Subject: [PATCH 08/12] more --- .github/workflows/docs_updater.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/docs_updater.yml b/.github/workflows/docs_updater.yml index 729d5c60c..365d92a98 100644 --- a/.github/workflows/docs_updater.yml +++ b/.github/workflows/docs_updater.yml @@ -23,14 +23,6 @@ jobs: poetry install - name: Generate docs run: | - git fetch origin - if git show-ref --verify --quiet refs/remotes/origin/update-docs; then - git switch update-docs - else - git switch dev - git switch -c update-docs - git push origin update-docs --set-upstream - fi poetry run bbot/scripts/docs.py - name: Create or Update Pull Request uses: peter-evans/create-pull-request@v7 From 82244fd4cd2f4132ca7429abd097d649ea656eac Mon Sep 17 00:00:00 2001 From: TheTechromancer <20261699+TheTechromancer@users.noreply.github.com> Date: Thu, 31 Oct 2024 21:51:22 +0000 Subject: [PATCH 09/12] [create-pull-request] automated change --- README.md | 15 +- docs/data/chord_graph/entities.json | 1974 +++++++++++++++++++++++++++ docs/data/chord_graph/rels.json | 1687 +++++++++++++++++++++++ docs/modules/list_of_modules.md | 257 ++-- docs/modules/nuclei.md | 2 +- docs/scanning/advanced.md | 24 +- docs/scanning/configuration.md | 449 +++--- docs/scanning/events.md | 67 +- docs/scanning/index.md | 48 +- docs/scanning/presets_list.md | 80 +- 10 files changed, 4155 insertions(+), 448 deletions(-) create mode 100644 docs/data/chord_graph/entities.json create mode 100644 docs/data/chord_graph/rels.json diff --git a/README.md b/README.md index a36af3cc3..ad323ce79 100644 --- a/README.md +++ b/README.md @@ -55,13 +55,13 @@ config: threads: 25 brute_threads: 1000 # put your API keys here - modules: - github: - api_key: "" - chaos: - api_key: "" - securitytrails: - api_key: "" + # modules: + # github: + # api_key: "" + # chaos: + # api_key: "" + # securitytrails: + # api_key: "" ``` @@ -215,6 +215,7 @@ include: - paramminer - dirbust-light - web-screenshots + - baddns-thorough config: modules: diff --git a/docs/data/chord_graph/entities.json b/docs/data/chord_graph/entities.json new file mode 100644 index 000000000..783e0f433 --- /dev/null +++ b/docs/data/chord_graph/entities.json @@ -0,0 +1,1974 @@ +[ + { + "id": 77777777, + "name": "root" + }, + { + "id": 99999999, + "name": "module", + "parent": 77777777 + }, + { + "id": 88888888, + "name": "event_type", + "parent": 77777777 + }, + { + "id": 13, + "name": "ASN", + "parent": 88888888, + "consumes": [], + "produces": [ + 11 + ] + }, + { + "id": 124, + "name": "AZURE_TENANT", + "parent": 88888888, + "consumes": [ + 123 + ], + "produces": [] + }, + { + "id": 43, + "name": "CODE_REPOSITORY", + "parent": 88888888, + "consumes": [ + 59, + 78, + 81, + 83, + 112, + 131 + ], + "produces": [ + 42, + 60, + 79, + 80, + 82, + 111 + ] + }, + { + "id": 7, + "name": "DNS_NAME", + "parent": 88888888, + "consumes": [ + 6, + 14, + 18, + 20, + 21, + 25, + 27, + 28, + 29, + 30, + 31, + 33, + 34, + 35, + 36, + 38, + 39, + 40, + 41, + 44, + 45, + 50, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 64, + 75, + 79, + 86, + 90, + 92, + 97, + 98, + 102, + 103, + 107, + 108, + 109, + 113, + 116, + 117, + 118, + 119, + 120, + 123, + 126, + 127, + 128, + 130, + 134, + 137, + 138, + 141, + 144 + ], + "produces": [ + 6, + 20, + 27, + 28, + 35, + 36, + 38, + 39, + 40, + 41, + 44, + 50, + 53, + 54, + 55, + 56, + 57, + 58, + 75, + 86, + 90, + 92, + 97, + 98, + 100, + 102, + 103, + 107, + 113, + 116, + 118, + 119, + 123, + 125, + 126, + 127, + 130, + 134, + 135, + 137, + 138, + 141, + 144 + ] + }, + { + "id": 22, + "name": "DNS_NAME_UNRESOLVED", + "parent": 88888888, + "consumes": [ + 21, + 123, + 128 + ], + "produces": [] + }, + { + "id": 46, + "name": "EMAIL_ADDRESS", + "parent": 88888888, + "consumes": [ + 65 + ], + "produces": [ + 45, + 52, + 56, + 64, + 90, + 108, + 117, + 120, + 125 + ] + }, + { + "id": 10, + "name": "FILESYSTEM", + "parent": 88888888, + "consumes": [ + 123, + 131, + 132 + ], + "produces": [ + 8, + 59, + 72, + 78, + 81, + 112, + 123 + ] + }, + { + "id": 4, + "name": "FINDING", + "parent": 88888888, + "consumes": [ + 14, + 142 + ], + "produces": [ + 1, + 21, + 23, + 25, + 26, + 29, + 30, + 31, + 33, + 34, + 37, + 51, + 77, + 82, + 87, + 89, + 92, + 99, + 100, + 101, + 104, + 105, + 115, + 121, + 123, + 129, + 131, + 133, + 143 + ] + }, + { + "id": 94, + "name": "GEOLOCATION", + "parent": 88888888, + "consumes": [], + "produces": [ + 93, + 96 + ] + }, + { + "id": 47, + "name": "HASHED_PASSWORD", + "parent": 88888888, + "consumes": [], + "produces": [ + 45, + 52 + ] + }, + { + "id": 2, + "name": "HTTP_RESPONSE", + "parent": 88888888, + "consumes": [ + 1, + 14, + 26, + 51, + 63, + 66, + 72, + 82, + 87, + 99, + 100, + 104, + 105, + 106, + 115, + 123, + 129, + 140, + 143 + ], + "produces": [ + 88 + ] + }, + { + "id": 12, + "name": "IP_ADDRESS", + "parent": 88888888, + "consumes": [ + 11, + 14, + 92, + 93, + 95, + 96, + 109, + 123 + ], + "produces": [ + 14, + 95, + 123 + ] + }, + { + "id": 110, + "name": "IP_RANGE", + "parent": 88888888, + "consumes": [ + 109, + 123 + ], + "produces": [] + }, + { + "id": 9, + "name": "MOBILE_APP", + "parent": 88888888, + "consumes": [ + 8 + ], + "produces": [ + 83 + ] + }, + { + "id": 15, + "name": "OPEN_TCP_PORT", + "parent": 88888888, + "consumes": [ + 14, + 73, + 88, + 125 + ], + "produces": [ + 14, + 92, + 109, + 123 + ] + }, + { + "id": 61, + "name": "ORG_STUB", + "parent": 88888888, + "consumes": [ + 60, + 80, + 83, + 111 + ], + "produces": [ + 123 + ] + }, + { + "id": 48, + "name": "PASSWORD", + "parent": 88888888, + "consumes": [], + "produces": [ + 45, + 52 + ] + }, + { + "id": 74, + "name": "PROTOCOL", + "parent": 88888888, + "consumes": [], + "produces": [ + 73 + ] + }, + { + "id": 67, + "name": "RAW_TEXT", + "parent": 88888888, + "consumes": [ + 66 + ], + "produces": [ + 132 + ] + }, + { + "id": 62, + "name": "SOCIAL", + "parent": 88888888, + "consumes": [ + 60, + 80, + 82, + 84, + 111, + 123 + ], + "produces": [ + 60, + 82, + 122 + ] + }, + { + "id": 24, + "name": "STORAGE_BUCKET", + "parent": 88888888, + "consumes": [ + 23, + 29, + 30, + 31, + 32, + 33, + 34, + 123 + ], + "produces": [ + 29, + 30, + 31, + 33, + 34 + ] + }, + { + "id": 16, + "name": "TECHNOLOGY", + "parent": 88888888, + "consumes": [ + 14, + 82, + 142, + 143 + ], + "produces": [ + 26, + 63, + 82, + 84, + 92, + 101, + 140, + 143 + ] + }, + { + "id": 3, + "name": "URL", + "parent": 88888888, + "consumes": [ + 1, + 14, + 23, + 37, + 69, + 76, + 77, + 84, + 88, + 91, + 100, + 101, + 114, + 121, + 123, + 129, + 133, + 135, + 139, + 142 + ], + "produces": [ + 84, + 88 + ] + }, + { + "id": 71, + "name": "URL_HINT", + "parent": 88888888, + "consumes": [ + 70 + ], + "produces": [ + 91 + ] + }, + { + "id": 19, + "name": "URL_UNVERIFIED", + "parent": 88888888, + "consumes": [ + 42, + 72, + 88, + 102, + 122, + 123 + ], + "produces": [ + 18, + 27, + 32, + 56, + 60, + 66, + 69, + 70, + 79, + 84, + 90, + 114, + 117, + 134, + 141, + 143 + ] + }, + { + "id": 49, + "name": "USERNAME", + "parent": 88888888, + "consumes": [ + 123 + ], + "produces": [ + 45, + 52 + ] + }, + { + "id": 136, + "name": "VHOST", + "parent": 88888888, + "consumes": [ + 142 + ], + "produces": [ + 135 + ] + }, + { + "id": 5, + "name": "VULNERABILITY", + "parent": 88888888, + "consumes": [ + 14, + 142 + ], + "produces": [ + 1, + 21, + 23, + 25, + 26, + 51, + 63, + 76, + 92, + 101, + 129, + 131, + 143 + ] + }, + { + "id": 17, + "name": "WAF", + "parent": 88888888, + "consumes": [ + 14 + ], + "produces": [ + 139 + ] + }, + { + "id": 85, + "name": "WEBSCREENSHOT", + "parent": 88888888, + "consumes": [], + "produces": [ + 84 + ] + }, + { + "id": 68, + "name": "WEB_PARAMETER", + "parent": 88888888, + "consumes": [ + 89, + 104, + 105, + 106 + ], + "produces": [ + 66, + 104, + 105, + 106 + ] + }, + { + "id": 1, + "name": "ajaxpro", + "parent": 99999999, + "consumes": [ + 2, + 3 + ], + "produces": [ + 4, + 5 + ] + }, + { + "id": 6, + "name": "anubisdb", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 8, + "name": "apkpure", + "parent": 99999999, + "consumes": [ + 9 + ], + "produces": [ + 10 + ] + }, + { + "id": 11, + "name": "asn", + "parent": 99999999, + "consumes": [ + 12 + ], + "produces": [ + 13 + ] + }, + { + "id": 14, + "name": "asset_inventory", + "parent": 99999999, + "consumes": [ + 7, + 4, + 2, + 12, + 15, + 16, + 3, + 5, + 17 + ], + "produces": [ + 12, + 15 + ] + }, + { + "id": 18, + "name": "azure_realm", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 19 + ] + }, + { + "id": 20, + "name": "azure_tenant", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 21, + "name": "baddns", + "parent": 99999999, + "consumes": [ + 7, + 22 + ], + "produces": [ + 4, + 5 + ] + }, + { + "id": 23, + "name": "baddns_direct", + "parent": 99999999, + "consumes": [ + 24, + 3 + ], + "produces": [ + 4, + 5 + ] + }, + { + "id": 25, + "name": "baddns_zone", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 4, + 5 + ] + }, + { + "id": 26, + "name": "badsecrets", + "parent": 99999999, + "consumes": [ + 2 + ], + "produces": [ + 4, + 16, + 5 + ] + }, + { + "id": 27, + "name": "bevigil", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7, + 19 + ] + }, + { + "id": 28, + "name": "binaryedge", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 29, + "name": "bucket_amazon", + "parent": 99999999, + "consumes": [ + 7, + 24 + ], + "produces": [ + 4, + 24 + ] + }, + { + "id": 30, + "name": "bucket_azure", + "parent": 99999999, + "consumes": [ + 7, + 24 + ], + "produces": [ + 4, + 24 + ] + }, + { + "id": 31, + "name": "bucket_digitalocean", + "parent": 99999999, + "consumes": [ + 7, + 24 + ], + "produces": [ + 4, + 24 + ] + }, + { + "id": 32, + "name": "bucket_file_enum", + "parent": 99999999, + "consumes": [ + 24 + ], + "produces": [ + 19 + ] + }, + { + "id": 33, + "name": "bucket_firebase", + "parent": 99999999, + "consumes": [ + 7, + 24 + ], + "produces": [ + 4, + 24 + ] + }, + { + "id": 34, + "name": "bucket_google", + "parent": 99999999, + "consumes": [ + 7, + 24 + ], + "produces": [ + 4, + 24 + ] + }, + { + "id": 35, + "name": "bufferoverrun", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 36, + "name": "builtwith", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 37, + "name": "bypass403", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 4 + ] + }, + { + "id": 38, + "name": "c99", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 39, + "name": "censys", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 40, + "name": "certspotter", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 41, + "name": "chaos", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 42, + "name": "code_repository", + "parent": 99999999, + "consumes": [ + 19 + ], + "produces": [ + 43 + ] + }, + { + "id": 44, + "name": "columbus", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 45, + "name": "credshed", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 46, + 47, + 48, + 49 + ] + }, + { + "id": 50, + "name": "crt", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 51, + "name": "dastardly", + "parent": 99999999, + "consumes": [ + 2 + ], + "produces": [ + 4, + 5 + ] + }, + { + "id": 52, + "name": "dehashed", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 46, + 47, + 48, + 49 + ] + }, + { + "id": 53, + "name": "digitorus", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 54, + "name": "dnsbrute", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 55, + "name": "dnsbrute_mutations", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 56, + "name": "dnscaa", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7, + 46, + 19 + ] + }, + { + "id": 57, + "name": "dnscommonsrv", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 58, + "name": "dnsdumpster", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 59, + "name": "docker_pull", + "parent": 99999999, + "consumes": [ + 43 + ], + "produces": [ + 10 + ] + }, + { + "id": 60, + "name": "dockerhub", + "parent": 99999999, + "consumes": [ + 61, + 62 + ], + "produces": [ + 43, + 62, + 19 + ] + }, + { + "id": 63, + "name": "dotnetnuke", + "parent": 99999999, + "consumes": [ + 2 + ], + "produces": [ + 16, + 5 + ] + }, + { + "id": 64, + "name": "emailformat", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 46 + ] + }, + { + "id": 65, + "name": "emails", + "parent": 99999999, + "consumes": [ + 46 + ], + "produces": [] + }, + { + "id": 66, + "name": "excavate", + "parent": 99999999, + "consumes": [ + 2, + 67 + ], + "produces": [ + 19, + 68 + ] + }, + { + "id": 69, + "name": "ffuf", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 19 + ] + }, + { + "id": 70, + "name": "ffuf_shortnames", + "parent": 99999999, + "consumes": [ + 71 + ], + "produces": [ + 19 + ] + }, + { + "id": 72, + "name": "filedownload", + "parent": 99999999, + "consumes": [ + 2, + 19 + ], + "produces": [ + 10 + ] + }, + { + "id": 73, + "name": "fingerprintx", + "parent": 99999999, + "consumes": [ + 15 + ], + "produces": [ + 74 + ] + }, + { + "id": 75, + "name": "fullhunt", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 76, + "name": "generic_ssrf", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 5 + ] + }, + { + "id": 77, + "name": "git", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 4 + ] + }, + { + "id": 78, + "name": "git_clone", + "parent": 99999999, + "consumes": [ + 43 + ], + "produces": [ + 10 + ] + }, + { + "id": 79, + "name": "github_codesearch", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 43, + 19 + ] + }, + { + "id": 80, + "name": "github_org", + "parent": 99999999, + "consumes": [ + 61, + 62 + ], + "produces": [ + 43 + ] + }, + { + "id": 81, + "name": "github_workflows", + "parent": 99999999, + "consumes": [ + 43 + ], + "produces": [ + 10 + ] + }, + { + "id": 82, + "name": "gitlab", + "parent": 99999999, + "consumes": [ + 2, + 62, + 16 + ], + "produces": [ + 43, + 4, + 62, + 16 + ] + }, + { + "id": 83, + "name": "google_playstore", + "parent": 99999999, + "consumes": [ + 43, + 61 + ], + "produces": [ + 9 + ] + }, + { + "id": 84, + "name": "gowitness", + "parent": 99999999, + "consumes": [ + 62, + 3 + ], + "produces": [ + 16, + 3, + 19, + 85 + ] + }, + { + "id": 86, + "name": "hackertarget", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 87, + "name": "host_header", + "parent": 99999999, + "consumes": [ + 2 + ], + "produces": [ + 4 + ] + }, + { + "id": 88, + "name": "httpx", + "parent": 99999999, + "consumes": [ + 15, + 3, + 19 + ], + "produces": [ + 2, + 3 + ] + }, + { + "id": 89, + "name": "hunt", + "parent": 99999999, + "consumes": [ + 68 + ], + "produces": [ + 4 + ] + }, + { + "id": 90, + "name": "hunterio", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7, + 46, + 19 + ] + }, + { + "id": 91, + "name": "iis_shortnames", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 71 + ] + }, + { + "id": 92, + "name": "internetdb", + "parent": 99999999, + "consumes": [ + 7, + 12 + ], + "produces": [ + 7, + 4, + 15, + 16, + 5 + ] + }, + { + "id": 93, + "name": "ip2location", + "parent": 99999999, + "consumes": [ + 12 + ], + "produces": [ + 94 + ] + }, + { + "id": 95, + "name": "ipneighbor", + "parent": 99999999, + "consumes": [ + 12 + ], + "produces": [ + 12 + ] + }, + { + "id": 96, + "name": "ipstack", + "parent": 99999999, + "consumes": [ + 12 + ], + "produces": [ + 94 + ] + }, + { + "id": 97, + "name": "leakix", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 98, + "name": "myssl", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 99, + "name": "newsletters", + "parent": 99999999, + "consumes": [ + 2 + ], + "produces": [ + 4 + ] + }, + { + "id": 100, + "name": "ntlm", + "parent": 99999999, + "consumes": [ + 2, + 3 + ], + "produces": [ + 7, + 4 + ] + }, + { + "id": 101, + "name": "nuclei", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 4, + 16, + 5 + ] + }, + { + "id": 102, + "name": "oauth", + "parent": 99999999, + "consumes": [ + 7, + 19 + ], + "produces": [ + 7 + ] + }, + { + "id": 103, + "name": "otx", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 104, + "name": "paramminer_cookies", + "parent": 99999999, + "consumes": [ + 2, + 68 + ], + "produces": [ + 4, + 68 + ] + }, + { + "id": 105, + "name": "paramminer_getparams", + "parent": 99999999, + "consumes": [ + 2, + 68 + ], + "produces": [ + 4, + 68 + ] + }, + { + "id": 106, + "name": "paramminer_headers", + "parent": 99999999, + "consumes": [ + 2, + 68 + ], + "produces": [ + 68 + ] + }, + { + "id": 107, + "name": "passivetotal", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 108, + "name": "pgp", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 46 + ] + }, + { + "id": 109, + "name": "portscan", + "parent": 99999999, + "consumes": [ + 7, + 12, + 110 + ], + "produces": [ + 15 + ] + }, + { + "id": 111, + "name": "postman", + "parent": 99999999, + "consumes": [ + 61, + 62 + ], + "produces": [ + 43 + ] + }, + { + "id": 112, + "name": "postman_download", + "parent": 99999999, + "consumes": [ + 43 + ], + "produces": [ + 10 + ] + }, + { + "id": 113, + "name": "rapiddns", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 114, + "name": "robots", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 19 + ] + }, + { + "id": 115, + "name": "secretsdb", + "parent": 99999999, + "consumes": [ + 2 + ], + "produces": [ + 4 + ] + }, + { + "id": 116, + "name": "securitytrails", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 117, + "name": "securitytxt", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 46, + 19 + ] + }, + { + "id": 118, + "name": "shodan_dns", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 119, + "name": "sitedossier", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 120, + "name": "skymem", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 46 + ] + }, + { + "id": 121, + "name": "smuggler", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 4 + ] + }, + { + "id": 122, + "name": "social", + "parent": 99999999, + "consumes": [ + 19 + ], + "produces": [ + 62 + ] + }, + { + "id": 123, + "name": "speculate", + "parent": 99999999, + "consumes": [ + 124, + 7, + 22, + 10, + 2, + 12, + 110, + 62, + 24, + 3, + 19, + 49 + ], + "produces": [ + 7, + 10, + 4, + 12, + 15, + 61 + ] + }, + { + "id": 125, + "name": "sslcert", + "parent": 99999999, + "consumes": [ + 15 + ], + "produces": [ + 7, + 46 + ] + }, + { + "id": 126, + "name": "subdomaincenter", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 127, + "name": "subdomainradar", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 128, + "name": "subdomains", + "parent": 99999999, + "consumes": [ + 7, + 22 + ], + "produces": [] + }, + { + "id": 129, + "name": "telerik", + "parent": 99999999, + "consumes": [ + 2, + 3 + ], + "produces": [ + 4, + 5 + ] + }, + { + "id": 130, + "name": "trickest", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 131, + "name": "trufflehog", + "parent": 99999999, + "consumes": [ + 43, + 10 + ], + "produces": [ + 4, + 5 + ] + }, + { + "id": 132, + "name": "unstructured", + "parent": 99999999, + "consumes": [ + 10 + ], + "produces": [ + 67 + ] + }, + { + "id": 133, + "name": "url_manipulation", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 4 + ] + }, + { + "id": 134, + "name": "urlscan", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7, + 19 + ] + }, + { + "id": 135, + "name": "vhost", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 7, + 136 + ] + }, + { + "id": 137, + "name": "viewdns", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 138, + "name": "virustotal", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + }, + { + "id": 139, + "name": "wafw00f", + "parent": 99999999, + "consumes": [ + 3 + ], + "produces": [ + 17 + ] + }, + { + "id": 140, + "name": "wappalyzer", + "parent": 99999999, + "consumes": [ + 2 + ], + "produces": [ + 16 + ] + }, + { + "id": 141, + "name": "wayback", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7, + 19 + ] + }, + { + "id": 142, + "name": "web_report", + "parent": 99999999, + "consumes": [ + 4, + 16, + 3, + 136, + 5 + ], + "produces": [] + }, + { + "id": 143, + "name": "wpscan", + "parent": 99999999, + "consumes": [ + 2, + 16 + ], + "produces": [ + 4, + 16, + 19, + 5 + ] + }, + { + "id": 144, + "name": "zoomeye", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 7 + ] + } +] \ No newline at end of file diff --git a/docs/data/chord_graph/rels.json b/docs/data/chord_graph/rels.json new file mode 100644 index 000000000..afbe6896d --- /dev/null +++ b/docs/data/chord_graph/rels.json @@ -0,0 +1,1687 @@ +[ + { + "source": 1, + "target": 2, + "type": "consumes" + }, + { + "source": 1, + "target": 3, + "type": "consumes" + }, + { + "source": 4, + "target": 1, + "type": "produces" + }, + { + "source": 5, + "target": 1, + "type": "produces" + }, + { + "source": 6, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 6, + "type": "produces" + }, + { + "source": 8, + "target": 9, + "type": "consumes" + }, + { + "source": 10, + "target": 8, + "type": "produces" + }, + { + "source": 11, + "target": 12, + "type": "consumes" + }, + { + "source": 13, + "target": 11, + "type": "produces" + }, + { + "source": 14, + "target": 7, + "type": "consumes" + }, + { + "source": 14, + "target": 4, + "type": "consumes" + }, + { + "source": 14, + "target": 2, + "type": "consumes" + }, + { + "source": 14, + "target": 12, + "type": "consumes" + }, + { + "source": 14, + "target": 15, + "type": "consumes" + }, + { + "source": 14, + "target": 16, + "type": "consumes" + }, + { + "source": 14, + "target": 3, + "type": "consumes" + }, + { + "source": 14, + "target": 5, + "type": "consumes" + }, + { + "source": 14, + "target": 17, + "type": "consumes" + }, + { + "source": 12, + "target": 14, + "type": "produces" + }, + { + "source": 15, + "target": 14, + "type": "produces" + }, + { + "source": 18, + "target": 7, + "type": "consumes" + }, + { + "source": 19, + "target": 18, + "type": "produces" + }, + { + "source": 20, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 20, + "type": "produces" + }, + { + "source": 21, + "target": 7, + "type": "consumes" + }, + { + "source": 21, + "target": 22, + "type": "consumes" + }, + { + "source": 4, + "target": 21, + "type": "produces" + }, + { + "source": 5, + "target": 21, + "type": "produces" + }, + { + "source": 23, + "target": 24, + "type": "consumes" + }, + { + "source": 23, + "target": 3, + "type": "consumes" + }, + { + "source": 4, + "target": 23, + "type": "produces" + }, + { + "source": 5, + "target": 23, + "type": "produces" + }, + { + "source": 25, + "target": 7, + "type": "consumes" + }, + { + "source": 4, + "target": 25, + "type": "produces" + }, + { + "source": 5, + "target": 25, + "type": "produces" + }, + { + "source": 26, + "target": 2, + "type": "consumes" + }, + { + "source": 4, + "target": 26, + "type": "produces" + }, + { + "source": 16, + "target": 26, + "type": "produces" + }, + { + "source": 5, + "target": 26, + "type": "produces" + }, + { + "source": 27, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 27, + "type": "produces" + }, + { + "source": 19, + "target": 27, + "type": "produces" + }, + { + "source": 28, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 28, + "type": "produces" + }, + { + "source": 29, + "target": 7, + "type": "consumes" + }, + { + "source": 29, + "target": 24, + "type": "consumes" + }, + { + "source": 4, + "target": 29, + "type": "produces" + }, + { + "source": 24, + "target": 29, + "type": "produces" + }, + { + "source": 30, + "target": 7, + "type": "consumes" + }, + { + "source": 30, + "target": 24, + "type": "consumes" + }, + { + "source": 4, + "target": 30, + "type": "produces" + }, + { + "source": 24, + "target": 30, + "type": "produces" + }, + { + "source": 31, + "target": 7, + "type": "consumes" + }, + { + "source": 31, + "target": 24, + "type": "consumes" + }, + { + "source": 4, + "target": 31, + "type": "produces" + }, + { + "source": 24, + "target": 31, + "type": "produces" + }, + { + "source": 32, + "target": 24, + "type": "consumes" + }, + { + "source": 19, + "target": 32, + "type": "produces" + }, + { + "source": 33, + "target": 7, + "type": "consumes" + }, + { + "source": 33, + "target": 24, + "type": "consumes" + }, + { + "source": 4, + "target": 33, + "type": "produces" + }, + { + "source": 24, + "target": 33, + "type": "produces" + }, + { + "source": 34, + "target": 7, + "type": "consumes" + }, + { + "source": 34, + "target": 24, + "type": "consumes" + }, + { + "source": 4, + "target": 34, + "type": "produces" + }, + { + "source": 24, + "target": 34, + "type": "produces" + }, + { + "source": 35, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 35, + "type": "produces" + }, + { + "source": 36, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 36, + "type": "produces" + }, + { + "source": 37, + "target": 3, + "type": "consumes" + }, + { + "source": 4, + "target": 37, + "type": "produces" + }, + { + "source": 38, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 38, + "type": "produces" + }, + { + "source": 39, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 39, + "type": "produces" + }, + { + "source": 40, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 40, + "type": "produces" + }, + { + "source": 41, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 41, + "type": "produces" + }, + { + "source": 42, + "target": 19, + "type": "consumes" + }, + { + "source": 43, + "target": 42, + "type": "produces" + }, + { + "source": 44, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 44, + "type": "produces" + }, + { + "source": 45, + "target": 7, + "type": "consumes" + }, + { + "source": 46, + "target": 45, + "type": "produces" + }, + { + "source": 47, + "target": 45, + "type": "produces" + }, + { + "source": 48, + "target": 45, + "type": "produces" + }, + { + "source": 49, + "target": 45, + "type": "produces" + }, + { + "source": 50, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 50, + "type": "produces" + }, + { + "source": 51, + "target": 2, + "type": "consumes" + }, + { + "source": 4, + "target": 51, + "type": "produces" + }, + { + "source": 5, + "target": 51, + "type": "produces" + }, + { + "source": 52, + "target": 7, + "type": "consumes" + }, + { + "source": 46, + "target": 52, + "type": "produces" + }, + { + "source": 47, + "target": 52, + "type": "produces" + }, + { + "source": 48, + "target": 52, + "type": "produces" + }, + { + "source": 49, + "target": 52, + "type": "produces" + }, + { + "source": 53, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 53, + "type": "produces" + }, + { + "source": 54, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 54, + "type": "produces" + }, + { + "source": 55, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 55, + "type": "produces" + }, + { + "source": 56, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 56, + "type": "produces" + }, + { + "source": 46, + "target": 56, + "type": "produces" + }, + { + "source": 19, + "target": 56, + "type": "produces" + }, + { + "source": 57, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 57, + "type": "produces" + }, + { + "source": 58, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 58, + "type": "produces" + }, + { + "source": 59, + "target": 43, + "type": "consumes" + }, + { + "source": 10, + "target": 59, + "type": "produces" + }, + { + "source": 60, + "target": 61, + "type": "consumes" + }, + { + "source": 60, + "target": 62, + "type": "consumes" + }, + { + "source": 43, + "target": 60, + "type": "produces" + }, + { + "source": 62, + "target": 60, + "type": "produces" + }, + { + "source": 19, + "target": 60, + "type": "produces" + }, + { + "source": 63, + "target": 2, + "type": "consumes" + }, + { + "source": 16, + "target": 63, + "type": "produces" + }, + { + "source": 5, + "target": 63, + "type": "produces" + }, + { + "source": 64, + "target": 7, + "type": "consumes" + }, + { + "source": 46, + "target": 64, + "type": "produces" + }, + { + "source": 65, + "target": 46, + "type": "consumes" + }, + { + "source": 66, + "target": 2, + "type": "consumes" + }, + { + "source": 66, + "target": 67, + "type": "consumes" + }, + { + "source": 19, + "target": 66, + "type": "produces" + }, + { + "source": 68, + "target": 66, + "type": "produces" + }, + { + "source": 69, + "target": 3, + "type": "consumes" + }, + { + "source": 19, + "target": 69, + "type": "produces" + }, + { + "source": 70, + "target": 71, + "type": "consumes" + }, + { + "source": 19, + "target": 70, + "type": "produces" + }, + { + "source": 72, + "target": 2, + "type": "consumes" + }, + { + "source": 72, + "target": 19, + "type": "consumes" + }, + { + "source": 10, + "target": 72, + "type": "produces" + }, + { + "source": 73, + "target": 15, + "type": "consumes" + }, + { + "source": 74, + "target": 73, + "type": "produces" + }, + { + "source": 75, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 75, + "type": "produces" + }, + { + "source": 76, + "target": 3, + "type": "consumes" + }, + { + "source": 5, + "target": 76, + "type": "produces" + }, + { + "source": 77, + "target": 3, + "type": "consumes" + }, + { + "source": 4, + "target": 77, + "type": "produces" + }, + { + "source": 78, + "target": 43, + "type": "consumes" + }, + { + "source": 10, + "target": 78, + "type": "produces" + }, + { + "source": 79, + "target": 7, + "type": "consumes" + }, + { + "source": 43, + "target": 79, + "type": "produces" + }, + { + "source": 19, + "target": 79, + "type": "produces" + }, + { + "source": 80, + "target": 61, + "type": "consumes" + }, + { + "source": 80, + "target": 62, + "type": "consumes" + }, + { + "source": 43, + "target": 80, + "type": "produces" + }, + { + "source": 81, + "target": 43, + "type": "consumes" + }, + { + "source": 10, + "target": 81, + "type": "produces" + }, + { + "source": 82, + "target": 2, + "type": "consumes" + }, + { + "source": 82, + "target": 62, + "type": "consumes" + }, + { + "source": 82, + "target": 16, + "type": "consumes" + }, + { + "source": 43, + "target": 82, + "type": "produces" + }, + { + "source": 4, + "target": 82, + "type": "produces" + }, + { + "source": 62, + "target": 82, + "type": "produces" + }, + { + "source": 16, + "target": 82, + "type": "produces" + }, + { + "source": 83, + "target": 43, + "type": "consumes" + }, + { + "source": 83, + "target": 61, + "type": "consumes" + }, + { + "source": 9, + "target": 83, + "type": "produces" + }, + { + "source": 84, + "target": 62, + "type": "consumes" + }, + { + "source": 84, + "target": 3, + "type": "consumes" + }, + { + "source": 16, + "target": 84, + "type": "produces" + }, + { + "source": 3, + "target": 84, + "type": "produces" + }, + { + "source": 19, + "target": 84, + "type": "produces" + }, + { + "source": 85, + "target": 84, + "type": "produces" + }, + { + "source": 86, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 86, + "type": "produces" + }, + { + "source": 87, + "target": 2, + "type": "consumes" + }, + { + "source": 4, + "target": 87, + "type": "produces" + }, + { + "source": 88, + "target": 15, + "type": "consumes" + }, + { + "source": 88, + "target": 3, + "type": "consumes" + }, + { + "source": 88, + "target": 19, + "type": "consumes" + }, + { + "source": 2, + "target": 88, + "type": "produces" + }, + { + "source": 3, + "target": 88, + "type": "produces" + }, + { + "source": 89, + "target": 68, + "type": "consumes" + }, + { + "source": 4, + "target": 89, + "type": "produces" + }, + { + "source": 90, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 90, + "type": "produces" + }, + { + "source": 46, + "target": 90, + "type": "produces" + }, + { + "source": 19, + "target": 90, + "type": "produces" + }, + { + "source": 91, + "target": 3, + "type": "consumes" + }, + { + "source": 71, + "target": 91, + "type": "produces" + }, + { + "source": 92, + "target": 7, + "type": "consumes" + }, + { + "source": 92, + "target": 12, + "type": "consumes" + }, + { + "source": 7, + "target": 92, + "type": "produces" + }, + { + "source": 4, + "target": 92, + "type": "produces" + }, + { + "source": 15, + "target": 92, + "type": "produces" + }, + { + "source": 16, + "target": 92, + "type": "produces" + }, + { + "source": 5, + "target": 92, + "type": "produces" + }, + { + "source": 93, + "target": 12, + "type": "consumes" + }, + { + "source": 94, + "target": 93, + "type": "produces" + }, + { + "source": 95, + "target": 12, + "type": "consumes" + }, + { + "source": 12, + "target": 95, + "type": "produces" + }, + { + "source": 96, + "target": 12, + "type": "consumes" + }, + { + "source": 94, + "target": 96, + "type": "produces" + }, + { + "source": 97, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 97, + "type": "produces" + }, + { + "source": 98, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 98, + "type": "produces" + }, + { + "source": 99, + "target": 2, + "type": "consumes" + }, + { + "source": 4, + "target": 99, + "type": "produces" + }, + { + "source": 100, + "target": 2, + "type": "consumes" + }, + { + "source": 100, + "target": 3, + "type": "consumes" + }, + { + "source": 7, + "target": 100, + "type": "produces" + }, + { + "source": 4, + "target": 100, + "type": "produces" + }, + { + "source": 101, + "target": 3, + "type": "consumes" + }, + { + "source": 4, + "target": 101, + "type": "produces" + }, + { + "source": 16, + "target": 101, + "type": "produces" + }, + { + "source": 5, + "target": 101, + "type": "produces" + }, + { + "source": 102, + "target": 7, + "type": "consumes" + }, + { + "source": 102, + "target": 19, + "type": "consumes" + }, + { + "source": 7, + "target": 102, + "type": "produces" + }, + { + "source": 103, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 103, + "type": "produces" + }, + { + "source": 104, + "target": 2, + "type": "consumes" + }, + { + "source": 104, + "target": 68, + "type": "consumes" + }, + { + "source": 4, + "target": 104, + "type": "produces" + }, + { + "source": 68, + "target": 104, + "type": "produces" + }, + { + "source": 105, + "target": 2, + "type": "consumes" + }, + { + "source": 105, + "target": 68, + "type": "consumes" + }, + { + "source": 4, + "target": 105, + "type": "produces" + }, + { + "source": 68, + "target": 105, + "type": "produces" + }, + { + "source": 106, + "target": 2, + "type": "consumes" + }, + { + "source": 106, + "target": 68, + "type": "consumes" + }, + { + "source": 68, + "target": 106, + "type": "produces" + }, + { + "source": 107, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 107, + "type": "produces" + }, + { + "source": 108, + "target": 7, + "type": "consumes" + }, + { + "source": 46, + "target": 108, + "type": "produces" + }, + { + "source": 109, + "target": 7, + "type": "consumes" + }, + { + "source": 109, + "target": 12, + "type": "consumes" + }, + { + "source": 109, + "target": 110, + "type": "consumes" + }, + { + "source": 15, + "target": 109, + "type": "produces" + }, + { + "source": 111, + "target": 61, + "type": "consumes" + }, + { + "source": 111, + "target": 62, + "type": "consumes" + }, + { + "source": 43, + "target": 111, + "type": "produces" + }, + { + "source": 112, + "target": 43, + "type": "consumes" + }, + { + "source": 10, + "target": 112, + "type": "produces" + }, + { + "source": 113, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 113, + "type": "produces" + }, + { + "source": 114, + "target": 3, + "type": "consumes" + }, + { + "source": 19, + "target": 114, + "type": "produces" + }, + { + "source": 115, + "target": 2, + "type": "consumes" + }, + { + "source": 4, + "target": 115, + "type": "produces" + }, + { + "source": 116, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 116, + "type": "produces" + }, + { + "source": 117, + "target": 7, + "type": "consumes" + }, + { + "source": 46, + "target": 117, + "type": "produces" + }, + { + "source": 19, + "target": 117, + "type": "produces" + }, + { + "source": 118, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 118, + "type": "produces" + }, + { + "source": 119, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 119, + "type": "produces" + }, + { + "source": 120, + "target": 7, + "type": "consumes" + }, + { + "source": 46, + "target": 120, + "type": "produces" + }, + { + "source": 121, + "target": 3, + "type": "consumes" + }, + { + "source": 4, + "target": 121, + "type": "produces" + }, + { + "source": 122, + "target": 19, + "type": "consumes" + }, + { + "source": 62, + "target": 122, + "type": "produces" + }, + { + "source": 123, + "target": 124, + "type": "consumes" + }, + { + "source": 123, + "target": 7, + "type": "consumes" + }, + { + "source": 123, + "target": 22, + "type": "consumes" + }, + { + "source": 123, + "target": 10, + "type": "consumes" + }, + { + "source": 123, + "target": 2, + "type": "consumes" + }, + { + "source": 123, + "target": 12, + "type": "consumes" + }, + { + "source": 123, + "target": 110, + "type": "consumes" + }, + { + "source": 123, + "target": 62, + "type": "consumes" + }, + { + "source": 123, + "target": 24, + "type": "consumes" + }, + { + "source": 123, + "target": 3, + "type": "consumes" + }, + { + "source": 123, + "target": 19, + "type": "consumes" + }, + { + "source": 123, + "target": 49, + "type": "consumes" + }, + { + "source": 7, + "target": 123, + "type": "produces" + }, + { + "source": 10, + "target": 123, + "type": "produces" + }, + { + "source": 4, + "target": 123, + "type": "produces" + }, + { + "source": 12, + "target": 123, + "type": "produces" + }, + { + "source": 15, + "target": 123, + "type": "produces" + }, + { + "source": 61, + "target": 123, + "type": "produces" + }, + { + "source": 125, + "target": 15, + "type": "consumes" + }, + { + "source": 7, + "target": 125, + "type": "produces" + }, + { + "source": 46, + "target": 125, + "type": "produces" + }, + { + "source": 126, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 126, + "type": "produces" + }, + { + "source": 127, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 127, + "type": "produces" + }, + { + "source": 128, + "target": 7, + "type": "consumes" + }, + { + "source": 128, + "target": 22, + "type": "consumes" + }, + { + "source": 129, + "target": 2, + "type": "consumes" + }, + { + "source": 129, + "target": 3, + "type": "consumes" + }, + { + "source": 4, + "target": 129, + "type": "produces" + }, + { + "source": 5, + "target": 129, + "type": "produces" + }, + { + "source": 130, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 130, + "type": "produces" + }, + { + "source": 131, + "target": 43, + "type": "consumes" + }, + { + "source": 131, + "target": 10, + "type": "consumes" + }, + { + "source": 4, + "target": 131, + "type": "produces" + }, + { + "source": 5, + "target": 131, + "type": "produces" + }, + { + "source": 132, + "target": 10, + "type": "consumes" + }, + { + "source": 67, + "target": 132, + "type": "produces" + }, + { + "source": 133, + "target": 3, + "type": "consumes" + }, + { + "source": 4, + "target": 133, + "type": "produces" + }, + { + "source": 134, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 134, + "type": "produces" + }, + { + "source": 19, + "target": 134, + "type": "produces" + }, + { + "source": 135, + "target": 3, + "type": "consumes" + }, + { + "source": 7, + "target": 135, + "type": "produces" + }, + { + "source": 136, + "target": 135, + "type": "produces" + }, + { + "source": 137, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 137, + "type": "produces" + }, + { + "source": 138, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 138, + "type": "produces" + }, + { + "source": 139, + "target": 3, + "type": "consumes" + }, + { + "source": 17, + "target": 139, + "type": "produces" + }, + { + "source": 140, + "target": 2, + "type": "consumes" + }, + { + "source": 16, + "target": 140, + "type": "produces" + }, + { + "source": 141, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 141, + "type": "produces" + }, + { + "source": 19, + "target": 141, + "type": "produces" + }, + { + "source": 142, + "target": 4, + "type": "consumes" + }, + { + "source": 142, + "target": 16, + "type": "consumes" + }, + { + "source": 142, + "target": 3, + "type": "consumes" + }, + { + "source": 142, + "target": 136, + "type": "consumes" + }, + { + "source": 142, + "target": 5, + "type": "consumes" + }, + { + "source": 143, + "target": 2, + "type": "consumes" + }, + { + "source": 143, + "target": 16, + "type": "consumes" + }, + { + "source": 4, + "target": 143, + "type": "produces" + }, + { + "source": 16, + "target": 143, + "type": "produces" + }, + { + "source": 19, + "target": 143, + "type": "produces" + }, + { + "source": 5, + "target": 143, + "type": "produces" + }, + { + "source": 144, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 144, + "type": "produces" + } +] \ No newline at end of file diff --git a/docs/modules/list_of_modules.md b/docs/modules/list_of_modules.md index abed66cff..e19bb7719 100644 --- a/docs/modules/list_of_modules.md +++ b/docs/modules/list_of_modules.md @@ -1,132 +1,137 @@ # List of Modules -| Module | Type | Needs API Key | Description | Flags | Consumed Events | Produced Events | Author | Created Date | -|----------------------|----------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------|------------------|----------------| -| ajaxpro | scan | No | Check for potentially vulnerable Ajaxpro instances | active, safe, web-thorough | HTTP_RESPONSE, URL | FINDING, VULNERABILITY | @liquidsec | 2024-01-18 | -| baddns | scan | No | Check hosts for domain/subdomain takeovers | active, baddns, cloud-enum, safe, subdomain-hijack, web-basic | DNS_NAME, DNS_NAME_UNRESOLVED | FINDING, VULNERABILITY | @liquidsec | 2024-01-18 | -| baddns_zone | scan | No | Check hosts for DNS zone transfers and NSEC walks | active, baddns, cloud-enum, safe, subdomain-enum | DNS_NAME | FINDING, VULNERABILITY | @liquidsec | 2024-01-29 | -| badsecrets | scan | No | Library for detecting known or weak secrets across many web frameworks | active, safe, web-basic | HTTP_RESPONSE | FINDING, TECHNOLOGY, VULNERABILITY | @liquidsec | 2022-11-19 | -| bucket_amazon | scan | No | Check for S3 buckets related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | -| bucket_azure | scan | No | Check for Azure storage blobs related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | -| bucket_digitalocean | scan | No | Check for DigitalOcean spaces related to target | active, cloud-enum, safe, slow, web-thorough | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-08 | -| bucket_firebase | scan | No | Check for open Firebase databases related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2023-03-20 | -| bucket_google | scan | No | Check for Google object storage related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | -| bypass403 | scan | No | Check 403 pages for common bypasses | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-07-05 | -| dastardly | scan | No | Lightweight web application security scanner | active, aggressive, deadly, slow, web-thorough | HTTP_RESPONSE | FINDING, VULNERABILITY | @domwhewell-sage | 2023-12-11 | -| dnsbrute | scan | No | Brute-force subdomains with massdns + static wordlist | active, aggressive, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-04-24 | -| dnsbrute_mutations | scan | No | Brute-force subdomains with massdns + target-specific mutations | active, aggressive, slow, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-04-25 | -| dnscommonsrv | scan | No | Check for common SRV records | active, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-15 | -| dotnetnuke | scan | No | Scan for critical DotNetNuke (DNN) vulnerabilities | active, aggressive, web-thorough | HTTP_RESPONSE | TECHNOLOGY, VULNERABILITY | @liquidsec | 2023-11-21 | -| ffuf | scan | No | A fast web fuzzer written in Go | active, aggressive, deadly | URL | URL_UNVERIFIED | @pmueller | 2022-04-10 | -| ffuf_shortnames | scan | No | Use ffuf in combination IIS shortnames | active, aggressive, iis-shortnames, web-thorough | URL_HINT | URL_UNVERIFIED | @liquidsec | 2022-07-05 | -| filedownload | scan | No | Download common filetypes such as PDF, DOCX, PPTX, etc. | active, safe, web-basic | HTTP_RESPONSE, URL_UNVERIFIED | FILESYSTEM | @TheTechromancer | 2023-10-11 | -| fingerprintx | scan | No | Fingerprint exposed services like RDP, SSH, MySQL, etc. | active, safe, service-enum, slow | OPEN_TCP_PORT | PROTOCOL | @TheTechromancer | 2023-01-30 | -| generic_ssrf | scan | No | Check for generic SSRFs | active, aggressive, web-thorough | URL | VULNERABILITY | @liquidsec | 2022-07-30 | -| git | scan | No | Check for exposed .git repositories | active, code-enum, safe, web-basic | URL | FINDING | @TheTechromancer | 2023-05-30 | -| gitlab | scan | No | Detect GitLab instances and query them for repositories | active, code-enum, safe | HTTP_RESPONSE, SOCIAL, TECHNOLOGY | CODE_REPOSITORY, FINDING, SOCIAL, TECHNOLOGY | @TheTechromancer | 2024-03-11 | -| gowitness | scan | No | Take screenshots of webpages | active, safe, web-screenshots | SOCIAL, URL | TECHNOLOGY, URL, URL_UNVERIFIED, WEBSCREENSHOT | @TheTechromancer | 2022-07-08 | -| host_header | scan | No | Try common HTTP Host header spoofing techniques | active, aggressive, web-thorough | HTTP_RESPONSE | FINDING | @liquidsec | 2022-07-27 | -| httpx | scan | No | Visit webpages. Many other modules rely on httpx | active, cloud-enum, safe, social-enum, subdomain-enum, web-basic | OPEN_TCP_PORT, URL, URL_UNVERIFIED | HTTP_RESPONSE, URL | @TheTechromancer | 2022-07-08 | -| hunt | scan | No | Watch for commonly-exploitable HTTP parameters | active, safe, web-thorough | WEB_PARAMETER | FINDING | @liquidsec | 2022-07-20 | -| iis_shortnames | scan | No | Check for IIS shortname vulnerability | active, iis-shortnames, safe, web-basic | URL | URL_HINT | @pmueller | 2022-04-15 | -| newsletters | scan | No | Searches for Newsletter Submission Entry Fields on Websites | active, safe | HTTP_RESPONSE | FINDING | @stryker2k2 | 2024-02-02 | -| ntlm | scan | No | Watch for HTTP endpoints that support NTLM authentication | active, safe, web-basic | HTTP_RESPONSE, URL | DNS_NAME, FINDING | @liquidsec | 2022-07-25 | -| nuclei | scan | No | Fast and customisable vulnerability scanner | active, aggressive, deadly | URL | FINDING, TECHNOLOGY, VULNERABILITY | @TheTechromancer | 2022-03-12 | -| oauth | scan | No | Enumerate OAUTH and OpenID Connect services | active, affiliates, cloud-enum, safe, subdomain-enum, web-basic | DNS_NAME, URL_UNVERIFIED | DNS_NAME | @TheTechromancer | 2023-07-12 | -| paramminer_cookies | scan | No | Smart brute-force to check for common HTTP cookie parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | FINDING, WEB_PARAMETER | @liquidsec | 2022-06-27 | -| paramminer_getparams | scan | No | Use smart brute-force to check for common HTTP GET parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | FINDING, WEB_PARAMETER | @liquidsec | 2022-06-28 | -| paramminer_headers | scan | No | Use smart brute-force to check for common HTTP header parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | WEB_PARAMETER | @pmueller | 2022-04-15 | -| portscan | scan | No | Port scan with masscan. By default, scans top 100 ports. | active, portscan, safe | DNS_NAME, IP_ADDRESS, IP_RANGE | OPEN_TCP_PORT | @TheTechromancer | 2024-05-15 | -| robots | scan | No | Look for and parse robots.txt | active, safe, web-basic | URL | URL_UNVERIFIED | @liquidsec | 2023-02-01 | -| secretsdb | scan | No | Detect common secrets with secrets-patterns-db | active, safe, web-basic | HTTP_RESPONSE | FINDING | @TheTechromancer | 2023-03-17 | -| securitytxt | scan | No | Check for security.txt content | active, cloud-enum, safe, subdomain-enum, web-basic | DNS_NAME | EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | -| smuggler | scan | No | Check for HTTP smuggling | active, aggressive, slow, web-thorough | URL | FINDING | @liquidsec | 2022-07-06 | -| sslcert | scan | No | Visit open ports and retrieve SSL certificates | active, affiliates, email-enum, safe, subdomain-enum, web-basic | OPEN_TCP_PORT | DNS_NAME, EMAIL_ADDRESS | @TheTechromancer | 2022-03-30 | -| telerik | scan | No | Scan for critical Telerik vulnerabilities | active, aggressive, web-thorough | HTTP_RESPONSE, URL | FINDING, VULNERABILITY | @liquidsec | 2022-04-10 | -| url_manipulation | scan | No | Attempt to identify URL parsing/routing based vulnerabilities | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-09-27 | -| vhost | scan | No | Fuzz for virtual hosts | active, aggressive, deadly, slow | URL | DNS_NAME, VHOST | @liquidsec | 2022-05-02 | -| wafw00f | scan | No | Web Application Firewall Fingerprinting Tool | active, aggressive | URL | WAF | @liquidsec | 2023-02-15 | -| wappalyzer | scan | No | Extract technologies from web responses | active, safe, web-basic | HTTP_RESPONSE | TECHNOLOGY | @liquidsec | 2022-04-15 | -| wpscan | scan | No | Wordpress security scanner. Highly recommended to use an API key for better results. | active, aggressive | HTTP_RESPONSE, TECHNOLOGY | FINDING, TECHNOLOGY, URL_UNVERIFIED, VULNERABILITY | @domwhewell-sage | 2024-05-29 | -| affiliates | scan | No | Summarize affiliate domains at the end of a scan | affiliates, passive, report, safe | * | | @TheTechromancer | 2022-07-25 | -| anubisdb | scan | No | Query jldc.me's database for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-10-04 | -| asn | scan | No | Query ripe and bgpview.io for ASNs | passive, report, safe, subdomain-enum | IP_ADDRESS | ASN | @TheTechromancer | 2022-07-25 | -| azure_realm | scan | No | Retrieves the "AuthURL" from login.microsoftonline.com/getuserrealm | affiliates, cloud-enum, passive, safe, subdomain-enum, web-basic | DNS_NAME | URL_UNVERIFIED | @TheTechromancer | 2023-07-12 | -| azure_tenant | scan | No | Query Azure for tenant sister domains | affiliates, cloud-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-07-04 | -| bevigil | scan | Yes | Retrieve OSINT data from mobile applications using BeVigil | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @alt-glitch | 2022-10-26 | -| binaryedge | scan | Yes | Query the BinaryEdge API | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-17 | -| bucket_file_enum | scan | No | Works in conjunction with the filedownload module to download files from open storage buckets. Currently supported cloud providers: AWS, DigitalOcean | cloud-enum, passive, safe | STORAGE_BUCKET | URL_UNVERIFIED | @TheTechromancer | 2023-11-14 | -| builtwith | scan | Yes | Query Builtwith.com for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-23 | -| c99 | scan | Yes | Query the C99 API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-08 | -| censys | scan | Yes | Query the Censys API | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-04 | -| certspotter | scan | No | Query Certspotter's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-28 | -| chaos | scan | Yes | Query ProjectDiscovery's Chaos API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-14 | -| code_repository | scan | No | Look for code repository links in webpages | code-enum, passive, safe | URL_UNVERIFIED | CODE_REPOSITORY | @domwhewell-sage | 2024-05-15 | -| columbus | scan | No | Query the Columbus Project API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-06-01 | -| credshed | scan | Yes | Send queries to your own credshed server to check for known credentials of your targets | passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | -| crt | scan | No | Query crt.sh (certificate transparency) for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-13 | -| dehashed | scan | Yes | Execute queries against dehashed.com for exposed credentials | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | -| digitorus | scan | No | Query certificatedetails.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-25 | -| dnscaa | scan | No | Check for CAA records | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | -| dnsdumpster | scan | No | Query dnsdumpster for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-03-12 | -| docker_pull | scan | No | Download images from a docker repository | code-enum, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-24 | -| dockerhub | scan | No | Search for docker repositories of discovered orgs/usernames | code-enum, passive, safe | ORG_STUB, SOCIAL | CODE_REPOSITORY, SOCIAL, URL_UNVERIFIED | @domwhewell-sage | 2024-03-12 | -| emailformat | scan | No | Query email-format.com for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-07-11 | -| fullhunt | scan | Yes | Query the fullhunt.io API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | -| git_clone | scan | No | Clone code github repositories | code-enum, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-08 | -| github_codesearch | scan | Yes | Query Github's API for code containing the target domain name | code-enum, passive, safe, subdomain-enum | DNS_NAME | CODE_REPOSITORY, URL_UNVERIFIED | @domwhewell-sage | 2023-12-14 | -| github_org | scan | No | Query Github's API for organization and member repositories | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2023-12-14 | -| github_workflows | scan | No | Download a github repositories workflow logs and workflow artifacts | code-enum, passive, safe | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-04-29 | -| hackertarget | scan | No | Query the hackertarget.com API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-28 | -| hunterio | scan | Yes | Query hunter.io for emails | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @TheTechromancer | 2022-04-25 | -| internetdb | scan | No | Query Shodan's InternetDB for open ports, hostnames, technologies, and vulnerabilities | passive, portscan, safe, subdomain-enum | DNS_NAME, IP_ADDRESS | DNS_NAME, FINDING, OPEN_TCP_PORT, TECHNOLOGY, VULNERABILITY | @TheTechromancer | 2023-12-22 | -| ip2location | scan | Yes | Query IP2location.io's API for geolocation information. | passive, safe | IP_ADDRESS | GEOLOCATION | @TheTechromancer | 2023-09-12 | -| ipneighbor | scan | No | Look beside IPs in their surrounding subnet | aggressive, passive, subdomain-enum | IP_ADDRESS | IP_ADDRESS | @TheTechromancer | 2022-06-08 | -| ipstack | scan | Yes | Query IPStack's GeoIP API | passive, safe | IP_ADDRESS | GEOLOCATION | @tycoonslive | 2022-11-26 | -| leakix | scan | No | Query leakix.net for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-11 | -| myssl | scan | No | Query myssl.com's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-10 | -| otx | scan | No | Query otx.alienvault.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | -| passivetotal | scan | Yes | Query the PassiveTotal API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-08 | -| pgp | scan | No | Query common PGP servers for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-08-10 | -| postman | scan | No | Query Postman's API for related workspaces, collections, requests and download them | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2024-09-07 | -| postman_download | scan | No | Download workspaces, collections, requests from Postman | code-enum, passive, safe, subdomain-enum | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-09-07 | -| rapiddns | scan | No | Query rapiddns.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | -| securitytrails | scan | Yes | Query the SecurityTrails API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-03 | -| shodan_dns | scan | Yes | Query Shodan for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-03 | -| sitedossier | scan | No | Query sitedossier.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-08-04 | -| skymem | scan | No | Query skymem.info for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-07-11 | -| social | scan | No | Look for social media links in webpages | passive, safe, social-enum | URL_UNVERIFIED | SOCIAL | @TheTechromancer | 2023-03-28 | -| subdomaincenter | scan | No | Query subdomain.center's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-26 | -| trickest | scan | Yes | Query Trickest's API for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @amiremami | 2024-07-27 | -| trufflehog | scan | No | TruffleHog is a tool for finding credentials | code-enum, passive, safe | CODE_REPOSITORY, FILESYSTEM | FINDING, VULNERABILITY | @domwhewell-sage | 2024-03-12 | -| unstructured | scan | No | Module to extract data from files | passive, safe | FILESYSTEM | FILESYSTEM, RAW_TEXT | @domwhewell-sage | 2024-06-03 | -| urlscan | scan | No | Query urlscan.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @TheTechromancer | 2022-06-09 | -| viewdns | scan | No | Query viewdns.info's reverse whois for related domains | affiliates, passive, safe | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-04 | -| virustotal | scan | Yes | Query VirusTotal's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-25 | -| wayback | scan | No | Query archive.org's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @pmueller | 2022-04-01 | -| zoomeye | scan | Yes | Query ZoomEye's API for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-03 | -| asset_inventory | output | No | Merge hosts, open ports, technologies, findings, etc. into a single asset inventory CSV | | DNS_NAME, FINDING, HTTP_RESPONSE, IP_ADDRESS, OPEN_TCP_PORT, TECHNOLOGY, URL, VULNERABILITY, WAF | IP_ADDRESS, OPEN_TCP_PORT | @liquidsec | 2022-09-30 | -| csv | output | No | Output to CSV | | * | | @TheTechromancer | 2022-04-07 | -| discord | output | No | Message a Discord channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | -| emails | output | No | Output any email addresses found belonging to the target domain | email-enum | EMAIL_ADDRESS | | @domwhewell-sage | 2023-12-23 | -| http | output | No | Send every event to a custom URL via a web request | | * | | @TheTechromancer | 2022-04-13 | -| json | output | No | Output to Newline-Delimited JSON (NDJSON) | | * | | @TheTechromancer | 2022-04-07 | -| neo4j | output | No | Output to Neo4j | | * | | @TheTechromancer | 2022-04-07 | -| python | output | No | Output via Python API | | * | | @TheTechromancer | 2022-09-13 | -| slack | output | No | Message a Slack channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | -| splunk | output | No | Send every event to a splunk instance through HTTP Event Collector | | * | | @w0Tx | 2024-02-17 | -| stdout | output | No | Output to text | | * | | | | -| subdomains | output | No | Output only resolved, in-scope subdomains | subdomain-enum | DNS_NAME, DNS_NAME_UNRESOLVED | | @TheTechromancer | 2023-07-31 | -| teams | output | No | Message a Teams channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | -| txt | output | No | Output to text | | * | | | | -| web_report | output | No | Create a markdown report with web assets | | FINDING, TECHNOLOGY, URL, VHOST, VULNERABILITY | | @liquidsec | 2023-02-08 | -| websocket | output | No | Output to websockets | | * | | @TheTechromancer | 2022-04-15 | -| cloudcheck | internal | No | Tag events by cloud provider, identify cloud resources like storage buckets | | * | | | | -| dnsresolve | internal | No | | | * | | | | -| aggregate | internal | No | Summarize statistics at the end of a scan | passive, safe | | | @TheTechromancer | 2022-07-25 | -| excavate | internal | No | Passively extract juicy tidbits from scan data | passive | HTTP_RESPONSE, RAW_TEXT | URL_UNVERIFIED, WEB_PARAMETER | @liquidsec | 2022-06-27 | -| speculate | internal | No | Derive certain event types from others by common sense | passive | AZURE_TENANT, DNS_NAME, DNS_NAME_UNRESOLVED, HTTP_RESPONSE, IP_ADDRESS, IP_RANGE, SOCIAL, STORAGE_BUCKET, URL, URL_UNVERIFIED, USERNAME | DNS_NAME, FINDING, IP_ADDRESS, OPEN_TCP_PORT, ORG_STUB | @liquidsec | 2022-05-03 | +| Module | Type | Needs API Key | Description | Flags | Consumed Events | Produced Events | Author | Created Date | +|----------------------|----------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|------------------|----------------| +| ajaxpro | scan | No | Check for potentially vulnerable Ajaxpro instances | active, safe, web-thorough | HTTP_RESPONSE, URL | FINDING, VULNERABILITY | @liquidsec | 2024-01-18 | +| baddns | scan | No | Check hosts for domain/subdomain takeovers | active, baddns, cloud-enum, safe, subdomain-hijack, web-basic | DNS_NAME, DNS_NAME_UNRESOLVED | FINDING, VULNERABILITY | @liquidsec | 2024-01-18 | +| baddns_direct | scan | No | Check for unusual subdomain / service takeover edge cases that require direct detection | active, baddns, cloud-enum, safe, subdomain-enum | STORAGE_BUCKET, URL | FINDING, VULNERABILITY | @liquidsec | 2024-01-29 | +| baddns_zone | scan | No | Check hosts for DNS zone transfers and NSEC walks | active, baddns, cloud-enum, safe, subdomain-enum | DNS_NAME | FINDING, VULNERABILITY | @liquidsec | 2024-01-29 | +| badsecrets | scan | No | Library for detecting known or weak secrets across many web frameworks | active, safe, web-basic | HTTP_RESPONSE | FINDING, TECHNOLOGY, VULNERABILITY | @liquidsec | 2022-11-19 | +| bucket_amazon | scan | No | Check for S3 buckets related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | +| bucket_azure | scan | No | Check for Azure storage blobs related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | +| bucket_digitalocean | scan | No | Check for DigitalOcean spaces related to target | active, cloud-enum, safe, slow, web-thorough | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-08 | +| bucket_firebase | scan | No | Check for open Firebase databases related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2023-03-20 | +| bucket_google | scan | No | Check for Google object storage related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | +| bypass403 | scan | No | Check 403 pages for common bypasses | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-07-05 | +| dastardly | scan | No | Lightweight web application security scanner | active, aggressive, deadly, slow, web-thorough | HTTP_RESPONSE | FINDING, VULNERABILITY | @domwhewell-sage | 2023-12-11 | +| dnsbrute | scan | No | Brute-force subdomains with massdns + static wordlist | active, aggressive, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-04-24 | +| dnsbrute_mutations | scan | No | Brute-force subdomains with massdns + target-specific mutations | active, aggressive, slow, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-04-25 | +| dnscommonsrv | scan | No | Check for common SRV records | active, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-15 | +| dotnetnuke | scan | No | Scan for critical DotNetNuke (DNN) vulnerabilities | active, aggressive, web-thorough | HTTP_RESPONSE | TECHNOLOGY, VULNERABILITY | @liquidsec | 2023-11-21 | +| ffuf | scan | No | A fast web fuzzer written in Go | active, aggressive, deadly | URL | URL_UNVERIFIED | @liquidsec | 2022-04-10 | +| ffuf_shortnames | scan | No | Use ffuf in combination IIS shortnames | active, aggressive, iis-shortnames, web-thorough | URL_HINT | URL_UNVERIFIED | @liquidsec | 2022-07-05 | +| filedownload | scan | No | Download common filetypes such as PDF, DOCX, PPTX, etc. | active, safe, web-basic | HTTP_RESPONSE, URL_UNVERIFIED | FILESYSTEM | @TheTechromancer | 2023-10-11 | +| fingerprintx | scan | No | Fingerprint exposed services like RDP, SSH, MySQL, etc. | active, safe, service-enum, slow | OPEN_TCP_PORT | PROTOCOL | @TheTechromancer | 2023-01-30 | +| generic_ssrf | scan | No | Check for generic SSRFs | active, aggressive, web-thorough | URL | VULNERABILITY | @liquidsec | 2022-07-30 | +| git | scan | No | Check for exposed .git repositories | active, code-enum, safe, web-basic | URL | FINDING | @TheTechromancer | 2023-05-30 | +| gitlab | scan | No | Detect GitLab instances and query them for repositories | active, code-enum, safe | HTTP_RESPONSE, SOCIAL, TECHNOLOGY | CODE_REPOSITORY, FINDING, SOCIAL, TECHNOLOGY | @TheTechromancer | 2024-03-11 | +| gowitness | scan | No | Take screenshots of webpages | active, safe, web-screenshots | SOCIAL, URL | TECHNOLOGY, URL, URL_UNVERIFIED, WEBSCREENSHOT | @TheTechromancer | 2022-07-08 | +| host_header | scan | No | Try common HTTP Host header spoofing techniques | active, aggressive, web-thorough | HTTP_RESPONSE | FINDING | @liquidsec | 2022-07-27 | +| httpx | scan | No | Visit webpages. Many other modules rely on httpx | active, cloud-enum, safe, social-enum, subdomain-enum, web-basic | OPEN_TCP_PORT, URL, URL_UNVERIFIED | HTTP_RESPONSE, URL | @TheTechromancer | 2022-07-08 | +| hunt | scan | No | Watch for commonly-exploitable HTTP parameters | active, safe, web-thorough | WEB_PARAMETER | FINDING | @liquidsec | 2022-07-20 | +| iis_shortnames | scan | No | Check for IIS shortname vulnerability | active, iis-shortnames, safe, web-basic | URL | URL_HINT | @liquidsec | 2022-04-15 | +| newsletters | scan | No | Searches for Newsletter Submission Entry Fields on Websites | active, safe | HTTP_RESPONSE | FINDING | @stryker2k2 | 2024-02-02 | +| ntlm | scan | No | Watch for HTTP endpoints that support NTLM authentication | active, safe, web-basic | HTTP_RESPONSE, URL | DNS_NAME, FINDING | @liquidsec | 2022-07-25 | +| nuclei | scan | No | Fast and customisable vulnerability scanner | active, aggressive, deadly | URL | FINDING, TECHNOLOGY, VULNERABILITY | @TheTechromancer | 2022-03-12 | +| oauth | scan | No | Enumerate OAUTH and OpenID Connect services | active, affiliates, cloud-enum, safe, subdomain-enum, web-basic | DNS_NAME, URL_UNVERIFIED | DNS_NAME | @TheTechromancer | 2023-07-12 | +| paramminer_cookies | scan | No | Smart brute-force to check for common HTTP cookie parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | FINDING, WEB_PARAMETER | @liquidsec | 2022-06-27 | +| paramminer_getparams | scan | No | Use smart brute-force to check for common HTTP GET parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | FINDING, WEB_PARAMETER | @liquidsec | 2022-06-28 | +| paramminer_headers | scan | No | Use smart brute-force to check for common HTTP header parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | WEB_PARAMETER | @liquidsec | 2022-04-15 | +| portscan | scan | No | Port scan with masscan. By default, scans top 100 ports. | active, portscan, safe | DNS_NAME, IP_ADDRESS, IP_RANGE | OPEN_TCP_PORT | @TheTechromancer | 2024-05-15 | +| robots | scan | No | Look for and parse robots.txt | active, safe, web-basic | URL | URL_UNVERIFIED | @liquidsec | 2023-02-01 | +| secretsdb | scan | No | Detect common secrets with secrets-patterns-db | active, safe, web-basic | HTTP_RESPONSE | FINDING | @TheTechromancer | 2023-03-17 | +| securitytxt | scan | No | Check for security.txt content | active, cloud-enum, safe, subdomain-enum, web-basic | DNS_NAME | EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | +| smuggler | scan | No | Check for HTTP smuggling | active, aggressive, slow, web-thorough | URL | FINDING | @liquidsec | 2022-07-06 | +| sslcert | scan | No | Visit open ports and retrieve SSL certificates | active, affiliates, email-enum, safe, subdomain-enum, web-basic | OPEN_TCP_PORT | DNS_NAME, EMAIL_ADDRESS | @TheTechromancer | 2022-03-30 | +| telerik | scan | No | Scan for critical Telerik vulnerabilities | active, aggressive, web-thorough | HTTP_RESPONSE, URL | FINDING, VULNERABILITY | @liquidsec | 2022-04-10 | +| url_manipulation | scan | No | Attempt to identify URL parsing/routing based vulnerabilities | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-09-27 | +| vhost | scan | No | Fuzz for virtual hosts | active, aggressive, deadly, slow | URL | DNS_NAME, VHOST | @liquidsec | 2022-05-02 | +| wafw00f | scan | No | Web Application Firewall Fingerprinting Tool | active, aggressive | URL | WAF | @liquidsec | 2023-02-15 | +| wappalyzer | scan | No | Extract technologies from web responses | active, safe, web-basic | HTTP_RESPONSE | TECHNOLOGY | @liquidsec | 2022-04-15 | +| wpscan | scan | No | Wordpress security scanner. Highly recommended to use an API key for better results. | active, aggressive | HTTP_RESPONSE, TECHNOLOGY | FINDING, TECHNOLOGY, URL_UNVERIFIED, VULNERABILITY | @domwhewell-sage | 2024-05-29 | +| affiliates | scan | No | Summarize affiliate domains at the end of a scan | affiliates, passive, report, safe | * | | @TheTechromancer | 2022-07-25 | +| anubisdb | scan | No | Query jldc.me's database for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-10-04 | +| apkpure | scan | No | Download android applications from apkpure.com | code-enum, passive, safe | MOBILE_APP | FILESYSTEM | @domwhewell-sage | 2024-10-11 | +| asn | scan | No | Query ripe and bgpview.io for ASNs | passive, report, safe, subdomain-enum | IP_ADDRESS | ASN | @TheTechromancer | 2022-07-25 | +| azure_realm | scan | No | Retrieves the "AuthURL" from login.microsoftonline.com/getuserrealm | affiliates, cloud-enum, passive, safe, subdomain-enum, web-basic | DNS_NAME | URL_UNVERIFIED | @TheTechromancer | 2023-07-12 | +| azure_tenant | scan | No | Query Azure for tenant sister domains | affiliates, cloud-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-07-04 | +| bevigil | scan | Yes | Retrieve OSINT data from mobile applications using BeVigil | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @alt-glitch | 2022-10-26 | +| binaryedge | scan | Yes | Query the BinaryEdge API | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-17 | +| bucket_file_enum | scan | No | Works in conjunction with the filedownload module to download files from open storage buckets. Currently supported cloud providers: AWS, DigitalOcean | cloud-enum, passive, safe | STORAGE_BUCKET | URL_UNVERIFIED | @TheTechromancer | 2023-11-14 | +| bufferoverrun | scan | Yes | Query BufferOverrun's TLS API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-10-23 | +| builtwith | scan | Yes | Query Builtwith.com for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-23 | +| c99 | scan | Yes | Query the C99 API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-08 | +| censys | scan | Yes | Query the Censys API | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-04 | +| certspotter | scan | No | Query Certspotter's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-28 | +| chaos | scan | Yes | Query ProjectDiscovery's Chaos API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-14 | +| code_repository | scan | No | Look for code repository links in webpages | code-enum, passive, safe | URL_UNVERIFIED | CODE_REPOSITORY | @domwhewell-sage | 2024-05-15 | +| columbus | scan | No | Query the Columbus Project API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-06-01 | +| credshed | scan | Yes | Send queries to your own credshed server to check for known credentials of your targets | passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | +| crt | scan | No | Query crt.sh (certificate transparency) for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-13 | +| dehashed | scan | Yes | Execute queries against dehashed.com for exposed credentials | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | +| digitorus | scan | No | Query certificatedetails.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-25 | +| dnscaa | scan | No | Check for CAA records | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | +| dnsdumpster | scan | No | Query dnsdumpster for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-03-12 | +| docker_pull | scan | No | Download images from a docker repository | code-enum, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-24 | +| dockerhub | scan | No | Search for docker repositories of discovered orgs/usernames | code-enum, passive, safe | ORG_STUB, SOCIAL | CODE_REPOSITORY, SOCIAL, URL_UNVERIFIED | @domwhewell-sage | 2024-03-12 | +| emailformat | scan | No | Query email-format.com for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-07-11 | +| fullhunt | scan | Yes | Query the fullhunt.io API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | +| git_clone | scan | No | Clone code github repositories | code-enum, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-08 | +| github_codesearch | scan | Yes | Query Github's API for code containing the target domain name | code-enum, passive, safe, subdomain-enum | DNS_NAME | CODE_REPOSITORY, URL_UNVERIFIED | @domwhewell-sage | 2023-12-14 | +| github_org | scan | No | Query Github's API for organization and member repositories | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2023-12-14 | +| github_workflows | scan | No | Download a github repositories workflow logs and workflow artifacts | code-enum, passive, safe | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-04-29 | +| google_playstore | scan | No | Search for android applications on play.google.com | code-enum, passive, safe | CODE_REPOSITORY, ORG_STUB | MOBILE_APP | @domwhewell-sage | 2024-10-08 | +| hackertarget | scan | No | Query the hackertarget.com API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-28 | +| hunterio | scan | Yes | Query hunter.io for emails | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @TheTechromancer | 2022-04-25 | +| internetdb | scan | No | Query Shodan's InternetDB for open ports, hostnames, technologies, and vulnerabilities | passive, portscan, safe, subdomain-enum | DNS_NAME, IP_ADDRESS | DNS_NAME, FINDING, OPEN_TCP_PORT, TECHNOLOGY, VULNERABILITY | @TheTechromancer | 2023-12-22 | +| ip2location | scan | Yes | Query IP2location.io's API for geolocation information. | passive, safe | IP_ADDRESS | GEOLOCATION | @TheTechromancer | 2023-09-12 | +| ipneighbor | scan | No | Look beside IPs in their surrounding subnet | aggressive, passive, subdomain-enum | IP_ADDRESS | IP_ADDRESS | @TheTechromancer | 2022-06-08 | +| ipstack | scan | Yes | Query IPStack's GeoIP API | passive, safe | IP_ADDRESS | GEOLOCATION | @tycoonslive | 2022-11-26 | +| leakix | scan | No | Query leakix.net for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-11 | +| myssl | scan | No | Query myssl.com's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-10 | +| otx | scan | No | Query otx.alienvault.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | +| passivetotal | scan | Yes | Query the PassiveTotal API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-08 | +| pgp | scan | No | Query common PGP servers for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-08-10 | +| postman | scan | No | Query Postman's API for related workspaces, collections, requests and download them | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2024-09-07 | +| postman_download | scan | No | Download workspaces, collections, requests from Postman | code-enum, passive, safe, subdomain-enum | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-09-07 | +| rapiddns | scan | No | Query rapiddns.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | +| securitytrails | scan | Yes | Query the SecurityTrails API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-03 | +| shodan_dns | scan | Yes | Query Shodan for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-03 | +| sitedossier | scan | No | Query sitedossier.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-08-04 | +| skymem | scan | No | Query skymem.info for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-07-11 | +| social | scan | No | Look for social media links in webpages | passive, safe, social-enum | URL_UNVERIFIED | SOCIAL | @TheTechromancer | 2023-03-28 | +| subdomaincenter | scan | No | Query subdomain.center's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-26 | +| subdomainradar | scan | Yes | Query the Subdomain API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-08 | +| trickest | scan | Yes | Query Trickest's API for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @amiremami | 2024-07-27 | +| trufflehog | scan | No | TruffleHog is a tool for finding credentials | code-enum, passive, safe | CODE_REPOSITORY, FILESYSTEM | FINDING, VULNERABILITY | @domwhewell-sage | 2024-03-12 | +| unstructured | scan | No | Module to extract data from files | passive, safe | FILESYSTEM | RAW_TEXT | @domwhewell-sage | 2024-06-03 | +| urlscan | scan | No | Query urlscan.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @TheTechromancer | 2022-06-09 | +| viewdns | scan | No | Query viewdns.info's reverse whois for related domains | affiliates, passive, safe | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-04 | +| virustotal | scan | Yes | Query VirusTotal's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-25 | +| wayback | scan | No | Query archive.org's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @liquidsec | 2022-04-01 | +| zoomeye | scan | Yes | Query ZoomEye's API for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-03 | +| asset_inventory | output | No | Merge hosts, open ports, technologies, findings, etc. into a single asset inventory CSV | | DNS_NAME, FINDING, HTTP_RESPONSE, IP_ADDRESS, OPEN_TCP_PORT, TECHNOLOGY, URL, VULNERABILITY, WAF | IP_ADDRESS, OPEN_TCP_PORT | @liquidsec | 2022-09-30 | +| csv | output | No | Output to CSV | | * | | @TheTechromancer | 2022-04-07 | +| discord | output | No | Message a Discord channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | +| emails | output | No | Output any email addresses found belonging to the target domain | email-enum | EMAIL_ADDRESS | | @domwhewell-sage | 2023-12-23 | +| http | output | No | Send every event to a custom URL via a web request | | * | | @TheTechromancer | 2022-04-13 | +| json | output | No | Output to Newline-Delimited JSON (NDJSON) | | * | | @TheTechromancer | 2022-04-07 | +| neo4j | output | No | Output to Neo4j | | * | | @TheTechromancer | 2022-04-07 | +| python | output | No | Output via Python API | | * | | @TheTechromancer | 2022-09-13 | +| slack | output | No | Message a Slack channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | +| splunk | output | No | Send every event to a splunk instance through HTTP Event Collector | | * | | @w0Tx | 2024-02-17 | +| stdout | output | No | Output to text | | * | | | | +| subdomains | output | No | Output only resolved, in-scope subdomains | subdomain-enum | DNS_NAME, DNS_NAME_UNRESOLVED | | @TheTechromancer | 2023-07-31 | +| teams | output | No | Message a Teams channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | +| txt | output | No | Output to text | | * | | | | +| web_report | output | No | Create a markdown report with web assets | | FINDING, TECHNOLOGY, URL, VHOST, VULNERABILITY | | @liquidsec | 2023-02-08 | +| websocket | output | No | Output to websockets | | * | | @TheTechromancer | 2022-04-15 | +| cloudcheck | internal | No | Tag events by cloud provider, identify cloud resources like storage buckets | | * | | | | +| dnsresolve | internal | No | | | * | | | | +| aggregate | internal | No | Summarize statistics at the end of a scan | passive, safe | | | @TheTechromancer | 2022-07-25 | +| excavate | internal | No | Passively extract juicy tidbits from scan data | passive | HTTP_RESPONSE, RAW_TEXT | URL_UNVERIFIED, WEB_PARAMETER | @liquidsec | 2022-06-27 | +| speculate | internal | No | Derive certain event types from others by common sense | passive | AZURE_TENANT, DNS_NAME, DNS_NAME_UNRESOLVED, FILESYSTEM, HTTP_RESPONSE, IP_ADDRESS, IP_RANGE, SOCIAL, STORAGE_BUCKET, URL, URL_UNVERIFIED, USERNAME | DNS_NAME, FILESYSTEM, FINDING, IP_ADDRESS, OPEN_TCP_PORT, ORG_STUB | @liquidsec | 2022-05-03 | For a list of module config options, see [Module Options](../scanning/configuration.md#module-config-options). diff --git a/docs/modules/nuclei.md b/docs/modules/nuclei.md index 561c2e93c..516944ec9 100644 --- a/docs/modules/nuclei.md +++ b/docs/modules/nuclei.md @@ -51,7 +51,7 @@ The Nuclei module has many configuration options: | modules.nuclei.silent | bool | Don't display nuclei's banner or status messages | False | | modules.nuclei.tags | str | execute a subset of templates that contain the provided tags | | | modules.nuclei.templates | str | template or template directory paths to include in the scan | | -| modules.nuclei.version | str | nuclei version | 3.3.2 | +| modules.nuclei.version | str | nuclei version | 3.3.5 | Most of these you probably will **NOT** want to change. In particular, we advise against changing the version of Nuclei, as it's possible the latest version won't work right with BBOT. diff --git a/docs/scanning/advanced.md b/docs/scanning/advanced.md index 2df440e38..a89c927aa 100644 --- a/docs/scanning/advanced.md +++ b/docs/scanning/advanced.md @@ -32,13 +32,19 @@ if __name__ == "__main__": ```text -usage: bbot [-h] [-t TARGET [TARGET ...]] [-w WHITELIST [WHITELIST ...]] [-b BLACKLIST [BLACKLIST ...]] [--strict-scope] [-p [PRESET ...]] - [-c [CONFIG ...]] [-lp] [-m MODULE [MODULE ...]] [-l] [-lmo] [-em MODULE [MODULE ...]] [-f FLAG [FLAG ...]] [-lf] - [-rf FLAG [FLAG ...]] [-ef FLAG [FLAG ...]] [--allow-deadly] [-n SCAN_NAME] [-v] [-d] [-s] [--force] [-y] [--dry-run] - [--current-preset] [--current-preset-full] [-o DIR] [-om MODULE [MODULE ...]] [--json] [--brief] +usage: bbot [-h] [-t TARGET [TARGET ...]] [-w WHITELIST [WHITELIST ...]] + [-b BLACKLIST [BLACKLIST ...]] [--strict-scope] + [-p [PRESET ...]] [-c [CONFIG ...]] [-lp] + [-m MODULE [MODULE ...]] [-l] [-lmo] [-em MODULE [MODULE ...]] + [-f FLAG [FLAG ...]] [-lf] [-rf FLAG [FLAG ...]] + [-ef FLAG [FLAG ...]] [--allow-deadly] [-n SCAN_NAME] [-v] [-d] + [-s] [--force] [-y] [--dry-run] [--current-preset] + [--current-preset-full] [-o DIR] [-om MODULE [MODULE ...]] + [--json] [--brief] [--event-types EVENT_TYPES [EVENT_TYPES ...]] - [--no-deps | --force-deps | --retry-deps | --ignore-failed-deps | --install-all-deps] [--version] - [-H CUSTOM_HEADERS [CUSTOM_HEADERS ...]] [--custom-yara-rules CUSTOM_YARA_RULES] + [--no-deps | --force-deps | --retry-deps | --ignore-failed-deps | --install-all-deps] + [--version] [-H CUSTOM_HEADERS [CUSTOM_HEADERS ...]] + [--custom-yara-rules CUSTOM_YARA_RULES] Bighuge BLS OSINT Tool @@ -63,14 +69,14 @@ Presets: Modules: -m MODULE [MODULE ...], --modules MODULE [MODULE ...] - Modules to enable. Choices: ntlm,robots,dockerhub,azure_tenant,crt,dnscommonsrv,dastardly,c99,hunt,skymem,dnscaa,gowitness,postman_download,dnsbrute,newsletters,secretsdb,nuclei,columbus,oauth,viewdns,shodan_dns,emailformat,gitlab,wappalyzer,internetdb,pgp,affiliates,bucket_file_enum,url_manipulation,ipneighbor,bucket_firebase,paramminer_cookies,virustotal,securitytxt,smuggler,dnsdumpster,dnsbrute_mutations,baddns,fingerprintx,paramminer_headers,wpscan,trufflehog,iis_shortnames,baddns_zone,dehashed,dotnetnuke,passivetotal,code_repository,generic_ssrf,portscan,censys,badsecrets,ipstack,bypass403,bucket_amazon,paramminer_getparams,github_workflows,github_codesearch,sslcert,otx,bucket_azure,fullhunt,postman,ffuf_shortnames,zoomeye,subdomaincenter,leakix,github_org,chaos,host_header,docker_pull,digitorus,unstructured,wafw00f,asn,credshed,vhost,trickest,binaryedge,bucket_google,filedownload,telerik,hunterio,httpx,ip2location,urlscan,git,hackertarget,git_clone,bevigil,wayback,certspotter,builtwith,ajaxpro,myssl,anubisdb,azure_realm,ffuf,rapiddns,securitytrails,bucket_digitalocean,sitedossier,social + Modules to enable. Choices: robots,leakix,docker_pull,oauth,zoomeye,paramminer_cookies,virustotal,git_clone,shodan_dns,emailformat,azure_realm,fullhunt,ffuf,pgp,dastardly,smuggler,viewdns,dotnetnuke,ipstack,host_header,passivetotal,postman,ntlm,censys,hunt,dnscaa,nuclei,vhost,bufferoverrun,github_workflows,wappalyzer,dnsbrute_mutations,urlscan,baddns_zone,trickest,apkpure,generic_ssrf,httpx,internetdb,bucket_azure,crt,bucket_file_enum,bucket_firebase,digitorus,unstructured,code_repository,portscan,paramminer_getparams,baddns_direct,github_codesearch,builtwith,chaos,url_manipulation,otx,bypass403,dnsdumpster,ajaxpro,subdomainradar,iis_shortnames,affiliates,paramminer_headers,anubisdb,bucket_google,securitytxt,secretsdb,bucket_digitalocean,hackertarget,postman_download,securitytrails,hunterio,subdomaincenter,social,ip2location,credshed,dnscommonsrv,github_org,baddns,azure_tenant,dnsbrute,sslcert,myssl,binaryedge,filedownload,fingerprintx,ipneighbor,telerik,dockerhub,newsletters,gowitness,asn,rapiddns,ffuf_shortnames,dehashed,google_playstore,bucket_amazon,sitedossier,wpscan,trufflehog,badsecrets,gitlab,skymem,bevigil,git,columbus,certspotter,wafw00f,wayback,c99 -l, --list-modules List available modules. -lmo, --list-module-options Show all module config options -em MODULE [MODULE ...], --exclude-modules MODULE [MODULE ...] Exclude these modules. -f FLAG [FLAG ...], --flags FLAG [FLAG ...] - Enable modules by flag. Choices: slow,service-enum,baddns,subdomain-enum,deadly,web-thorough,iis-shortnames,report,affiliates,social-enum,email-enum,cloud-enum,web-basic,passive,web-screenshots,aggressive,web-paramminer,safe,subdomain-hijack,portscan,code-enum,active + Enable modules by flag. Choices: aggressive,subdomain-enum,iis-shortnames,code-enum,report,subdomain-hijack,affiliates,portscan,web-thorough,active,passive,deadly,baddns,email-enum,cloud-enum,slow,web-paramminer,service-enum,web-screenshots,social-enum,web-basic,safe -lf, --list-flags List available flags. -rf FLAG [FLAG ...], --require-flags FLAG [FLAG ...] Only enable modules with these flags (e.g. -rf passive) @@ -95,7 +101,7 @@ Output: -o DIR, --output-dir DIR Directory to output scan results -om MODULE [MODULE ...], --output-modules MODULE [MODULE ...] - Output module(s). Choices: python,csv,subdomains,stdout,splunk,teams,emails,slack,http,websocket,discord,neo4j,web_report,json,asset_inventory,txt + Output module(s). Choices: websocket,teams,slack,asset_inventory,neo4j,web_report,python,stdout,subdomains,json,http,emails,discord,csv,splunk,txt --json, -j Output scan data in JSON format --brief, -br Output only the data itself --event-types EVENT_TYPES [EVENT_TYPES ...] diff --git a/docs/scanning/configuration.md b/docs/scanning/configuration.md index 2c269d2db..dc2326764 100644 --- a/docs/scanning/configuration.md +++ b/docs/scanning/configuration.md @@ -257,225 +257,232 @@ interactsh_disable: false Many modules accept their own configuration options. These options have the ability to change their behavior. For example, the `portscan` module accepts options for `ports`, `rate`, etc. Below is a list of all possible module config options. -| Config Option | Type | Description | Default | -|------------------------------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| modules.baddns.custom_nameservers | list | Force BadDNS to use a list of custom nameservers | [] | -| modules.baddns.enable_references | bool | Enable the references module (off by default) | False | -| modules.baddns.only_high_confidence | bool | Do not emit low-confidence or generic detections | False | -| modules.baddns_zone.custom_nameservers | list | Force BadDNS to use a list of custom nameservers | [] | -| modules.baddns_zone.only_high_confidence | bool | Do not emit low-confidence or generic detections | False | -| modules.badsecrets.custom_secrets | NoneType | Include custom secrets loaded from a local file | None | -| modules.bucket_amazon.permutations | bool | Whether to try permutations | False | -| modules.bucket_azure.permutations | bool | Whether to try permutations | False | -| modules.bucket_digitalocean.permutations | bool | Whether to try permutations | False | -| modules.bucket_firebase.permutations | bool | Whether to try permutations | False | -| modules.bucket_google.permutations | bool | Whether to try permutations | False | -| modules.dnsbrute.max_depth | int | How many subdomains deep to brute force, i.e. 5.4.3.2.1.evilcorp.com | 5 | -| modules.dnsbrute.wordlist | str | Subdomain wordlist URL | https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt | -| modules.dnsbrute_mutations.max_mutations | int | Maximum number of target-specific mutations to try per subdomain | 100 | -| modules.dnscommonsrv.max_depth | int | The maximum subdomain depth to brute-force SRV records | 2 | -| modules.ffuf.extensions | str | Optionally include a list of extensions to extend the keyword with (comma separated) | | -| modules.ffuf.lines | int | take only the first N lines from the wordlist when finding directories | 5000 | -| modules.ffuf.max_depth | int | the maximum directory depth to attempt to solve | 0 | -| modules.ffuf.wordlist | str | Specify wordlist to use when finding directories | https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-small-directories.txt | -| modules.ffuf_shortnames.extensions | str | Optionally include a list of extensions to extend the keyword with (comma separated) | | -| modules.ffuf_shortnames.find_common_prefixes | bool | Attempt to automatically detect common prefixes and make additional ffuf runs against them | False | -| modules.ffuf_shortnames.find_delimiters | bool | Attempt to detect common delimiters and make additional ffuf runs against them | True | -| modules.ffuf_shortnames.ignore_redirects | bool | Explicitly ignore redirects (301,302) | True | -| modules.ffuf_shortnames.lines | int | take only the first N lines from the wordlist when finding directories | 1000000 | -| modules.ffuf_shortnames.max_depth | int | the maximum directory depth to attempt to solve | 1 | -| modules.ffuf_shortnames.version | str | ffuf version | 2.0.0 | -| modules.ffuf_shortnames.wordlist | str | Specify wordlist to use when finding directories | | -| modules.ffuf_shortnames.wordlist_extensions | str | Specify wordlist to use when making extension lists | | -| modules.filedownload.base_64_encoded_file | str | Stream the bytes of a file and encode them in base 64 for event data. | false | -| modules.filedownload.extensions | list | File extensions to download | ['bak', 'bash', 'bashrc', 'conf', 'cfg', 'crt', 'csv', 'db', 'sqlite', 'doc', 'docx', 'exe', 'ica', 'indd', 'ini', 'jar', 'key', 'pub', 'log', 'markdown', 'md', 'msi', 'odg', 'odp', 'ods', 'odt', 'pdf', 'pem', 'pps', 'ppsx', 'ppt', 'pptx', 'ps1', 'raw', 'rdp', 'sh', 'sql', 'swp', 'sxw', 'tar', 'tar.gz', 'zip', 'txt', 'vbs', 'wpd', 'xls', 'xlsx', 'xml', 'yml', 'yaml'] | -| modules.filedownload.max_filesize | str | Cancel download if filesize is greater than this size | 10MB | -| modules.fingerprintx.skip_common_web | bool | Skip common web ports such as 80, 443, 8080, 8443, etc. | True | -| modules.fingerprintx.version | str | fingerprintx version | 1.1.4 | -| modules.gitlab.api_key | str | Gitlab access token | | -| modules.gowitness.idle_timeout | int | Skip the current gowitness batch if it stalls for longer than this many seconds | 1800 | -| modules.gowitness.output_path | str | Where to save screenshots | | -| modules.gowitness.resolution_x | int | Screenshot resolution x | 1440 | -| modules.gowitness.resolution_y | int | Screenshot resolution y | 900 | -| modules.gowitness.social | bool | Whether to screenshot social media webpages | False | -| modules.gowitness.threads | int | How many gowitness threads to spawn (default is number of CPUs x 2) | 0 | -| modules.gowitness.timeout | int | Preflight check timeout | 10 | -| modules.gowitness.version | str | Gowitness version | 2.4.2 | -| modules.httpx.in_scope_only | bool | Only visit web reparents that are in scope. | True | -| modules.httpx.max_response_size | int | Max response size in bytes | 5242880 | -| modules.httpx.probe_all_ips | bool | Probe all the ips associated with same host | False | -| modules.httpx.store_responses | bool | Save raw HTTP responses to scan folder | False | -| modules.httpx.threads | int | Number of httpx threads to use | 50 | -| modules.httpx.version | str | httpx version | 1.2.5 | -| modules.iis_shortnames.detect_only | bool | Only detect the vulnerability and do not run the shortname scanner | True | -| modules.iis_shortnames.max_node_count | int | Limit how many nodes to attempt to resolve on any given recursion branch | 50 | -| modules.ntlm.try_all | bool | Try every NTLM endpoint | False | -| modules.nuclei.batch_size | int | Number of targets to send to Nuclei per batch (default 200) | 200 | -| modules.nuclei.budget | int | Used in budget mode to set the number of requests which will be allotted to the nuclei scan | 1 | -| modules.nuclei.concurrency | int | maximum number of templates to be executed in parallel (default 25) | 25 | -| modules.nuclei.directory_only | bool | Filter out 'file' URL event (default True) | True | -| modules.nuclei.etags | str | tags to exclude from the scan | | -| modules.nuclei.mode | str | manual | technology | severe | budget. Technology: Only activate based on technology events that match nuclei tags (nuclei -as mode). Manual (DEFAULT): Fully manual settings. Severe: Only critical and high severity templates without intrusive. Budget: Limit Nuclei to a specified number of HTTP requests | manual | -| modules.nuclei.ratelimit | int | maximum number of requests to send per second (default 150) | 150 | -| modules.nuclei.retries | int | number of times to retry a failed request (default 0) | 0 | -| modules.nuclei.severity | str | Filter based on severity field available in the template. | | -| modules.nuclei.silent | bool | Don't display nuclei's banner or status messages | False | -| modules.nuclei.tags | str | execute a subset of templates that contain the provided tags | | -| modules.nuclei.templates | str | template or template directory paths to include in the scan | | -| modules.nuclei.version | str | nuclei version | 3.3.2 | -| modules.oauth.try_all | bool | Check for OAUTH/IODC on every subdomain and URL. | False | -| modules.paramminer_cookies.recycle_words | bool | Attempt to use words found during the scan on all other endpoints | False | -| modules.paramminer_cookies.skip_boring_words | bool | Remove commonly uninteresting words from the wordlist | True | -| modules.paramminer_cookies.wordlist | str | Define the wordlist to be used to derive cookies | | -| modules.paramminer_getparams.recycle_words | bool | Attempt to use words found during the scan on all other endpoints | False | -| modules.paramminer_getparams.skip_boring_words | bool | Remove commonly uninteresting words from the wordlist | True | -| modules.paramminer_getparams.wordlist | str | Define the wordlist to be used to derive headers | | -| modules.paramminer_headers.recycle_words | bool | Attempt to use words found during the scan on all other endpoints | False | -| modules.paramminer_headers.skip_boring_words | bool | Remove commonly uninteresting words from the wordlist | True | -| modules.paramminer_headers.wordlist | str | Define the wordlist to be used to derive headers | | -| modules.portscan.adapter | str | Manually specify a network interface, such as "eth0" or "tun0". If not specified, the first network interface found with a default gateway will be used. | | -| modules.portscan.adapter_ip | str | Send packets using this IP address. Not needed unless masscan's autodetection fails | | -| modules.portscan.adapter_mac | str | Send packets using this as the source MAC address. Not needed unless masscan's autodetection fails | | -| modules.portscan.ping_first | bool | Only portscan hosts that reply to pings | False | -| modules.portscan.ping_only | bool | Ping sweep only, no portscan | False | -| modules.portscan.ports | str | Ports to scan | | -| modules.portscan.rate | int | Rate in packets per second | 300 | -| modules.portscan.router_mac | str | Send packets to this MAC address as the destination. Not needed unless masscan's autodetection fails | | -| modules.portscan.top_ports | int | Top ports to scan (default 100) (to override, specify 'ports') | 100 | -| modules.portscan.wait | int | Seconds to wait for replies after scan is complete | 5 | -| modules.robots.include_allow | bool | Include 'Allow' Entries | True | -| modules.robots.include_disallow | bool | Include 'Disallow' Entries | True | -| modules.robots.include_sitemap | bool | Include 'sitemap' entries | False | -| modules.secretsdb.min_confidence | int | Only use signatures with this confidence score or higher | 99 | -| modules.secretsdb.signatures | str | File path or URL to YAML signatures | https://raw.githubusercontent.com/blacklanternsecurity/secrets-patterns-db/master/db/rules-stable.yml | -| modules.securitytxt.emails | bool | emit EMAIL_ADDRESS events | True | -| modules.securitytxt.urls | bool | emit URL_UNVERIFIED events | True | -| modules.sslcert.skip_non_ssl | bool | Don't try common non-SSL ports | True | -| modules.sslcert.timeout | float | Socket connect timeout in seconds | 5.0 | -| modules.telerik.exploit_RAU_crypto | bool | Attempt to confirm any RAU AXD detections are vulnerable | False | -| modules.url_manipulation.allow_redirects | bool | Allowing redirects will sometimes create false positives. Disallowing will sometimes create false negatives. Allowed by default. | True | -| modules.vhost.force_basehost | str | Use a custom base host (e.g. evilcorp.com) instead of the default behavior of using the current URL | | -| modules.vhost.lines | int | take only the first N lines from the wordlist when finding directories | 5000 | -| modules.vhost.wordlist | str | Wordlist containing subdomains | https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt | -| modules.wafw00f.generic_detect | bool | When no specific WAF detections are made, try to perform a generic detect | True | -| modules.wpscan.api_key | str | WPScan API Key | | -| modules.wpscan.connection_timeout | int | The connection timeout in seconds (default 2) | 2 | -| modules.wpscan.disable_tls_checks | bool | Disables the SSL/TLS certificate verification (Default True) | True | -| modules.wpscan.enumerate | str | Enumeration Process see wpscan help documentation (default: vp,vt,cb,dbe) | vp,vt,cb,dbe | -| modules.wpscan.force | bool | Do not check if the target is running WordPress or returns a 403 | False | -| modules.wpscan.request_timeout | int | The request timeout in seconds (default 5) | 5 | -| modules.wpscan.threads | int | How many wpscan threads to spawn (default is 5) | 5 | -| modules.anubisdb.limit | int | Limit the number of subdomains returned per query (increasing this may slow the scan due to garbage results from this API) | 1000 | -| modules.bevigil.api_key | str | BeVigil OSINT API Key | | -| modules.bevigil.urls | bool | Emit URLs in addition to DNS_NAMEs | False | -| modules.binaryedge.api_key | str | BinaryEdge API key | | -| modules.binaryedge.max_records | int | Limit results to help prevent exceeding API quota | 1000 | -| modules.bucket_file_enum.file_limit | int | Limit the number of files downloaded per bucket | 50 | -| modules.builtwith.api_key | str | Builtwith API key | | -| modules.builtwith.redirects | bool | Also look up inbound and outbound redirects | True | -| modules.c99.api_key | str | c99.nl API key | | -| modules.censys.api_id | str | Censys.io API ID | | -| modules.censys.api_secret | str | Censys.io API Secret | | -| modules.censys.max_pages | int | Maximum number of pages to fetch (100 results per page) | 5 | -| modules.chaos.api_key | str | Chaos API key | | -| modules.credshed.credshed_url | str | URL of credshed server | | -| modules.credshed.password | str | Credshed password | | -| modules.credshed.username | str | Credshed username | | -| modules.dehashed.api_key | str | DeHashed API Key | | -| modules.dehashed.username | str | Email Address associated with your API key | | -| modules.dnscaa.dns_names | bool | emit DNS_NAME events | True | -| modules.dnscaa.emails | bool | emit EMAIL_ADDRESS events | True | -| modules.dnscaa.in_scope_only | bool | Only check in-scope domains | True | -| modules.dnscaa.urls | bool | emit URL_UNVERIFIED events | True | -| modules.docker_pull.all_tags | bool | Download all tags from each registry (Default False) | False | -| modules.docker_pull.output_folder | str | Folder to download docker repositories to | | -| modules.fullhunt.api_key | str | FullHunt API Key | | -| modules.git_clone.api_key | str | Github token | | -| modules.git_clone.output_folder | str | Folder to clone repositories to | | -| modules.github_codesearch.api_key | str | Github token | | -| modules.github_codesearch.limit | int | Limit code search to this many results | 100 | -| modules.github_org.api_key | str | Github token | | -| modules.github_org.include_member_repos | bool | Also enumerate organization members' repositories | False | -| modules.github_org.include_members | bool | Enumerate organization members | True | -| modules.github_workflows.api_key | str | Github token | | -| modules.github_workflows.num_logs | int | For each workflow fetch the last N successful runs logs (max 100) | 1 | -| modules.hunterio.api_key | str | Hunter.IO API key | | -| modules.internetdb.show_open_ports | bool | Display OPEN_TCP_PORT events in output, even if they didn't lead to an interesting discovery | False | -| modules.ip2location.api_key | str | IP2location.io API Key | | -| modules.ip2location.lang | str | Translation information(ISO639-1). The translation is only applicable for continent, country, region and city name. | | -| modules.ipneighbor.num_bits | int | Netmask size (in CIDR notation) to check. Default is 4 bits (16 hosts) | 4 | -| modules.ipstack.api_key | str | IPStack GeoIP API Key | | -| modules.leakix.api_key | str | LeakIX API Key | | -| modules.passivetotal.api_key | str | RiskIQ API Key | | -| modules.passivetotal.username | str | RiskIQ Username | | -| modules.pgp.search_urls | list | PGP key servers to search |` ['https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=vindex&search=', 'http://the.earth.li:11371/pks/lookup?fingerprint=on&op=vindex&search=', 'https://pgpkeys.eu/pks/lookup?search=&op=index', 'https://pgp.mit.edu/pks/lookup?search=&op=index'] `| -| modules.postman_download.api_key | str | Postman API Key | | -| modules.postman_download.output_folder | str | Folder to download postman workspaces to | | -| modules.securitytrails.api_key | str | SecurityTrails API key | | -| modules.shodan_dns.api_key | str | Shodan API key | | -| modules.trickest.api_key | str | Trickest API key | | -| modules.trufflehog.concurrency | int | Number of concurrent workers | 8 | -| modules.trufflehog.config | str | File path or URL to YAML trufflehog config | | -| modules.trufflehog.deleted_forks | bool | Scan for deleted github forks. WARNING: This is SLOW. For a smaller repository, this process can take 20 minutes. For a larger repository, it could take hours. | False | -| modules.trufflehog.only_verified | bool | Only report credentials that have been verified | True | -| modules.trufflehog.version | str | trufflehog version | 3.82.2 | -| modules.unstructured.extensions | list | File extensions to parse | ['bak', 'bash', 'bashrc', 'conf', 'cfg', 'crt', 'csv', 'db', 'sqlite', 'doc', 'docx', 'ica', 'indd', 'ini', 'key', 'pub', 'log', 'markdown', 'md', 'odg', 'odp', 'ods', 'odt', 'pdf', 'pem', 'pps', 'ppsx', 'ppt', 'pptx', 'ps1', 'rdp', 'sh', 'sql', 'swp', 'sxw', 'txt', 'vbs', 'wpd', 'xls', 'xlsx', 'xml', 'yml', 'yaml'] | -| modules.unstructured.ignore_folders | list | Subfolders to ignore when crawling downloaded folders | ['.git'] | -| modules.urlscan.urls | bool | Emit URLs in addition to DNS_NAMEs | False | -| modules.virustotal.api_key | str | VirusTotal API Key | | -| modules.wayback.garbage_threshold | int | Dedupe similar urls if they are in a group of this size or higher (lower values == less garbage data) | 10 | -| modules.wayback.urls | bool | emit URLs in addition to DNS_NAMEs | False | -| modules.zoomeye.api_key | str | ZoomEye API key | | -| modules.zoomeye.include_related | bool | Include domains which may be related to the target | False | -| modules.zoomeye.max_pages | int | How many pages of results to fetch | 20 | -| modules.asset_inventory.output_file | str | Set a custom output file | | -| modules.asset_inventory.recheck | bool | When use_previous=True, don't retain past details like open ports or findings. Instead, allow them to be rediscovered by the new scan | False | -| modules.asset_inventory.summary_netmask | int | Subnet mask to use when summarizing IP addresses at end of scan | 16 | -| modules.asset_inventory.use_previous | bool |` Emit previous asset inventory as new events (use in conjunction with -n ) `| False | -| modules.csv.output_file | str | Output to CSV file | | -| modules.discord.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| modules.discord.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | -| modules.discord.webhook_url | str | Discord webhook URL | | -| modules.emails.output_file | str | Output to file | | -| modules.http.bearer | str | Authorization Bearer token | | -| modules.http.method | str | HTTP method | POST | -| modules.http.password | str | Password (basic auth) | | -| modules.http.siem_friendly | bool | Format JSON in a SIEM-friendly way for ingestion into Elastic, Splunk, etc. | False | -| modules.http.timeout | int | HTTP timeout | 10 | -| modules.http.url | str | Web URL | | -| modules.http.username | str | Username (basic auth) | | -| modules.json.output_file | str | Output to file | | -| modules.json.siem_friendly | bool | Output JSON in a SIEM-friendly format for ingestion into Elastic, Splunk, etc. | False | -| modules.neo4j.password | str | Neo4j password | bbotislife | -| modules.neo4j.uri | str | Neo4j server + port | bolt://localhost:7687 | -| modules.neo4j.username | str | Neo4j username | neo4j | -| modules.slack.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| modules.slack.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | -| modules.slack.webhook_url | str | Discord webhook URL | | -| modules.splunk.hectoken | str | HEC Token | | -| modules.splunk.index | str | Index to send data to | | -| modules.splunk.source | str | Source path to be added to the metadata | | -| modules.splunk.timeout | int | HTTP timeout | 10 | -| modules.splunk.url | str | Web URL | | -| modules.stdout.accept_dupes | bool | Whether to show duplicate events, default True | True | -| modules.stdout.event_fields | list | Which event fields to display | [] | -| modules.stdout.event_types | list | Which events to display, default all event types | [] | -| modules.stdout.format | str | Which text format to display, choices: text,json | text | -| modules.stdout.in_scope_only | bool | Whether to only show in-scope events | False | -| modules.subdomains.include_unresolved | bool | Include unresolved subdomains in output | False | -| modules.subdomains.output_file | str | Output to file | | -| modules.teams.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| modules.teams.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | -| modules.teams.webhook_url | str | Teams webhook URL | | -| modules.txt.output_file | str | Output to file | | -| modules.web_report.css_theme_file | str | CSS theme URL for HTML output | https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/5.1.0/github-markdown.min.css | -| modules.web_report.output_file | str | Output to file | | -| modules.websocket.preserve_graph | bool | Preserve full chains of events in the graph (prevents orphans) | True | -| modules.websocket.token | str | Authorization Bearer token | | -| modules.websocket.url | str | Web URL | | -| modules.excavate.custom_yara_rules | str | Include custom Yara rules | | -| modules.excavate.retain_querystring | bool | Keep the querystring intact on emitted WEB_PARAMETERS | False | -| modules.excavate.yara_max_match_data | int | Sets the maximum amount of text that can extracted from a YARA regex | 2000 | -| modules.speculate.max_hosts | int | Max number of IP_RANGE hosts to convert into IP_ADDRESS events | 65536 | -| modules.speculate.ports | str | The set of ports to speculate on | 80,443 | +| Config Option | Type | Description | Default | +|------------------------------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| modules.baddns.custom_nameservers | list | Force BadDNS to use a list of custom nameservers | [] | +| modules.baddns.enabled_submodules | list | A list of submodules to enable. Empty list (default) enables CNAME, TXT and MX Only | [] | +| modules.baddns.only_high_confidence | bool | Do not emit low-confidence or generic detections | False | +| modules.baddns_direct.custom_nameservers | list | Force BadDNS to use a list of custom nameservers | [] | +| modules.baddns_zone.custom_nameservers | list | Force BadDNS to use a list of custom nameservers | [] | +| modules.baddns_zone.only_high_confidence | bool | Do not emit low-confidence or generic detections | False | +| modules.badsecrets.custom_secrets | NoneType | Include custom secrets loaded from a local file | None | +| modules.bucket_amazon.permutations | bool | Whether to try permutations | False | +| modules.bucket_azure.permutations | bool | Whether to try permutations | False | +| modules.bucket_digitalocean.permutations | bool | Whether to try permutations | False | +| modules.bucket_firebase.permutations | bool | Whether to try permutations | False | +| modules.bucket_google.permutations | bool | Whether to try permutations | False | +| modules.dnsbrute.max_depth | int | How many subdomains deep to brute force, i.e. 5.4.3.2.1.evilcorp.com | 5 | +| modules.dnsbrute.wordlist | str | Subdomain wordlist URL | https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt | +| modules.dnsbrute_mutations.max_mutations | int | Maximum number of target-specific mutations to try per subdomain | 100 | +| modules.dnscommonsrv.max_depth | int | The maximum subdomain depth to brute-force SRV records | 2 | +| modules.ffuf.extensions | str | Optionally include a list of extensions to extend the keyword with (comma separated) | | +| modules.ffuf.lines | int | take only the first N lines from the wordlist when finding directories | 5000 | +| modules.ffuf.max_depth | int | the maximum directory depth to attempt to solve | 0 | +| modules.ffuf.wordlist | str | Specify wordlist to use when finding directories | https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-small-directories.txt | +| modules.ffuf_shortnames.extensions | str | Optionally include a list of extensions to extend the keyword with (comma separated) | | +| modules.ffuf_shortnames.find_common_prefixes | bool | Attempt to automatically detect common prefixes and make additional ffuf runs against them | False | +| modules.ffuf_shortnames.find_delimiters | bool | Attempt to detect common delimiters and make additional ffuf runs against them | True | +| modules.ffuf_shortnames.ignore_redirects | bool | Explicitly ignore redirects (301,302) | True | +| modules.ffuf_shortnames.lines | int | take only the first N lines from the wordlist when finding directories | 1000000 | +| modules.ffuf_shortnames.max_depth | int | the maximum directory depth to attempt to solve | 1 | +| modules.ffuf_shortnames.version | str | ffuf version | 2.0.0 | +| modules.ffuf_shortnames.wordlist | str | Specify wordlist to use when finding directories | | +| modules.ffuf_shortnames.wordlist_extensions | str | Specify wordlist to use when making extension lists | | +| modules.filedownload.base_64_encoded_file | str | Stream the bytes of a file and encode them in base 64 for event data. | false | +| modules.filedownload.extensions | list | File extensions to download | ['bak', 'bash', 'bashrc', 'cfg', 'conf', 'crt', 'csv', 'db', 'dll', 'doc', 'docx', 'exe', 'ica', 'indd', 'ini', 'jar', 'key', 'log', 'markdown', 'md', 'msi', 'odg', 'odp', 'ods', 'odt', 'pdf', 'pem', 'pps', 'ppsx', 'ppt', 'pptx', 'ps1', 'pub', 'raw', 'rdp', 'sh', 'sql', 'sqlite', 'swp', 'sxw', 'tar.gz', 'tar', 'txt', 'vbs', 'war', 'wpd', 'xls', 'xlsx', 'xml', 'yaml', 'yml', 'zip'] | +| modules.filedownload.max_filesize | str | Cancel download if filesize is greater than this size | 10MB | +| modules.fingerprintx.skip_common_web | bool | Skip common web ports such as 80, 443, 8080, 8443, etc. | True | +| modules.fingerprintx.version | str | fingerprintx version | 1.1.4 | +| modules.gitlab.api_key | str | Gitlab access token | | +| modules.gowitness.idle_timeout | int | Skip the current gowitness batch if it stalls for longer than this many seconds | 1800 | +| modules.gowitness.output_path | str | Where to save screenshots | | +| modules.gowitness.resolution_x | int | Screenshot resolution x | 1440 | +| modules.gowitness.resolution_y | int | Screenshot resolution y | 900 | +| modules.gowitness.social | bool | Whether to screenshot social media webpages | False | +| modules.gowitness.threads | int | How many gowitness threads to spawn (default is number of CPUs x 2) | 0 | +| modules.gowitness.timeout | int | Preflight check timeout | 10 | +| modules.gowitness.version | str | Gowitness version | 2.4.2 | +| modules.httpx.in_scope_only | bool | Only visit web reparents that are in scope. | True | +| modules.httpx.max_response_size | int | Max response size in bytes | 5242880 | +| modules.httpx.probe_all_ips | bool | Probe all the ips associated with same host | False | +| modules.httpx.store_responses | bool | Save raw HTTP responses to scan folder | False | +| modules.httpx.threads | int | Number of httpx threads to use | 50 | +| modules.httpx.version | str | httpx version | 1.2.5 | +| modules.iis_shortnames.detect_only | bool | Only detect the vulnerability and do not run the shortname scanner | True | +| modules.iis_shortnames.max_node_count | int | Limit how many nodes to attempt to resolve on any given recursion branch | 50 | +| modules.ntlm.try_all | bool | Try every NTLM endpoint | False | +| modules.nuclei.batch_size | int | Number of targets to send to Nuclei per batch (default 200) | 200 | +| modules.nuclei.budget | int | Used in budget mode to set the number of requests which will be allotted to the nuclei scan | 1 | +| modules.nuclei.concurrency | int | maximum number of templates to be executed in parallel (default 25) | 25 | +| modules.nuclei.directory_only | bool | Filter out 'file' URL event (default True) | True | +| modules.nuclei.etags | str | tags to exclude from the scan | | +| modules.nuclei.mode | str | manual | technology | severe | budget. Technology: Only activate based on technology events that match nuclei tags (nuclei -as mode). Manual (DEFAULT): Fully manual settings. Severe: Only critical and high severity templates without intrusive. Budget: Limit Nuclei to a specified number of HTTP requests | manual | +| modules.nuclei.ratelimit | int | maximum number of requests to send per second (default 150) | 150 | +| modules.nuclei.retries | int | number of times to retry a failed request (default 0) | 0 | +| modules.nuclei.severity | str | Filter based on severity field available in the template. | | +| modules.nuclei.silent | bool | Don't display nuclei's banner or status messages | False | +| modules.nuclei.tags | str | execute a subset of templates that contain the provided tags | | +| modules.nuclei.templates | str | template or template directory paths to include in the scan | | +| modules.nuclei.version | str | nuclei version | 3.3.5 | +| modules.oauth.try_all | bool | Check for OAUTH/IODC on every subdomain and URL. | False | +| modules.paramminer_cookies.recycle_words | bool | Attempt to use words found during the scan on all other endpoints | False | +| modules.paramminer_cookies.skip_boring_words | bool | Remove commonly uninteresting words from the wordlist | True | +| modules.paramminer_cookies.wordlist | str | Define the wordlist to be used to derive cookies | | +| modules.paramminer_getparams.recycle_words | bool | Attempt to use words found during the scan on all other endpoints | False | +| modules.paramminer_getparams.skip_boring_words | bool | Remove commonly uninteresting words from the wordlist | True | +| modules.paramminer_getparams.wordlist | str | Define the wordlist to be used to derive headers | | +| modules.paramminer_headers.recycle_words | bool | Attempt to use words found during the scan on all other endpoints | False | +| modules.paramminer_headers.skip_boring_words | bool | Remove commonly uninteresting words from the wordlist | True | +| modules.paramminer_headers.wordlist | str | Define the wordlist to be used to derive headers | | +| modules.portscan.adapter | str | Manually specify a network interface, such as "eth0" or "tun0". If not specified, the first network interface found with a default gateway will be used. | | +| modules.portscan.adapter_ip | str | Send packets using this IP address. Not needed unless masscan's autodetection fails | | +| modules.portscan.adapter_mac | str | Send packets using this as the source MAC address. Not needed unless masscan's autodetection fails | | +| modules.portscan.ping_first | bool | Only portscan hosts that reply to pings | False | +| modules.portscan.ping_only | bool | Ping sweep only, no portscan | False | +| modules.portscan.ports | str | Ports to scan | | +| modules.portscan.rate | int | Rate in packets per second | 300 | +| modules.portscan.router_mac | str | Send packets to this MAC address as the destination. Not needed unless masscan's autodetection fails | | +| modules.portscan.top_ports | int | Top ports to scan (default 100) (to override, specify 'ports') | 100 | +| modules.portscan.wait | int | Seconds to wait for replies after scan is complete | 5 | +| modules.robots.include_allow | bool | Include 'Allow' Entries | True | +| modules.robots.include_disallow | bool | Include 'Disallow' Entries | True | +| modules.robots.include_sitemap | bool | Include 'sitemap' entries | False | +| modules.secretsdb.min_confidence | int | Only use signatures with this confidence score or higher | 99 | +| modules.secretsdb.signatures | str | File path or URL to YAML signatures | https://raw.githubusercontent.com/blacklanternsecurity/secrets-patterns-db/master/db/rules-stable.yml | +| modules.securitytxt.emails | bool | emit EMAIL_ADDRESS events | True | +| modules.securitytxt.urls | bool | emit URL_UNVERIFIED events | True | +| modules.sslcert.skip_non_ssl | bool | Don't try common non-SSL ports | True | +| modules.sslcert.timeout | float | Socket connect timeout in seconds | 5.0 | +| modules.telerik.exploit_RAU_crypto | bool | Attempt to confirm any RAU AXD detections are vulnerable | False | +| modules.url_manipulation.allow_redirects | bool | Allowing redirects will sometimes create false positives. Disallowing will sometimes create false negatives. Allowed by default. | True | +| modules.vhost.force_basehost | str | Use a custom base host (e.g. evilcorp.com) instead of the default behavior of using the current URL | | +| modules.vhost.lines | int | take only the first N lines from the wordlist when finding directories | 5000 | +| modules.vhost.wordlist | str | Wordlist containing subdomains | https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt | +| modules.wafw00f.generic_detect | bool | When no specific WAF detections are made, try to perform a generic detect | True | +| modules.wpscan.api_key | str | WPScan API Key | | +| modules.wpscan.connection_timeout | int | The connection timeout in seconds (default 2) | 2 | +| modules.wpscan.disable_tls_checks | bool | Disables the SSL/TLS certificate verification (Default True) | True | +| modules.wpscan.enumerate | str | Enumeration Process see wpscan help documentation (default: vp,vt,cb,dbe) | vp,vt,cb,dbe | +| modules.wpscan.force | bool | Do not check if the target is running WordPress or returns a 403 | False | +| modules.wpscan.request_timeout | int | The request timeout in seconds (default 5) | 5 | +| modules.wpscan.threads | int | How many wpscan threads to spawn (default is 5) | 5 | +| modules.anubisdb.limit | int | Limit the number of subdomains returned per query (increasing this may slow the scan due to garbage results from this API) | 1000 | +| modules.apkpure.output_folder | str | Folder to download apk's to | | +| modules.bevigil.api_key | str | BeVigil OSINT API Key | | +| modules.bevigil.urls | bool | Emit URLs in addition to DNS_NAMEs | False | +| modules.binaryedge.api_key | str | BinaryEdge API key | | +| modules.binaryedge.max_records | int | Limit results to help prevent exceeding API quota | 1000 | +| modules.bucket_file_enum.file_limit | int | Limit the number of files downloaded per bucket | 50 | +| modules.bufferoverrun.api_key | str | BufferOverrun API key | | +| modules.bufferoverrun.commercial | bool | Use commercial API | False | +| modules.builtwith.api_key | str | Builtwith API key | | +| modules.builtwith.redirects | bool | Also look up inbound and outbound redirects | True | +| modules.c99.api_key | str | c99.nl API key | | +| modules.censys.api_id | str | Censys.io API ID | | +| modules.censys.api_secret | str | Censys.io API Secret | | +| modules.censys.max_pages | int | Maximum number of pages to fetch (100 results per page) | 5 | +| modules.chaos.api_key | str | Chaos API key | | +| modules.credshed.credshed_url | str | URL of credshed server | | +| modules.credshed.password | str | Credshed password | | +| modules.credshed.username | str | Credshed username | | +| modules.dehashed.api_key | str | DeHashed API Key | | +| modules.dehashed.username | str | Email Address associated with your API key | | +| modules.dnscaa.dns_names | bool | emit DNS_NAME events | True | +| modules.dnscaa.emails | bool | emit EMAIL_ADDRESS events | True | +| modules.dnscaa.in_scope_only | bool | Only check in-scope domains | True | +| modules.dnscaa.urls | bool | emit URL_UNVERIFIED events | True | +| modules.docker_pull.all_tags | bool | Download all tags from each registry (Default False) | False | +| modules.docker_pull.output_folder | str | Folder to download docker repositories to | | +| modules.fullhunt.api_key | str | FullHunt API Key | | +| modules.git_clone.api_key | str | Github token | | +| modules.git_clone.output_folder | str | Folder to clone repositories to | | +| modules.github_codesearch.api_key | str | Github token | | +| modules.github_codesearch.limit | int | Limit code search to this many results | 100 | +| modules.github_org.api_key | str | Github token | | +| modules.github_org.include_member_repos | bool | Also enumerate organization members' repositories | False | +| modules.github_org.include_members | bool | Enumerate organization members | True | +| modules.github_workflows.api_key | str | Github token | | +| modules.github_workflows.num_logs | int | For each workflow fetch the last N successful runs logs (max 100) | 1 | +| modules.hunterio.api_key | str | Hunter.IO API key | | +| modules.internetdb.show_open_ports | bool | Display OPEN_TCP_PORT events in output, even if they didn't lead to an interesting discovery | False | +| modules.ip2location.api_key | str | IP2location.io API Key | | +| modules.ip2location.lang | str | Translation information(ISO639-1). The translation is only applicable for continent, country, region and city name. | | +| modules.ipneighbor.num_bits | int | Netmask size (in CIDR notation) to check. Default is 4 bits (16 hosts) | 4 | +| modules.ipstack.api_key | str | IPStack GeoIP API Key | | +| modules.leakix.api_key | str | LeakIX API Key | | +| modules.passivetotal.api_key | str | RiskIQ API Key | | +| modules.passivetotal.username | str | RiskIQ Username | | +| modules.pgp.search_urls | list | PGP key servers to search |` ['https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=vindex&search=', 'http://the.earth.li:11371/pks/lookup?fingerprint=on&op=vindex&search=', 'https://pgpkeys.eu/pks/lookup?search=&op=index', 'https://pgp.mit.edu/pks/lookup?search=&op=index'] `| +| modules.postman_download.api_key | str | Postman API Key | | +| modules.postman_download.output_folder | str | Folder to download postman workspaces to | | +| modules.securitytrails.api_key | str | SecurityTrails API key | | +| modules.shodan_dns.api_key | str | Shodan API key | | +| modules.subdomainradar.api_key | str | SubDomainRadar.io API key | | +| modules.subdomainradar.group | str | The enumeration group to use. Choose from fast, medium, deep | fast | +| modules.subdomainradar.timeout | int | Timeout in seconds | 120 | +| modules.trickest.api_key | str | Trickest API key | | +| modules.trufflehog.concurrency | int | Number of concurrent workers | 8 | +| modules.trufflehog.config | str | File path or URL to YAML trufflehog config | | +| modules.trufflehog.deleted_forks | bool | Scan for deleted github forks. WARNING: This is SLOW. For a smaller repository, this process can take 20 minutes. For a larger repository, it could take hours. | False | +| modules.trufflehog.only_verified | bool | Only report credentials that have been verified | True | +| modules.trufflehog.version | str | trufflehog version | 3.83.1 | +| modules.unstructured.extensions | list | File extensions to parse | ['bak', 'bash', 'bashrc', 'conf', 'cfg', 'crt', 'csv', 'db', 'sqlite', 'doc', 'docx', 'ica', 'indd', 'ini', 'key', 'pub', 'log', 'markdown', 'md', 'odg', 'odp', 'ods', 'odt', 'pdf', 'pem', 'pps', 'ppsx', 'ppt', 'pptx', 'ps1', 'rdp', 'sh', 'sql', 'swp', 'sxw', 'txt', 'vbs', 'wpd', 'xls', 'xlsx', 'xml', 'yml', 'yaml'] | +| modules.urlscan.urls | bool | Emit URLs in addition to DNS_NAMEs | False | +| modules.virustotal.api_key | str | VirusTotal API Key | | +| modules.wayback.garbage_threshold | int | Dedupe similar urls if they are in a group of this size or higher (lower values == less garbage data) | 10 | +| modules.wayback.urls | bool | emit URLs in addition to DNS_NAMEs | False | +| modules.zoomeye.api_key | str | ZoomEye API key | | +| modules.zoomeye.include_related | bool | Include domains which may be related to the target | False | +| modules.zoomeye.max_pages | int | How many pages of results to fetch | 20 | +| modules.asset_inventory.output_file | str | Set a custom output file | | +| modules.asset_inventory.recheck | bool | When use_previous=True, don't retain past details like open ports or findings. Instead, allow them to be rediscovered by the new scan | False | +| modules.asset_inventory.summary_netmask | int | Subnet mask to use when summarizing IP addresses at end of scan | 16 | +| modules.asset_inventory.use_previous | bool |` Emit previous asset inventory as new events (use in conjunction with -n ) `| False | +| modules.csv.output_file | str | Output to CSV file | | +| modules.discord.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | +| modules.discord.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | +| modules.discord.webhook_url | str | Discord webhook URL | | +| modules.emails.output_file | str | Output to file | | +| modules.http.bearer | str | Authorization Bearer token | | +| modules.http.method | str | HTTP method | POST | +| modules.http.password | str | Password (basic auth) | | +| modules.http.siem_friendly | bool | Format JSON in a SIEM-friendly way for ingestion into Elastic, Splunk, etc. | False | +| modules.http.timeout | int | HTTP timeout | 10 | +| modules.http.url | str | Web URL | | +| modules.http.username | str | Username (basic auth) | | +| modules.json.output_file | str | Output to file | | +| modules.json.siem_friendly | bool | Output JSON in a SIEM-friendly format for ingestion into Elastic, Splunk, etc. | False | +| modules.neo4j.password | str | Neo4j password | bbotislife | +| modules.neo4j.uri | str | Neo4j server + port | bolt://localhost:7687 | +| modules.neo4j.username | str | Neo4j username | neo4j | +| modules.slack.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | +| modules.slack.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | +| modules.slack.webhook_url | str | Discord webhook URL | | +| modules.splunk.hectoken | str | HEC Token | | +| modules.splunk.index | str | Index to send data to | | +| modules.splunk.source | str | Source path to be added to the metadata | | +| modules.splunk.timeout | int | HTTP timeout | 10 | +| modules.splunk.url | str | Web URL | | +| modules.stdout.accept_dupes | bool | Whether to show duplicate events, default True | True | +| modules.stdout.event_fields | list | Which event fields to display | [] | +| modules.stdout.event_types | list | Which events to display, default all event types | [] | +| modules.stdout.format | str | Which text format to display, choices: text,json | text | +| modules.stdout.in_scope_only | bool | Whether to only show in-scope events | False | +| modules.subdomains.include_unresolved | bool | Include unresolved subdomains in output | False | +| modules.subdomains.output_file | str | Output to file | | +| modules.teams.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | +| modules.teams.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | +| modules.teams.webhook_url | str | Teams webhook URL | | +| modules.txt.output_file | str | Output to file | | +| modules.web_report.css_theme_file | str | CSS theme URL for HTML output | https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/5.1.0/github-markdown.min.css | +| modules.web_report.output_file | str | Output to file | | +| modules.websocket.preserve_graph | bool | Preserve full chains of events in the graph (prevents orphans) | True | +| modules.websocket.token | str | Authorization Bearer token | | +| modules.websocket.url | str | Web URL | | +| modules.excavate.custom_yara_rules | str | Include custom Yara rules | | +| modules.excavate.retain_querystring | bool | Keep the querystring intact on emitted WEB_PARAMETERS | False | +| modules.excavate.yara_max_match_data | int | Sets the maximum amount of text that can extracted from a YARA regex | 2000 | +| modules.speculate.ignore_folders | list | Subfolders to ignore when crawling downloaded folders | ['.git'] | +| modules.speculate.max_hosts | int | Max number of IP_RANGE hosts to convert into IP_ADDRESS events | 65536 | +| modules.speculate.ports | str | The set of ports to speculate on | 80,443 | diff --git a/docs/scanning/events.md b/docs/scanning/events.md index 06fefd4e1..5f909740c 100644 --- a/docs/scanning/events.md +++ b/docs/scanning/events.md @@ -104,39 +104,40 @@ Below is a full list of event types along with which modules produce/consume the ## List of Event Types -| Event Type | # Consuming Modules | # Producing Modules | Consuming Modules | Producing Modules | -|---------------------|-----------------------|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| * | 15 | 0 | affiliates, cloudcheck, csv, discord, dnsresolve, http, json, neo4j, python, slack, splunk, stdout, teams, txt, websocket | | -| ASN | 0 | 1 | | asn | -| AZURE_TENANT | 1 | 0 | speculate | | -| CODE_REPOSITORY | 5 | 6 | docker_pull, git_clone, github_workflows, postman_download, trufflehog | code_repository, dockerhub, github_codesearch, github_org, gitlab, postman | -| DNS_NAME | 56 | 41 | anubisdb, asset_inventory, azure_realm, azure_tenant, baddns, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, builtwith, c99, censys, certspotter, chaos, columbus, credshed, crt, dehashed, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, emailformat, fullhunt, github_codesearch, hackertarget, hunterio, internetdb, leakix, myssl, oauth, otx, passivetotal, pgp, portscan, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, speculate, subdomaincenter, subdomains, trickest, urlscan, viewdns, virustotal, wayback, zoomeye | anubisdb, azure_tenant, bevigil, binaryedge, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, hackertarget, hunterio, internetdb, leakix, myssl, ntlm, oauth, otx, passivetotal, rapiddns, securitytrails, shodan_dns, sitedossier, speculate, sslcert, subdomaincenter, trickest, urlscan, vhost, viewdns, virustotal, wayback, zoomeye | -| DNS_NAME_UNRESOLVED | 3 | 0 | baddns, speculate, subdomains | | -| EMAIL_ADDRESS | 1 | 9 | emails | credshed, dehashed, dnscaa, emailformat, hunterio, pgp, securitytxt, skymem, sslcert | -| FILESYSTEM | 2 | 6 | trufflehog, unstructured | docker_pull, filedownload, git_clone, github_workflows, postman_download, unstructured | -| FINDING | 2 | 28 | asset_inventory, web_report | ajaxpro, baddns, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, git, gitlab, host_header, hunt, internetdb, newsletters, ntlm, nuclei, paramminer_cookies, paramminer_getparams, secretsdb, smuggler, speculate, telerik, trufflehog, url_manipulation, wpscan | -| GEOLOCATION | 0 | 2 | | ip2location, ipstack | -| HASHED_PASSWORD | 0 | 2 | | credshed, dehashed | -| HTTP_RESPONSE | 19 | 1 | ajaxpro, asset_inventory, badsecrets, dastardly, dotnetnuke, excavate, filedownload, gitlab, host_header, newsletters, ntlm, paramminer_cookies, paramminer_getparams, paramminer_headers, secretsdb, speculate, telerik, wappalyzer, wpscan | httpx | -| IP_ADDRESS | 8 | 3 | asn, asset_inventory, internetdb, ip2location, ipneighbor, ipstack, portscan, speculate | asset_inventory, ipneighbor, speculate | -| IP_RANGE | 2 | 0 | portscan, speculate | | -| OPEN_TCP_PORT | 4 | 4 | asset_inventory, fingerprintx, httpx, sslcert | asset_inventory, internetdb, portscan, speculate | -| ORG_STUB | 3 | 1 | dockerhub, github_org, postman | speculate | -| PASSWORD | 0 | 2 | | credshed, dehashed | -| PROTOCOL | 0 | 1 | | fingerprintx | -| RAW_TEXT | 1 | 1 | excavate | unstructured | -| SOCIAL | 6 | 3 | dockerhub, github_org, gitlab, gowitness, postman, speculate | dockerhub, gitlab, social | -| STORAGE_BUCKET | 7 | 5 | bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, speculate | bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google | -| TECHNOLOGY | 4 | 8 | asset_inventory, gitlab, web_report, wpscan | badsecrets, dotnetnuke, gitlab, gowitness, internetdb, nuclei, wappalyzer, wpscan | -| URL | 19 | 2 | ajaxpro, asset_inventory, bypass403, ffuf, generic_ssrf, git, gowitness, httpx, iis_shortnames, ntlm, nuclei, robots, smuggler, speculate, telerik, url_manipulation, vhost, wafw00f, web_report | gowitness, httpx | -| URL_HINT | 1 | 1 | ffuf_shortnames | iis_shortnames | -| URL_UNVERIFIED | 6 | 16 | code_repository, filedownload, httpx, oauth, social, speculate | azure_realm, bevigil, bucket_file_enum, dnscaa, dockerhub, excavate, ffuf, ffuf_shortnames, github_codesearch, gowitness, hunterio, robots, securitytxt, urlscan, wayback, wpscan | -| USERNAME | 1 | 2 | speculate | credshed, dehashed | -| VHOST | 1 | 1 | web_report | vhost | -| VULNERABILITY | 2 | 12 | asset_inventory, web_report | ajaxpro, baddns, baddns_zone, badsecrets, dastardly, dotnetnuke, generic_ssrf, internetdb, nuclei, telerik, trufflehog, wpscan | -| WAF | 1 | 1 | asset_inventory | wafw00f | -| WEBSCREENSHOT | 0 | 1 | | gowitness | -| WEB_PARAMETER | 4 | 4 | hunt, paramminer_cookies, paramminer_getparams, paramminer_headers | excavate, paramminer_cookies, paramminer_getparams, paramminer_headers | +| Event Type | # Consuming Modules | # Producing Modules | Consuming Modules | Producing Modules | +|---------------------|-----------------------|-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| * | 15 | 0 | affiliates, cloudcheck, csv, discord, dnsresolve, http, json, neo4j, python, slack, splunk, stdout, teams, txt, websocket | | +| ASN | 0 | 1 | | asn | +| AZURE_TENANT | 1 | 0 | speculate | | +| CODE_REPOSITORY | 6 | 6 | docker_pull, git_clone, github_workflows, google_playstore, postman_download, trufflehog | code_repository, dockerhub, github_codesearch, github_org, gitlab, postman | +| DNS_NAME | 58 | 43 | anubisdb, asset_inventory, azure_realm, azure_tenant, baddns, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, credshed, crt, dehashed, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, emailformat, fullhunt, github_codesearch, hackertarget, hunterio, internetdb, leakix, myssl, oauth, otx, passivetotal, pgp, portscan, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, speculate, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, viewdns, virustotal, wayback, zoomeye | anubisdb, azure_tenant, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, hackertarget, hunterio, internetdb, leakix, myssl, ntlm, oauth, otx, passivetotal, rapiddns, securitytrails, shodan_dns, sitedossier, speculate, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, vhost, viewdns, virustotal, wayback, zoomeye | +| DNS_NAME_UNRESOLVED | 3 | 0 | baddns, speculate, subdomains | | +| EMAIL_ADDRESS | 1 | 9 | emails | credshed, dehashed, dnscaa, emailformat, hunterio, pgp, securitytxt, skymem, sslcert | +| FILESYSTEM | 3 | 7 | speculate, trufflehog, unstructured | apkpure, docker_pull, filedownload, git_clone, github_workflows, postman_download, speculate | +| FINDING | 2 | 29 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, git, gitlab, host_header, hunt, internetdb, newsletters, ntlm, nuclei, paramminer_cookies, paramminer_getparams, secretsdb, smuggler, speculate, telerik, trufflehog, url_manipulation, wpscan | +| GEOLOCATION | 0 | 2 | | ip2location, ipstack | +| HASHED_PASSWORD | 0 | 2 | | credshed, dehashed | +| HTTP_RESPONSE | 19 | 1 | ajaxpro, asset_inventory, badsecrets, dastardly, dotnetnuke, excavate, filedownload, gitlab, host_header, newsletters, ntlm, paramminer_cookies, paramminer_getparams, paramminer_headers, secretsdb, speculate, telerik, wappalyzer, wpscan | httpx | +| IP_ADDRESS | 8 | 3 | asn, asset_inventory, internetdb, ip2location, ipneighbor, ipstack, portscan, speculate | asset_inventory, ipneighbor, speculate | +| IP_RANGE | 2 | 0 | portscan, speculate | | +| MOBILE_APP | 1 | 1 | apkpure | google_playstore | +| OPEN_TCP_PORT | 4 | 4 | asset_inventory, fingerprintx, httpx, sslcert | asset_inventory, internetdb, portscan, speculate | +| ORG_STUB | 4 | 1 | dockerhub, github_org, google_playstore, postman | speculate | +| PASSWORD | 0 | 2 | | credshed, dehashed | +| PROTOCOL | 0 | 1 | | fingerprintx | +| RAW_TEXT | 1 | 1 | excavate | unstructured | +| SOCIAL | 6 | 3 | dockerhub, github_org, gitlab, gowitness, postman, speculate | dockerhub, gitlab, social | +| STORAGE_BUCKET | 8 | 5 | baddns_direct, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, speculate | bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google | +| TECHNOLOGY | 4 | 8 | asset_inventory, gitlab, web_report, wpscan | badsecrets, dotnetnuke, gitlab, gowitness, internetdb, nuclei, wappalyzer, wpscan | +| URL | 20 | 2 | ajaxpro, asset_inventory, baddns_direct, bypass403, ffuf, generic_ssrf, git, gowitness, httpx, iis_shortnames, ntlm, nuclei, robots, smuggler, speculate, telerik, url_manipulation, vhost, wafw00f, web_report | gowitness, httpx | +| URL_HINT | 1 | 1 | ffuf_shortnames | iis_shortnames | +| URL_UNVERIFIED | 6 | 16 | code_repository, filedownload, httpx, oauth, social, speculate | azure_realm, bevigil, bucket_file_enum, dnscaa, dockerhub, excavate, ffuf, ffuf_shortnames, github_codesearch, gowitness, hunterio, robots, securitytxt, urlscan, wayback, wpscan | +| USERNAME | 1 | 2 | speculate | credshed, dehashed | +| VHOST | 1 | 1 | web_report | vhost | +| VULNERABILITY | 2 | 13 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, dastardly, dotnetnuke, generic_ssrf, internetdb, nuclei, telerik, trufflehog, wpscan | +| WAF | 1 | 1 | asset_inventory | wafw00f | +| WEBSCREENSHOT | 0 | 1 | | gowitness | +| WEB_PARAMETER | 4 | 4 | hunt, paramminer_cookies, paramminer_getparams, paramminer_headers | excavate, paramminer_cookies, paramminer_getparams, paramminer_headers | ## Findings Vs. Vulnerabilities diff --git a/docs/scanning/index.md b/docs/scanning/index.md index ff3fb5825..e2e4a7921 100644 --- a/docs/scanning/index.md +++ b/docs/scanning/index.md @@ -107,30 +107,30 @@ A single module can have multiple flags. For example, the `securitytrails` modul ### List of Flags -| Flag | # Modules | Description | Modules | -|------------------|-------------|----------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| safe | 84 | Non-intrusive, safe to run | affiliates, aggregate, ajaxpro, anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crt, dehashed, digitorus, dnscaa, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, filedownload, fingerprintx, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, gowitness, hackertarget, httpx, hunt, hunterio, iis_shortnames, internetdb, ip2location, ipstack, leakix, myssl, newsletters, ntlm, oauth, otx, passivetotal, pgp, portscan, postman, postman_download, rapiddns, robots, secretsdb, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, trickest, trufflehog, unstructured, urlscan, viewdns, virustotal, wappalyzer, wayback, zoomeye | -| passive | 60 | Never connects to target systems | affiliates, aggregate, anubisdb, asn, azure_realm, azure_tenant, bevigil, binaryedge, bucket_file_enum, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crt, dehashed, digitorus, dnscaa, dnsdumpster, docker_pull, dockerhub, emailformat, excavate, fullhunt, git_clone, github_codesearch, github_org, github_workflows, hackertarget, hunterio, internetdb, ip2location, ipneighbor, ipstack, leakix, myssl, otx, passivetotal, pgp, postman, postman_download, rapiddns, securitytrails, shodan_dns, sitedossier, skymem, social, speculate, subdomaincenter, trickest, trufflehog, unstructured, urlscan, viewdns, virustotal, wayback, zoomeye | -| subdomain-enum | 48 | Enumerates subdomains | anubisdb, asn, azure_realm, azure_tenant, baddns_zone, bevigil, binaryedge, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, sslcert, subdomaincenter, subdomains, trickest, urlscan, virustotal, wayback, zoomeye | -| active | 46 | Makes active connections to target systems | ajaxpro, baddns, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dnsbrute, dnsbrute_mutations, dnscommonsrv, dotnetnuke, ffuf, ffuf_shortnames, filedownload, fingerprintx, generic_ssrf, git, gitlab, gowitness, host_header, httpx, hunt, iis_shortnames, newsletters, ntlm, nuclei, oauth, paramminer_cookies, paramminer_getparams, paramminer_headers, portscan, robots, secretsdb, securitytxt, smuggler, sslcert, telerik, url_manipulation, vhost, wafw00f, wappalyzer, wpscan | -| aggressive | 20 | Generates a large amount of network traffic | bypass403, dastardly, dnsbrute, dnsbrute_mutations, dotnetnuke, ffuf, ffuf_shortnames, generic_ssrf, host_header, ipneighbor, nuclei, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, telerik, url_manipulation, vhost, wafw00f, wpscan | -| web-basic | 18 | Basic, non-intrusive web scan functionality | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, sslcert, wappalyzer | -| cloud-enum | 13 | Enumerates cloud resources | azure_realm, azure_tenant, baddns, baddns_zone, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, httpx, oauth, securitytxt | -| code-enum | 12 | Find public code repositories and search them for secrets etc. | code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, postman, postman_download, trufflehog | -| web-thorough | 12 | More advanced web scanning functionality | ajaxpro, bucket_digitalocean, bypass403, dastardly, dotnetnuke, ffuf_shortnames, generic_ssrf, host_header, hunt, smuggler, telerik, url_manipulation | -| slow | 11 | May take a long time to complete | bucket_digitalocean, dastardly, dnsbrute_mutations, docker_pull, fingerprintx, git_clone, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, vhost | -| affiliates | 9 | Discovers affiliated hostnames/domains | affiliates, azure_realm, azure_tenant, builtwith, oauth, sslcert, trickest, viewdns, zoomeye | -| email-enum | 8 | Enumerates email addresses | dehashed, dnscaa, emailformat, emails, hunterio, pgp, skymem, sslcert | -| deadly | 4 | Highly aggressive | dastardly, ffuf, nuclei, vhost | -| web-paramminer | 3 | Discovers HTTP parameters through brute-force | paramminer_cookies, paramminer_getparams, paramminer_headers | -| baddns | 2 | Runs all modules from the DNS auditing tool BadDNS | baddns, baddns_zone | -| iis-shortnames | 2 | Scans for IIS Shortname vulnerability | ffuf_shortnames, iis_shortnames | -| portscan | 2 | Discovers open ports | internetdb, portscan | -| report | 2 | Generates a report at the end of the scan | affiliates, asn | -| social-enum | 2 | Enumerates social media | httpx, social | -| service-enum | 1 | Identifies protocols running on open ports | fingerprintx | -| subdomain-hijack | 1 | Detects hijackable subdomains | baddns | -| web-screenshots | 1 | Takes screenshots of web pages | gowitness | +| Flag | # Modules | Description | Modules | +|------------------|-------------|----------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| safe | 89 | Non-intrusive, safe to run | affiliates, aggregate, ajaxpro, anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crt, dehashed, digitorus, dnscaa, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, filedownload, fingerprintx, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunt, hunterio, iis_shortnames, internetdb, ip2location, ipstack, leakix, myssl, newsletters, ntlm, oauth, otx, passivetotal, pgp, portscan, postman, postman_download, rapiddns, robots, secretsdb, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, unstructured, urlscan, viewdns, virustotal, wappalyzer, wayback, zoomeye | +| passive | 64 | Never connects to target systems | affiliates, aggregate, anubisdb, apkpure, asn, azure_realm, azure_tenant, bevigil, binaryedge, bucket_file_enum, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crt, dehashed, digitorus, dnscaa, dnsdumpster, docker_pull, dockerhub, emailformat, excavate, fullhunt, git_clone, github_codesearch, github_org, github_workflows, google_playstore, hackertarget, hunterio, internetdb, ip2location, ipneighbor, ipstack, leakix, myssl, otx, passivetotal, pgp, postman, postman_download, rapiddns, securitytrails, shodan_dns, sitedossier, skymem, social, speculate, subdomaincenter, subdomainradar, trickest, trufflehog, unstructured, urlscan, viewdns, virustotal, wayback, zoomeye | +| subdomain-enum | 51 | Enumerates subdomains | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, sslcert, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, virustotal, wayback, zoomeye | +| active | 47 | Makes active connections to target systems | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dnsbrute, dnsbrute_mutations, dnscommonsrv, dotnetnuke, ffuf, ffuf_shortnames, filedownload, fingerprintx, generic_ssrf, git, gitlab, gowitness, host_header, httpx, hunt, iis_shortnames, newsletters, ntlm, nuclei, oauth, paramminer_cookies, paramminer_getparams, paramminer_headers, portscan, robots, secretsdb, securitytxt, smuggler, sslcert, telerik, url_manipulation, vhost, wafw00f, wappalyzer, wpscan | +| aggressive | 20 | Generates a large amount of network traffic | bypass403, dastardly, dnsbrute, dnsbrute_mutations, dotnetnuke, ffuf, ffuf_shortnames, generic_ssrf, host_header, ipneighbor, nuclei, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, telerik, url_manipulation, vhost, wafw00f, wpscan | +| web-basic | 18 | Basic, non-intrusive web scan functionality | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, sslcert, wappalyzer | +| cloud-enum | 14 | Enumerates cloud resources | azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, httpx, oauth, securitytxt | +| code-enum | 14 | Find public code repositories and search them for secrets etc. | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, postman, postman_download, trufflehog | +| web-thorough | 12 | More advanced web scanning functionality | ajaxpro, bucket_digitalocean, bypass403, dastardly, dotnetnuke, ffuf_shortnames, generic_ssrf, host_header, hunt, smuggler, telerik, url_manipulation | +| slow | 11 | May take a long time to complete | bucket_digitalocean, dastardly, dnsbrute_mutations, docker_pull, fingerprintx, git_clone, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, vhost | +| affiliates | 9 | Discovers affiliated hostnames/domains | affiliates, azure_realm, azure_tenant, builtwith, oauth, sslcert, trickest, viewdns, zoomeye | +| email-enum | 8 | Enumerates email addresses | dehashed, dnscaa, emailformat, emails, hunterio, pgp, skymem, sslcert | +| deadly | 4 | Highly aggressive | dastardly, ffuf, nuclei, vhost | +| baddns | 3 | Runs all modules from the DNS auditing tool BadDNS | baddns, baddns_direct, baddns_zone | +| web-paramminer | 3 | Discovers HTTP parameters through brute-force | paramminer_cookies, paramminer_getparams, paramminer_headers | +| iis-shortnames | 2 | Scans for IIS Shortname vulnerability | ffuf_shortnames, iis_shortnames | +| portscan | 2 | Discovers open ports | internetdb, portscan | +| report | 2 | Generates a report at the end of the scan | affiliates, asn | +| social-enum | 2 | Enumerates social media | httpx, social | +| service-enum | 1 | Identifies protocols running on open ports | fingerprintx | +| subdomain-hijack | 1 | Detects hijackable subdomains | baddns | +| web-screenshots | 1 | Takes screenshots of web pages | gowitness | ## Dependencies diff --git a/docs/scanning/presets_list.md b/docs/scanning/presets_list.md index f63caefed..7bc60fe4c 100644 --- a/docs/scanning/presets_list.md +++ b/docs/scanning/presets_list.md @@ -1,6 +1,30 @@ Below is a list of every default BBOT preset, including its YAML. +## **baddns-thorough** + +Run all baddns modules and submodules. + +??? note "`baddns-thorough.yml`" + ```yaml title="~/.bbot/presets/baddns-thorough.yml" + description: Run all baddns modules and submodules. + + + modules: + - baddns + - baddns_zone + - baddns_direct + + config: + modules: + baddns: + enabled_submodules: [CNAME,references,MX,NS,TXT] + ``` + + + +Modules: [4]("`baddns_direct`, `baddns_zone`, `baddns`, `httpx`") + ## **cloud-enum** Enumerate cloud resources such as storage buckets, etc. @@ -18,7 +42,7 @@ Enumerate cloud resources such as storage buckets, etc. -Modules: [55]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_zone`, `baddns`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `columbus`, `crt`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `fullhunt`, `github_codesearch`, `github_org`, `hackertarget`, `httpx`, `hunterio`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `oauth`, `otx`, `passivetotal`, `postman_download`, `postman`, `rapiddns`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `social`, `sslcert`, `subdomaincenter`, `trickest`, `urlscan`, `virustotal`, `wayback`, `zoomeye`") +Modules: [58]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `baddns`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `columbus`, `crt`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `fullhunt`, `github_codesearch`, `github_org`, `hackertarget`, `httpx`, `hunterio`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `oauth`, `otx`, `passivetotal`, `postman_download`, `postman`, `rapiddns`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `urlscan`, `virustotal`, `wayback`, `zoomeye`") ## **code-enum** @@ -34,7 +58,7 @@ Enumerate Git repositories, Docker images, etc. -Modules: [14]("`code_repository`, `docker_pull`, `dockerhub`, `git_clone`, `git`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `httpx`, `postman_download`, `postman`, `social`, `trufflehog`") +Modules: [16]("`apkpure`, `code_repository`, `docker_pull`, `dockerhub`, `git_clone`, `git`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `google_playstore`, `httpx`, `postman_download`, `postman`, `social`, `trufflehog`") ## **dirbust-heavy** @@ -205,6 +229,7 @@ Everything everywhere all at once - paramminer - dirbust-light - web-screenshots + - baddns-thorough config: modules: @@ -216,7 +241,7 @@ Everything everywhere all at once -Modules: [80]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_zone`, `baddns`, `badsecrets`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `code_repository`, `columbus`, `crt`, `dehashed`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `docker_pull`, `dockerhub`, `emailformat`, `ffuf_shortnames`, `ffuf`, `filedownload`, `fullhunt`, `git_clone`, `git`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `gowitness`, `hackertarget`, `httpx`, `hunterio`, `iis_shortnames`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `ntlm`, `oauth`, `otx`, `paramminer_cookies`, `paramminer_getparams`, `paramminer_headers`, `passivetotal`, `pgp`, `postman_download`, `postman`, `rapiddns`, `robots`, `secretsdb`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `skymem`, `social`, `sslcert`, `subdomaincenter`, `trickest`, `trufflehog`, `urlscan`, `virustotal`, `wappalyzer`, `wayback`, `zoomeye`") +Modules: [85]("`anubisdb`, `apkpure`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `baddns`, `badsecrets`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `code_repository`, `columbus`, `crt`, `dehashed`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `docker_pull`, `dockerhub`, `emailformat`, `ffuf_shortnames`, `ffuf`, `filedownload`, `fullhunt`, `git_clone`, `git`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `google_playstore`, `gowitness`, `hackertarget`, `httpx`, `hunterio`, `iis_shortnames`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `ntlm`, `oauth`, `otx`, `paramminer_cookies`, `paramminer_getparams`, `paramminer_headers`, `passivetotal`, `pgp`, `postman_download`, `postman`, `rapiddns`, `robots`, `secretsdb`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `skymem`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `trufflehog`, `urlscan`, `virustotal`, `wappalyzer`, `wayback`, `zoomeye`") ## **paramminer** @@ -288,18 +313,18 @@ Enumerate subdomains via APIs, brute-force threads: 25 brute_threads: 1000 # put your API keys here - modules: - github: - api_key: "" - chaos: - api_key: "" - securitytrails: - api_key: "" + # modules: + # github: + # api_key: "" + # chaos: + # api_key: "" + # securitytrails: + # api_key: "" ``` -Modules: [48]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_zone`, `bevigil`, `binaryedge`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `columbus`, `crt`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `fullhunt`, `github_codesearch`, `github_org`, `hackertarget`, `httpx`, `hunterio`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `oauth`, `otx`, `passivetotal`, `postman_download`, `postman`, `rapiddns`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `social`, `sslcert`, `subdomaincenter`, `trickest`, `urlscan`, `virustotal`, `wayback`, `zoomeye`") +Modules: [51]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `bevigil`, `binaryedge`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `columbus`, `crt`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `fullhunt`, `github_codesearch`, `github_org`, `hackertarget`, `httpx`, `hunterio`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `oauth`, `otx`, `passivetotal`, `postman_download`, `postman`, `rapiddns`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `urlscan`, `virustotal`, `wayback`, `zoomeye`") ## **web-basic** @@ -372,20 +397,21 @@ Modules: [30]("`ajaxpro`, `azure_realm`, `baddns`, `badsecrets`, `bucket_amazon` Here is a the same data, but in a table: -| Preset | Category | Description | # Modules | Modules | -|-----------------|------------|--------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| cloud-enum | | Enumerate cloud resources such as storage buckets, etc. | 55 | anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, trickest, urlscan, virustotal, wayback, zoomeye | -| code-enum | | Enumerate Git repositories, Docker images, etc. | 14 | code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, httpx, postman, postman_download, social, trufflehog | -| dirbust-heavy | web | Recursive web directory brute-force (aggressive) | 5 | ffuf, ffuf_shortnames, httpx, iis_shortnames, wayback | -| dirbust-light | web | Basic web directory brute-force (surface-level directories only) | 4 | ffuf, ffuf_shortnames, httpx, iis_shortnames | -| dotnet-audit | web | Comprehensive scan for all IIS/.NET specific modules and module settings | 8 | ajaxpro, badsecrets, dotnetnuke, ffuf, ffuf_shortnames, httpx, iis_shortnames, telerik | -| email-enum | | Enumerate email addresses from APIs, web crawling, etc. | 7 | dehashed, dnscaa, emailformat, hunterio, pgp, skymem, sslcert | -| iis-shortnames | web | Recursively enumerate IIS shortnames | 3 | ffuf_shortnames, httpx, iis_shortnames | -| kitchen-sink | | Everything everywhere all at once | 80 | anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, crt, dehashed, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, ffuf, ffuf_shortnames, filedownload, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, gowitness, hackertarget, httpx, hunterio, iis_shortnames, internetdb, ipneighbor, leakix, myssl, ntlm, oauth, otx, paramminer_cookies, paramminer_getparams, paramminer_headers, passivetotal, pgp, postman, postman_download, rapiddns, robots, secretsdb, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, trickest, trufflehog, urlscan, virustotal, wappalyzer, wayback, zoomeye | -| paramminer | web | Discover new web parameters via brute-force | 4 | httpx, paramminer_cookies, paramminer_getparams, paramminer_headers | -| spider | | Recursive web spider | 1 | httpx | -| subdomain-enum | | Enumerate subdomains via APIs, brute-force | 48 | anubisdb, asn, azure_realm, azure_tenant, baddns_zone, bevigil, binaryedge, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, trickest, urlscan, virustotal, wayback, zoomeye | -| web-basic | | Quick web scan | 19 | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, ffuf_shortnames, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, sslcert, wappalyzer | -| web-screenshots | | Take screenshots of webpages | 3 | gowitness, httpx, social | -| web-thorough | | Aggressive web scan | 30 | ajaxpro, azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf_shortnames, filedownload, generic_ssrf, git, host_header, httpx, hunt, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, smuggler, sslcert, telerik, url_manipulation, wappalyzer | +| Preset | Category | Description | # Modules | Modules | +|-----------------|------------|--------------------------------------------------------------------------|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| baddns-thorough | | Run all baddns modules and submodules. | 4 | baddns, baddns_direct, baddns_zone, httpx | +| cloud-enum | | Enumerate cloud resources such as storage buckets, etc. | 58 | anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | +| code-enum | | Enumerate Git repositories, Docker images, etc. | 16 | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, httpx, postman, postman_download, social, trufflehog | +| dirbust-heavy | web | Recursive web directory brute-force (aggressive) | 5 | ffuf, ffuf_shortnames, httpx, iis_shortnames, wayback | +| dirbust-light | web | Basic web directory brute-force (surface-level directories only) | 4 | ffuf, ffuf_shortnames, httpx, iis_shortnames | +| dotnet-audit | web | Comprehensive scan for all IIS/.NET specific modules and module settings | 8 | ajaxpro, badsecrets, dotnetnuke, ffuf, ffuf_shortnames, httpx, iis_shortnames, telerik | +| email-enum | | Enumerate email addresses from APIs, web crawling, etc. | 7 | dehashed, dnscaa, emailformat, hunterio, pgp, skymem, sslcert | +| iis-shortnames | web | Recursively enumerate IIS shortnames | 3 | ffuf_shortnames, httpx, iis_shortnames | +| kitchen-sink | | Everything everywhere all at once | 85 | anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, crt, dehashed, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, ffuf, ffuf_shortnames, filedownload, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunterio, iis_shortnames, internetdb, ipneighbor, leakix, myssl, ntlm, oauth, otx, paramminer_cookies, paramminer_getparams, paramminer_headers, passivetotal, pgp, postman, postman_download, rapiddns, robots, secretsdb, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, virustotal, wappalyzer, wayback, zoomeye | +| paramminer | web | Discover new web parameters via brute-force | 4 | httpx, paramminer_cookies, paramminer_getparams, paramminer_headers | +| spider | | Recursive web spider | 1 | httpx | +| subdomain-enum | | Enumerate subdomains via APIs, brute-force | 51 | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | +| web-basic | | Quick web scan | 19 | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, ffuf_shortnames, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, sslcert, wappalyzer | +| web-screenshots | | Take screenshots of webpages | 3 | gowitness, httpx, social | +| web-thorough | | Aggressive web scan | 30 | ajaxpro, azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf_shortnames, filedownload, generic_ssrf, git, host_header, httpx, hunt, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, smuggler, sslcert, telerik, url_manipulation, wappalyzer | From 91bb53f535a8ee9aff59a3f174448dd37928e27d Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 1 Nov 2024 11:06:01 -0400 Subject: [PATCH 10/12] reintroduce docs autopublish --- .github/workflows/tests.yml | 44 +++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 78b0cbd93..810c94e86 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -114,6 +114,50 @@ jobs: repository: blacklanternsecurity/bbot outputs: BBOT_VERSION: ${{ steps.version.outputs.BBOT_VERSION }} + publish_docs: + needs: update_docs + runs-on: ubuntu-latest + if: github.event_name == 'push' && (github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev') + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} + - uses: actions/setup-python@v4 + with: + python-version: "3.x" + - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV + - uses: actions/cache@v3 + with: + key: mkdocs-material-${{ env.cache_id }} + path: .cache + restore-keys: | + mkdocs-material- + - name: Install dependencies + run: | + pip install poetry + poetry install --only=docs + - name: Configure Git + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git fetch origin gh-pages:refs/remotes/origin/gh-pages + if git show-ref --verify --quiet refs/heads/gh-pages; then + git branch -f gh-pages origin/gh-pages + else + git branch --track gh-pages origin/gh-pages + fi + - name: Generate docs (stable branch) + if: github.ref == 'refs/heads/stable' + run: | + poetry run mike deploy Stable + - name: Generate docs (dev branch) + if: github.ref == 'refs/heads/dev' + run: | + poetry run mike deploy Dev + - name: Publish docs + run: | + git switch gh-pages + git push # tag_commit: # needs: publish_code # runs-on: ubuntu-latest From 2bfd327a1f5b5858a1366d28982c2cd158b5a1fb Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 1 Nov 2024 12:57:07 -0400 Subject: [PATCH 11/12] fix yaml --- .github/workflows/tests.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 810c94e86..507b7ac54 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -115,11 +115,10 @@ jobs: outputs: BBOT_VERSION: ${{ steps.version.outputs.BBOT_VERSION }} publish_docs: - needs: update_docs runs-on: ubuntu-latest if: github.event_name == 'push' && (github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev') steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} - uses: actions/setup-python@v4 From 640aea9f6d418ed154c15b1411d135dce76584eb Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 1 Nov 2024 15:14:44 -0400 Subject: [PATCH 12/12] bump version --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index f762e3312..c18973a4d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "bbot" -version = "2.1.1" +version = "2.1.2" description = "OSINT automation for hackers." authors = [ "TheTechromancer", @@ -100,7 +100,7 @@ extend-exclude = "(test_step_1/test_manager_*)" [tool.poetry-dynamic-versioning] enable = true metadata = false -format-jinja = 'v2.1.1{% if branch == "dev" %}.{{ distance }}rc{% endif %}' +format-jinja = 'v2.1.2{% if branch == "dev" %}.{{ distance }}rc{% endif %}' [tool.poetry-dynamic-versioning.substitution] files = ["*/__init__.py"]