From 0bcf77f099e962e48f2e541ee96b1225db44a005 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Wed, 7 Feb 2024 17:19:28 -0500 Subject: [PATCH 1/4] normalizing tag names --- bbot/modules/baddns.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/bbot/modules/baddns.py b/bbot/modules/baddns.py index e2270b4f6f..80caf670ab 100644 --- a/bbot/modules/baddns.py +++ b/bbot/modules/baddns.py @@ -61,14 +61,16 @@ async def handle_event(self, event): "description": f"{r_dict['description']}. Confidence: [{r_dict['confidence']}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]", "host": str(event.host), } - await self.emit_event(data, "VULNERABILITY", event, tags=[f"baddns-{ModuleClass.name}"]) + await self.emit_event( + data, "VULNERABILITY", event, tags=[f"baddns-{ModuleClass.name.lower()}"] + ) elif r_dict["confidence"] in ["UNLIKELY", "POSSIBLE"] and not self.only_high_confidence: data = { "description": f"{r_dict['description']} Confidence: [{r_dict['confidence']}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]", "host": str(event.host), } - await self.emit_event(data, "FINDING", event, tags=[f"baddns-{ModuleClass.name}"]) + await self.emit_event(data, "FINDING", event, tags=[f"baddns-{ModuleClass.name.lower()}"]) else: self.warning(f"Got unrecognized confidence level: {r['confidence']}") @@ -76,5 +78,5 @@ async def handle_event(self, event): if found_domains: for found_domain in found_domains: await self.emit_event( - found_domain, "DNS_NAME", event, tags=[f"baddns-{ModuleClass.name}"] + found_domain, "DNS_NAME", event, tags=[f"baddns-{ModuleClass.name.lower()}"] ) From fa6be6e65ac559ebc76baf3feefe3c3bab6199b9 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Wed, 7 Feb 2024 17:20:51 -0500 Subject: [PATCH 2/4] baddns version roll --- bbot/modules/baddns.py | 2 +- bbot/modules/baddns_zone.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bbot/modules/baddns.py b/bbot/modules/baddns.py index 80caf670ab..2458a51dea 100644 --- a/bbot/modules/baddns.py +++ b/bbot/modules/baddns.py @@ -19,7 +19,7 @@ class baddns(BaseModule): "only_high_confidence": "Do not emit low-confidence or generic detections", } max_event_handlers = 8 - deps_pip = ["baddns~=1.0.702"] + deps_pip = ["baddns~=1.0.707"] def select_modules(self): selected_modules = [] diff --git a/bbot/modules/baddns_zone.py b/bbot/modules/baddns_zone.py index a7aac1f748..8dc127f3f9 100644 --- a/bbot/modules/baddns_zone.py +++ b/bbot/modules/baddns_zone.py @@ -18,7 +18,7 @@ class baddns_zone(baddns_module): "only_high_confidence": "Do not emit low-confidence or generic detections", } max_event_handlers = 8 - deps_pip = ["baddns~=1.0.702"] + deps_pip = ["baddns~=1.0.707"] def select_modules(self): selected_modules = [] From ba9236a16046e363873d0a6cb9b27c7160d1451a Mon Sep 17 00:00:00 2001 From: liquidsec Date: Wed, 7 Feb 2024 17:32:36 -0500 Subject: [PATCH 3/4] fixing bug with tag name --- bbot/modules/baddns.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bbot/modules/baddns.py b/bbot/modules/baddns.py index 2458a51dea..501c8c708b 100644 --- a/bbot/modules/baddns.py +++ b/bbot/modules/baddns.py @@ -62,7 +62,7 @@ async def handle_event(self, event): "host": str(event.host), } await self.emit_event( - data, "VULNERABILITY", event, tags=[f"baddns-{ModuleClass.name.lower()}"] + data, "VULNERABILITY", event, tags=[f"baddns-{module_instance.name.lower()}"] ) elif r_dict["confidence"] in ["UNLIKELY", "POSSIBLE"] and not self.only_high_confidence: @@ -70,7 +70,7 @@ async def handle_event(self, event): "description": f"{r_dict['description']} Confidence: [{r_dict['confidence']}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]", "host": str(event.host), } - await self.emit_event(data, "FINDING", event, tags=[f"baddns-{ModuleClass.name.lower()}"]) + await self.emit_event(data, "FINDING", event, tags=[f"baddns-{module_instance.name.lower()}"]) else: self.warning(f"Got unrecognized confidence level: {r['confidence']}") @@ -78,5 +78,5 @@ async def handle_event(self, event): if found_domains: for found_domain in found_domains: await self.emit_event( - found_domain, "DNS_NAME", event, tags=[f"baddns-{ModuleClass.name.lower()}"] + found_domain, "DNS_NAME", event, tags=[f"baddns-{module_instance.name.lower()}"] ) From 0097506c96da2d07ca5e4ded37d9c073da7438d4 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Wed, 7 Feb 2024 19:51:55 -0500 Subject: [PATCH 4/4] black --- bbot/modules/baddns.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bbot/modules/baddns.py b/bbot/modules/baddns.py index 501c8c708b..f448588ae2 100644 --- a/bbot/modules/baddns.py +++ b/bbot/modules/baddns.py @@ -70,7 +70,9 @@ async def handle_event(self, event): "description": f"{r_dict['description']} Confidence: [{r_dict['confidence']}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]", "host": str(event.host), } - await self.emit_event(data, "FINDING", event, tags=[f"baddns-{module_instance.name.lower()}"]) + await self.emit_event( + data, "FINDING", event, tags=[f"baddns-{module_instance.name.lower()}"] + ) else: self.warning(f"Got unrecognized confidence level: {r['confidence']}")