Skip to content

Commit

Permalink
handle USERNAME <--> EMAIL_ADDRESS confusion
Browse files Browse the repository at this point in the history
  • Loading branch information
TheTechromancer committed Nov 27, 2023
1 parent c7510d5 commit 7c453b1
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 6 deletions.
10 changes: 8 additions & 2 deletions bbot/core/event/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -1176,8 +1176,10 @@ def make_event(
"""

# allow tags to be either a string or an array
if isinstance(tags, str):
tags = [tags]
if tags is not None:
if isinstance(tags, str):
tags = [tags]
tags = list(tags)

if is_event(data):
if scan is not None and not data.scan:
Expand Down Expand Up @@ -1217,6 +1219,10 @@ def make_event(
event_type = "IP_ADDRESS"
elif event_type == "IP_ADDRESS" and not data_is_ip:
event_type = "DNS_NAME"
# USERNAME <--> EMAIL_ADDRESS confusion
if event_type == "USERNAME" and validators.soft_validate(data, "email"):
event_type = "EMAIL_ADDRESS"
tags.append("affiliate")

event_class = globals().get(event_type, DefaultEvent)

Expand Down
2 changes: 1 addition & 1 deletion bbot/modules/dehashed.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
class dehashed(credential_leak):
watched_events = ["DNS_NAME"]
produced_events = ["PASSWORD", "HASHED_PASSWORD", "USERNAME"]
flags = ["passive"]
flags = ["passive", "safe", "email-enum"]
meta = {"description": "Execute queries against dehashed.com for exposed credentials", "auth_required": True}
options = {"username": "", "api_key": ""}
options_desc = {"username": "Email Address associated with your API key", "api_key": "DeHashed API Key"}
Expand Down
2 changes: 1 addition & 1 deletion bbot/modules/hunt.py
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,7 @@
class hunt(BaseModule):
watched_events = ["HTTP_RESPONSE"]
produced_events = ["FINDING"]
flags = ["active", "safe", "web-basic", "web-thorough"]
flags = ["active", "safe", "web-thorough"]
meta = {"description": "Watch for commonly-exploitable HTTP parameters"}
# accept all events regardless of scope distance
scope_distance_modifier = None
Expand Down
3 changes: 3 additions & 0 deletions bbot/test/test_step_1/test_modules_basic.py
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,9 @@ async def test_modules_basic(scan, helpers, events, bbot_config, bbot_scanner, h
assert ("active" in flags and not "passive" in flags) or (
not "active" in flags and "passive" in flags
), f'module "{module_name}" must have either "active" or "passive" flag'
assert ("safe" in flags and not "aggressive" in flags) or (
not "safe" in flags and "aggressive" in flags
), f'module "{module_name}" must have either "safe" or "aggressive" flag'
assert preloaded.get("meta", {}).get("description", ""), f"{module_name} must have a description"

# attribute checks
Expand Down
15 changes: 13 additions & 2 deletions bbot/test/test_step_2/module_tests/test_module_dehashed.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"id": "4363462346",
"email": "[email protected]",
"ip_address": "",
"username": "",
"username": "[email protected]",
"password": "",
"hashed_password": "$2a$12$pVmwJ7pXEr3mE.DmCCE4fOUDdeadbeefd2KuCy/tq1ZUFyEOH2bve",
"name": "Bob Smith",
Expand Down Expand Up @@ -46,8 +46,19 @@ async def setup_before_prep(self, module_test):
)

def check(self, module_test, events):
assert len(events) == 7
assert len(events) == 9
assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "[email protected]"])
assert 1 == len(
[
e
for e in events
if e.type == "EMAIL_ADDRESS"
and e.data == "[email protected]"
and e.scope_distance == 1
and "affiliate" in e.tags
and e.source.data == "[email protected]"
]
)
assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "[email protected]"])
assert 1 == len(
[
Expand Down

0 comments on commit 7c453b1

Please sign in to comment.