diff --git a/bbot/core/event/base.py b/bbot/core/event/base.py index 57d2108a85..60ec839702 100644 --- a/bbot/core/event/base.py +++ b/bbot/core/event/base.py @@ -1176,8 +1176,10 @@ def make_event( """ # allow tags to be either a string or an array - if isinstance(tags, str): - tags = [tags] + if tags is not None: + if isinstance(tags, str): + tags = [tags] + tags = list(tags) if is_event(data): if scan is not None and not data.scan: @@ -1217,6 +1219,10 @@ def make_event( event_type = "IP_ADDRESS" elif event_type == "IP_ADDRESS" and not data_is_ip: event_type = "DNS_NAME" + # USERNAME <--> EMAIL_ADDRESS confusion + if event_type == "USERNAME" and validators.soft_validate(data, "email"): + event_type = "EMAIL_ADDRESS" + tags.append("affiliate") event_class = globals().get(event_type, DefaultEvent) diff --git a/bbot/modules/dehashed.py b/bbot/modules/dehashed.py index 113652490d..a09de454e5 100644 --- a/bbot/modules/dehashed.py +++ b/bbot/modules/dehashed.py @@ -6,7 +6,7 @@ class dehashed(credential_leak): watched_events = ["DNS_NAME"] produced_events = ["PASSWORD", "HASHED_PASSWORD", "USERNAME"] - flags = ["passive"] + flags = ["passive", "safe", "email-enum"] meta = {"description": "Execute queries against dehashed.com for exposed credentials", "auth_required": True} options = {"username": "", "api_key": ""} options_desc = {"username": "Email Address associated with your API key", "api_key": "DeHashed API Key"} diff --git a/bbot/modules/hunt.py b/bbot/modules/hunt.py index 7cc2e06dc1..0ccf0391be 100644 --- a/bbot/modules/hunt.py +++ b/bbot/modules/hunt.py @@ -274,7 +274,7 @@ class hunt(BaseModule): watched_events = ["HTTP_RESPONSE"] produced_events = ["FINDING"] - flags = ["active", "safe", "web-basic", "web-thorough"] + flags = ["active", "safe", "web-thorough"] meta = {"description": "Watch for commonly-exploitable HTTP parameters"} # accept all events regardless of scope distance scope_distance_modifier = None diff --git a/bbot/test/test_step_1/test_modules_basic.py b/bbot/test/test_step_1/test_modules_basic.py index 6f8b8870fb..9870bf3da2 100644 --- a/bbot/test/test_step_1/test_modules_basic.py +++ b/bbot/test/test_step_1/test_modules_basic.py @@ -125,6 +125,9 @@ async def test_modules_basic(scan, helpers, events, bbot_config, bbot_scanner, h assert ("active" in flags and not "passive" in flags) or ( not "active" in flags and "passive" in flags ), f'module "{module_name}" must have either "active" or "passive" flag' + assert ("safe" in flags and not "aggressive" in flags) or ( + not "safe" in flags and "aggressive" in flags + ), f'module "{module_name}" must have either "safe" or "aggressive" flag' assert preloaded.get("meta", {}).get("description", ""), f"{module_name} must have a description" # attribute checks diff --git a/bbot/test/test_step_2/module_tests/test_module_dehashed.py b/bbot/test/test_step_2/module_tests/test_module_dehashed.py index 767884bd5a..8b20c85c59 100644 --- a/bbot/test/test_step_2/module_tests/test_module_dehashed.py +++ b/bbot/test/test_step_2/module_tests/test_module_dehashed.py @@ -7,7 +7,7 @@ "id": "4363462346", "email": "bob@blacklanternsecurity.com", "ip_address": "", - "username": "", + "username": "bob@bob.com", "password": "", "hashed_password": "$2a$12$pVmwJ7pXEr3mE.DmCCE4fOUDdeadbeefd2KuCy/tq1ZUFyEOH2bve", "name": "Bob Smith", @@ -46,8 +46,19 @@ async def setup_before_prep(self, module_test): ) def check(self, module_test, events): - assert len(events) == 7 + assert len(events) == 9 assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "bob@blacklanternsecurity.com"]) + assert 1 == len( + [ + e + for e in events + if e.type == "EMAIL_ADDRESS" + and e.data == "bob@bob.com" + and e.scope_distance == 1 + and "affiliate" in e.tags + and e.source.data == "bob@blacklanternsecurity.com" + ] + ) assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "tim@blacklanternsecurity.com"]) assert 1 == len( [