Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add blacklist regex feature #1899

Merged
merged 29 commits into from
Nov 19, 2024
Merged
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
ba4224a
resolve conflict
invalid-email-address Nov 4, 2024
2cd0e4e
add lock
invalid-email-address Nov 4, 2024
a267b6c
steady work
invalid-email-address Oct 30, 2024
8055276
update tags
invalid-email-address Oct 31, 2024
5238929
fix
invalid-email-address Oct 31, 2024
dffe93c
preset tests
invalid-email-address Oct 31, 2024
9bbf31e
more tests
invalid-email-address Nov 1, 2024
70fda2a
bugfixing
invalid-email-address Nov 1, 2024
df9cd27
radixtarget overhaul
invalid-email-address Nov 1, 2024
4d19fe5
add poetry.lock
invalid-email-address Nov 4, 2024
d5da47a
sort arg choices
invalid-email-address Nov 4, 2024
ccb6233
fix dns regex
invalid-email-address Nov 4, 2024
1475df9
fix dastardly tests
invalid-email-address Nov 4, 2024
092a68d
fix host error
invalid-email-address Nov 5, 2024
643269d
fix CSP extractor
invalid-email-address Nov 5, 2024
25d770a
fix tests
invalid-email-address Nov 6, 2024
2e35449
lint
invalid-email-address Nov 6, 2024
fa628fe
documentation, tests for blacklisting by regex
invalid-email-address Nov 6, 2024
99518a1
things
invalid-email-address Nov 6, 2024
bd1cc4d
add log message
invalid-email-address Nov 6, 2024
034cb93
more tests
invalid-email-address Nov 6, 2024
d2797cc
blacked
invalid-email-address Nov 6, 2024
1f3ea4e
fix conflict
invalid-email-address Nov 18, 2024
0d56dcf
add poetry.lock
invalid-email-address Nov 18, 2024
7152663
update docs
invalid-email-address Nov 7, 2024
af6d334
blacked
invalid-email-address Nov 7, 2024
9cd2aa4
fix tests
invalid-email-address Nov 7, 2024
efb2ff1
more tests
invalid-email-address Nov 7, 2024
3fc7ed4
fix bugs, thanks @Sh4d0wHunt3rX :)
invalid-email-address Nov 7, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix CSP extractor
  • Loading branch information
github-actions committed Nov 18, 2024
commit 643269dbd41032abb5232e732bf48044f72929f0
5 changes: 2 additions & 3 deletions bbot/modules/internal/excavate.py
Original file line number Diff line number Diff line change
Expand Up @@ -527,9 +527,8 @@ class CSPExtractor(ExcavateRule):
async def process(self, yara_results, event, yara_rule_settings, discovery_context):
for identifier in yara_results.keys():
for csp_str in yara_results[identifier]:
domains = await self.helpers.re.findall(bbot_regexes.dns_name_regex, csp_str)
unique_domains = set(domains)
for domain in unique_domains:
domains = await self.excavate.scan.extract_in_scope_hostnames(csp_str)
for domain in domains:
await self.report(domain, event, yara_rule_settings, discovery_context, event_type="DNS_NAME")

class EmailExtractor(ExcavateRule):
Expand Down