From 1655bc7add5d95a7476879dcef4702c3deca6955 Mon Sep 17 00:00:00 2001
From: TheTechromancer <thetechromancer@protonmail.com>
Date: Tue, 17 Oct 2023 18:21:15 -0400
Subject: [PATCH 1/4] add microsoft on-prem subdomains

---
 bbot/modules/base.py                     |   5 +-
 bbot/modules/massdns.py                  |  10 ++-
 bbot/wordlists/ms_on_prem_subdomains.txt | 101 +++++++++++++++++++++++
 3 files changed, 110 insertions(+), 6 deletions(-)
 create mode 100644 bbot/wordlists/ms_on_prem_subdomains.txt

diff --git a/bbot/modules/base.py b/bbot/modules/base.py
index 65731d7fa..9101c800a 100644
--- a/bbot/modules/base.py
+++ b/bbot/modules/base.py
@@ -5,8 +5,8 @@
 from contextlib import suppress
 
 from ..core.helpers.misc import get_size  # noqa
+from ..core.errors import ValidationError
 from ..core.helpers.async_helpers import TaskCounter
-from ..core.errors import ValidationError, WordlistError
 
 
 class BaseModule:
@@ -527,9 +527,6 @@ async def _setup(self):
             self.debug(f"Finished setting up module {self.name}")
         except Exception as e:
             self.set_error_state()
-            # soft-fail if it's only a wordlist error
-            if isinstance(e, WordlistError):
-                status = None
             msg = f"{e}"
             self.trace()
         return self.name, status, str(msg)
diff --git a/bbot/modules/massdns.py b/bbot/modules/massdns.py
index 7e4331f5b..bb28f045f 100644
--- a/bbot/modules/massdns.py
+++ b/bbot/modules/massdns.py
@@ -74,6 +74,12 @@ async def setup(self):
         self.mutations_tried = set()
         self.source_events = self.helpers.make_target()
         self.subdomain_file = await self.helpers.wordlist(self.config.get("wordlist"))
+        self.subdomain_list = set(self.helpers.read_file(self.subdomain_file))
+
+        ms_on_prem_string_file = self.helpers.wordlist_dir / "ms_on_prem_subdomains.txt"
+        ms_on_prem_strings = set(self.helpers.read_file(ms_on_prem_string_file))
+        self.subdomain_list.update(ms_on_prem_strings)
+
         self.max_resolvers = self.config.get("max_resolvers", 1000)
         self.max_mutations = self.config.get("max_mutations", 500)
         nameservers_url = (
@@ -104,7 +110,7 @@ async def handle_event(self, event):
         self.source_events.add_target(event)
 
         self.info(f"Brute-forcing subdomains for {query} (source: {event.data})")
-        for hostname in await self.massdns(query, self.helpers.read_file(self.subdomain_file)):
+        for hostname in await self.massdns(query, self.subdomain_list):
             self.emit_result(hostname, event, query)
 
     def abort_if(self, event):
@@ -278,7 +284,7 @@ async def _massdns(self, domain, subdomains):
                             hosts_yielded.add(hostname_hash)
                             yield hostname, data, rdtype
 
-    async def finish(self):
+    async def sfinish(self):
         found = sorted(self.found.items(), key=lambda x: len(x[-1]), reverse=True)
         # if we have a lot of rounds to make, don't try mutations on less-populated domains
         trimmed_found = []
diff --git a/bbot/wordlists/ms_on_prem_subdomains.txt b/bbot/wordlists/ms_on_prem_subdomains.txt
new file mode 100644
index 000000000..b323e4605
--- /dev/null
+++ b/bbot/wordlists/ms_on_prem_subdomains.txt
@@ -0,0 +1,101 @@
+adfs
+adfs01
+adfs02
+adfs1
+adfs2
+adfs3
+adfsproxy
+adfstest
+auth
+fed
+federate
+federated
+federation
+federationfs
+fs
+fs1
+fs2
+fs3
+fs4
+gateway
+login
+portal
+saml
+sso
+sts
+wap
+webmail
+owa
+hybrid
+hybrid-cloud
+email
+outlook
+exchange
+mail2
+webmail2
+mail1
+mailbox
+mail01
+mailman
+mailgate
+mailbackup
+mail3
+webmail1
+webmail3
+mailing
+mailserver
+mailhost
+mailer
+mailadmin
+imap
+pop3
+post
+post1
+post2
+mail
+remote
+desktop
+desktop1
+desktop2
+desktops
+extranet
+mydesktop
+ra
+rdesktop
+rdgate
+rdp
+rdpweb
+rds
+rdsh
+rdweb
+remote01
+remote02
+remote1
+remote2
+remote3
+remote4
+remoteapp
+remoteapps
+remotedesktop
+remotegateway
+tsweb
+vdesktop
+vdi
+dialin
+meet
+lync
+lyncweb
+sip
+skype
+sfbweb
+scheduler
+lyncext
+lyncdiscoverinternal
+access
+lyncaccess01
+lyncaccess
+lync10
+wac
+_sipinternaltls
+uc
+lyncdiscover

From ca8953584daab750ce66bcea31500e36a04fbeff Mon Sep 17 00:00:00 2001
From: TheTechromancer <thetechromancer@protonmail.com>
Date: Tue, 17 Oct 2023 18:21:57 -0400
Subject: [PATCH 2/4] undo debugging changes

---
 bbot/modules/massdns.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bbot/modules/massdns.py b/bbot/modules/massdns.py
index bb28f045f..5dcd10ded 100644
--- a/bbot/modules/massdns.py
+++ b/bbot/modules/massdns.py
@@ -284,7 +284,7 @@ async def _massdns(self, domain, subdomains):
                             hosts_yielded.add(hostname_hash)
                             yield hostname, data, rdtype
 
-    async def sfinish(self):
+    async def finish(self):
         found = sorted(self.found.items(), key=lambda x: len(x[-1]), reverse=True)
         # if we have a lot of rounds to make, don't try mutations on less-populated domains
         trimmed_found = []

From 6b1e320d1511ffc36e0c6e045abc7a319c0ebc77 Mon Sep 17 00:00:00 2001
From: TheTechromancer <thetechromancer@protonmail.com>
Date: Tue, 17 Oct 2023 19:30:29 -0400
Subject: [PATCH 3/4] fix test_modules_basic tests

---
 bbot/test/test_step_1/test_modules_basic.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bbot/test/test_step_1/test_modules_basic.py b/bbot/test/test_step_1/test_modules_basic.py
index 77c25a7a1..47d39e1a5 100644
--- a/bbot/test/test_step_1/test_modules_basic.py
+++ b/bbot/test/test_step_1/test_modules_basic.py
@@ -82,6 +82,7 @@ async def test_modules_basic(scan, helpers, events, bbot_config, bbot_scanner, h
         modules=list(set(available_modules + available_internal_modules)),
         output_modules=list(available_output_modules),
         config=bbot_config,
+        force_start=True,
     )
     scan2.helpers.dns.fallback_nameservers_file = fallback_nameservers
     await scan2.load_modules()

From f32448a43d1d2020fcf5ca3f006e29b120b98e0c Mon Sep 17 00:00:00 2001
From: TheTechromancer <thetechromancer@protonmail.com>
Date: Tue, 17 Oct 2023 20:07:12 -0400
Subject: [PATCH 4/4] working on tests

---
 bbot/test/test_step_1/test_modules_basic.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bbot/test/test_step_1/test_modules_basic.py b/bbot/test/test_step_1/test_modules_basic.py
index 47d39e1a5..b4d61f516 100644
--- a/bbot/test/test_step_1/test_modules_basic.py
+++ b/bbot/test/test_step_1/test_modules_basic.py
@@ -175,9 +175,9 @@ async def test_modules_basic_perhostonly(scan, helpers, events, bbot_config, bbo
         "evilcorp.com",
         modules=list(set(available_modules + available_internal_modules)),
         config=bbot_config,
+        force_start=True,
     )
 
-    await per_host_scan.load_modules()
     await per_host_scan.setup_modules()
     per_host_scan.status = "RUNNING"
 
@@ -215,6 +215,7 @@ async def test_modules_basic_perdomainonly(scan, helpers, events, bbot_config, b
         "evilcorp.com",
         modules=list(set(available_modules + available_internal_modules)),
         config=bbot_config,
+        force_start=True,
     )
 
     await per_domain_scan.load_modules()