diff --git a/bbot/modules/deadly/ffuf.py b/bbot/modules/deadly/ffuf.py index 0dad1b63f..f5f09fd46 100644 --- a/bbot/modules/deadly/ffuf.py +++ b/bbot/modules/deadly/ffuf.py @@ -24,7 +24,7 @@ class ffuf(BaseModule): options_desc = { "wordlist": "Specify wordlist to use when finding directories", "lines": "take only the first N lines from the wordlist when finding directories", - "max_depth": "the maxium directory depth to attempt to solve", + "max_depth": "the maximum directory depth to attempt to solve", "version": "ffuf version", "extensions": "Optionally include a list of extensions to extend the keyword with (comma separated)", } diff --git a/bbot/modules/deadly/nuclei.py b/bbot/modules/deadly/nuclei.py index df5f86140..a03d2ca67 100644 --- a/bbot/modules/deadly/nuclei.py +++ b/bbot/modules/deadly/nuclei.py @@ -33,7 +33,7 @@ class nuclei(BaseModule): "concurrency": "maximum number of templates to be executed in parallel (default 25)", "mode": "manual | technology | severe | budget. Technology: Only activate based on technology events that match nuclei tags (nuclei -as mode). Manual (DEFAULT): Fully manual settings. Severe: Only critical and high severity templates without intrusive. Budget: Limit Nuclei to a specified number of HTTP requests", "etags": "tags to exclude from the scan", - "budget": "Used in budget mode to set the number of requests which will be alloted to the nuclei scan", + "budget": "Used in budget mode to set the number of requests which will be allotted to the nuclei scan", "directory_only": "Filter out 'file' URL event (default True)", "retries": "number of times to retry a failed request (default 0)", "batch_size": "Number of targets to send to Nuclei per batch (default 200)", diff --git a/bbot/modules/ffuf_shortnames.py b/bbot/modules/ffuf_shortnames.py index d78644e91..ca45402e6 100644 --- a/bbot/modules/ffuf_shortnames.py +++ b/bbot/modules/ffuf_shortnames.py @@ -44,19 +44,19 @@ class ffuf_shortnames(ffuf): "extensions": "", "ignore_redirects": True, "find_common_prefixes": False, - "find_delimeters": True, + "find_delimiters": True, } options_desc = { "wordlist": "Specify wordlist to use when finding directories", "wordlist_extensions": "Specify wordlist to use when making extension lists", "lines": "take only the first N lines from the wordlist when finding directories", - "max_depth": "the maxium directory depth to attempt to solve", + "max_depth": "the maximum directory depth to attempt to solve", "version": "ffuf version", "extensions": "Optionally include a list of extensions to extend the keyword with (comma separated)", "ignore_redirects": "Explicitly ignore redirects (301,302)", "find_common_prefixes": "Attempt to automatically detect common prefixes and make additional ffuf runs against them", - "find_delimeters": "Attempt to detect common delimeters and make additional ffuf runs against them", + "find_delimiters": "Attempt to detect common delimiters and make additional ffuf runs against them", } deps_ansible = [ @@ -115,8 +115,8 @@ def build_extension_list(self, event): return [extension_hint] def find_delimeter(self, hint): - delimeters = ["_", "-"] - for d in delimeters: + delimiters = ["_", "-"] + for d in delimiters: if d in hint: if not hint.startswith(d) and not hint.endswith(d): return d, hint.split(d)[0], hint.split(d)[1] @@ -165,7 +165,7 @@ async def handle_event(self, event): r_url = f"{r['url'].rstrip('/')}/" self.emit_event(r_url, "URL_UNVERIFIED", source=event, tags=[f"status-{r['status']}"]) - if self.config.get("find_delimeters"): + if self.config.get("find_delimiters"): if "shortname-directory" in event.tags: delimeter_r = self.find_delimeter(filename_hint) if delimeter_r: diff --git a/bbot/modules/massdns.py b/bbot/modules/massdns.py index 5dcd10ded..61861c553 100644 --- a/bbot/modules/massdns.py +++ b/bbot/modules/massdns.py @@ -395,10 +395,10 @@ async def gen_subdomains(self, prefixes, domain): yield d def gen_random_subdomains(self, n=50): - delimeters = (".", "-") + delimiters = (".", "-") lengths = list(range(3, 8)) for i in range(0, max(0, n - 5)): - d = delimeters[i % len(delimeters)] + d = delimiters[i % len(delimiters)] l = lengths[i % len(lengths)] segments = list(random.choice(self.devops_mutations) for _ in range(l)) segments.append(self.helpers.rand_string(length=8, digits=False)) diff --git a/bbot/modules/output/discord.py b/bbot/modules/output/discord.py index 3acb68f0b..a76b1142d 100644 --- a/bbot/modules/output/discord.py +++ b/bbot/modules/output/discord.py @@ -10,7 +10,7 @@ class Discord(BaseOutputModule): options_desc = { "webhook_url": "Discord webhook URL", "event_types": "Types of events to send", - "min_severity": "Only allow VULNERABILITY events of this severity or highter", + "min_severity": "Only allow VULNERABILITY events of this severity or higher", } accept_dupes = False good_status_code = 204 diff --git a/bbot/modules/output/slack.py b/bbot/modules/output/slack.py index e7151ce0f..bd04ecbc3 100644 --- a/bbot/modules/output/slack.py +++ b/bbot/modules/output/slack.py @@ -10,7 +10,7 @@ class Slack(Discord): options_desc = { "webhook_url": "Discord webhook URL", "event_types": "Types of events to send", - "min_severity": "Only allow VULNERABILITY events of this severity or highter", + "min_severity": "Only allow VULNERABILITY events of this severity or higher", } good_status_code = 200 content_key = "text" diff --git a/bbot/modules/output/teams.py b/bbot/modules/output/teams.py index f858d897d..abe7ff4e0 100644 --- a/bbot/modules/output/teams.py +++ b/bbot/modules/output/teams.py @@ -8,7 +8,7 @@ class Teams(Discord): options_desc = { "webhook_url": "Discord webhook URL", "event_types": "Types of events to send", - "min_severity": "Only allow VULNERABILITY events of this severity or highter", + "min_severity": "Only allow VULNERABILITY events of this severity or higher", } _max_event_handlers = 5 good_status_code = 200 diff --git a/bbot/modules/wafw00f.py b/bbot/modules/wafw00f.py index f15b82263..a576df2f6 100644 --- a/bbot/modules/wafw00f.py +++ b/bbot/modules/wafw00f.py @@ -15,7 +15,7 @@ class wafw00f(BaseModule): deps_pip = ["wafw00f~=2.2.0"] options = {"generic_detect": True} - options_desc = {"generic_detect": "When no specific WAF detections are made, try to peform a generic detect"} + options_desc = {"generic_detect": "When no specific WAF detections are made, try to perform a generic detect"} in_scope_only = True per_host_only = True diff --git a/bbot/scanner/target.py b/bbot/scanner/target.py index f733f8295..dc98ca95d 100644 --- a/bbot/scanner/target.py +++ b/bbot/scanner/target.py @@ -18,7 +18,7 @@ class Target: scan (Scan): Reference to the Scan object that instantiated the Target. _events (dict): Dictionary mapping hosts to events related to the target. strict_scope (bool): Flag indicating whether to consider child domains in-scope. - If set to True, only the exact hosts specifieid and not their children are considered part of the target. + If set to True, only the exact hosts specified and not their children are considered part of the target. Examples: Basic usage diff --git a/docs/modules/nuclei.md b/docs/modules/nuclei.md index e7c6d4247..f4c0d61ca 100644 --- a/docs/modules/nuclei.md +++ b/docs/modules/nuclei.md @@ -32,7 +32,7 @@ The Nuclei module has many configuration options: | etags | Tags to exclude from the scan | | | directory_only | When on, limits scan to only "directory" URLs (omit endpoints) | True | | budget | Used in budget mode to set the number of requests which will be allotted | 1 | -| retries | Mumber of times to retry a failed request | 0 | +| retries | Number of times to retry a failed request | 0 | | batch_size | The number of targets BBOT will pass to Nuclei at a time | 200 | Most of these you probably will **NOT** want to change. In particular, we strongly advise against changing the version of Nuclei, as it's very likely the latest version won't work right with BBOT. diff --git a/docs/scanning/configuration.md b/docs/scanning/configuration.md index fb9d5544c..59f2a77ab 100644 --- a/docs/scanning/configuration.md +++ b/docs/scanning/configuration.md @@ -213,15 +213,15 @@ Many modules accept their own configuration options. These options have the abil | modules.dnszonetransfer.timeout | int | Max seconds to wait before timing out | 10 | | modules.ffuf.extensions | str | Optionally include a list of extensions to extend the keyword with (comma separated) | | | modules.ffuf.lines | int | take only the first N lines from the wordlist when finding directories | 5000 | -| modules.ffuf.max_depth | int | the maxium directory depth to attempt to solve | 0 | +| modules.ffuf.max_depth | int | the maximum directory depth to attempt to solve | 0 | | modules.ffuf.version | str | ffuf version | 2.0.0 | | modules.ffuf.wordlist | str | Specify wordlist to use when finding directories | https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-small-directories.txt | | modules.ffuf_shortnames.extensions | str | Optionally include a list of extensions to extend the keyword with (comma separated) | | | modules.ffuf_shortnames.find_common_prefixes | bool | Attempt to automatically detect common prefixes and make additional ffuf runs against them | False | -| modules.ffuf_shortnames.find_delimeters | bool | Attempt to detect common delimeters and make additional ffuf runs against them | True | +| modules.ffuf_shortnames.find_delimiters | bool | Attempt to detect common delimiters and make additional ffuf runs against them | True | | modules.ffuf_shortnames.ignore_redirects | bool | Explicitly ignore redirects (301,302) | True | | modules.ffuf_shortnames.lines | int | take only the first N lines from the wordlist when finding directories | 1000000 | -| modules.ffuf_shortnames.max_depth | int | the maxium directory depth to attempt to solve | 1 | +| modules.ffuf_shortnames.max_depth | int | the maximum directory depth to attempt to solve | 1 | | modules.ffuf_shortnames.version | str | ffuf version | 2.0.0 | | modules.ffuf_shortnames.wordlist | str | Specify wordlist to use when finding directories | | | modules.ffuf_shortnames.wordlist_extensions | str | Specify wordlist to use when making extension lists | | @@ -251,7 +251,7 @@ Many modules accept their own configuration options. These options have the abil | modules.nmap.top_ports | int | top ports to scan | 100 | | modules.ntlm.try_all | bool | Try every NTLM endpoint | False | | modules.nuclei.batch_size | int | Number of targets to send to Nuclei per batch (default 200) | 200 | -| modules.nuclei.budget | int | Used in budget mode to set the number of requests which will be alloted to the nuclei scan | 1 | +| modules.nuclei.budget | int | Used in budget mode to set the number of requests which will be allotted to the nuclei scan | 1 | | modules.nuclei.concurrency | int | maximum number of templates to be executed in parallel (default 25) | 25 | | modules.nuclei.directory_only | bool | Filter out 'file' URL event (default True) | True | | modules.nuclei.etags | str | tags to exclude from the scan | | @@ -285,7 +285,7 @@ Many modules accept their own configuration options. These options have the abil | modules.vhost.force_basehost | str | Use a custom base host (e.g. evilcorp.com) instead of the default behavior of using the current URL | | | modules.vhost.lines | int | take only the first N lines from the wordlist when finding directories | 5000 | | modules.vhost.wordlist | str | Wordlist containing subdomains | https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt | -| modules.wafw00f.generic_detect | bool | When no specific WAF detections are made, try to peform a generic detect | True | +| modules.wafw00f.generic_detect | bool | When no specific WAF detections are made, try to perform a generic detect | True | | modules.bevigil.api_key | str | BeVigil OSINT API Key | | | modules.bevigil.urls | bool | Emit URLs in addition to DNS_NAMEs | False | | modules.binaryedge.api_key | str | BinaryEdge API key | | @@ -330,7 +330,7 @@ Many modules accept their own configuration options. These options have the abil | output_modules.asset_inventory.use_previous | bool |` Emit previous asset inventory as new events (use in conjunction with -n ) `| False | | output_modules.csv.output_file | str | Output to CSV file | | | output_modules.discord.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| output_modules.discord.min_severity | str | Only allow VULNERABILITY events of this severity or highter | LOW | +| output_modules.discord.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | | output_modules.discord.webhook_url | str | Discord webhook URL | | | output_modules.http.bearer | str | Authorization Bearer token | | | output_modules.http.method | str | HTTP method | POST | @@ -346,12 +346,12 @@ Many modules accept their own configuration options. These options have the abil | output_modules.neo4j.uri | str | Neo4j server + port | bolt://localhost:7687 | | output_modules.neo4j.username | str | Neo4j username | neo4j | | output_modules.slack.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| output_modules.slack.min_severity | str | Only allow VULNERABILITY events of this severity or highter | LOW | +| output_modules.slack.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | | output_modules.slack.webhook_url | str | Discord webhook URL | | | output_modules.subdomains.include_unresolved | bool | Include unresolved subdomains in output | False | | output_modules.subdomains.output_file | str | Output to file | | | output_modules.teams.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| output_modules.teams.min_severity | str | Only allow VULNERABILITY events of this severity or highter | LOW | +| output_modules.teams.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | | output_modules.teams.webhook_url | str | Discord webhook URL | | | output_modules.web_report.css_theme_file | str | CSS theme URL for HTML output | https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/5.1.0/github-markdown.min.css | | output_modules.web_report.output_file | str | Output to file | | diff --git a/docs/scanning/events.md b/docs/scanning/events.md index fa1e156cc..3399fd41c 100644 --- a/docs/scanning/events.md +++ b/docs/scanning/events.md @@ -79,7 +79,7 @@ Below is a full list of event types along with which modules produce/consume the | WEBSCREENSHOT | 0 | 1 | | gowitness | -## Findings Vs. Vulnerabilties +## Findings Vs. Vulnerabilities BBOT has a sharp distinction between Findings and Vulnerabilities: