Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Autodetect USERNAME --> EMAIL_ADDRESS #870

Merged
merged 1 commit into from
Nov 30, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions bbot/core/event/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -1176,8 +1176,10 @@ def make_event(
"""

# allow tags to be either a string or an array
if isinstance(tags, str):
tags = [tags]
if tags is not None:
if isinstance(tags, str):
tags = [tags]
tags = list(tags)

if is_event(data):
if scan is not None and not data.scan:
Expand Down Expand Up @@ -1217,6 +1219,10 @@ def make_event(
event_type = "IP_ADDRESS"
elif event_type == "IP_ADDRESS" and not data_is_ip:
event_type = "DNS_NAME"
# USERNAME <--> EMAIL_ADDRESS confusion
if event_type == "USERNAME" and validators.soft_validate(data, "email"):
event_type = "EMAIL_ADDRESS"
tags.append("affiliate")

event_class = globals().get(event_type, DefaultEvent)

Expand Down
2 changes: 1 addition & 1 deletion bbot/modules/dehashed.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
class dehashed(credential_leak):
watched_events = ["DNS_NAME"]
produced_events = ["PASSWORD", "HASHED_PASSWORD", "USERNAME"]
flags = ["passive"]
flags = ["passive", "safe", "email-enum"]
meta = {"description": "Execute queries against dehashed.com for exposed credentials", "auth_required": True}
options = {"username": "", "api_key": ""}
options_desc = {"username": "Email Address associated with your API key", "api_key": "DeHashed API Key"}
Expand Down
2 changes: 1 addition & 1 deletion bbot/modules/hunt.py
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,7 @@
class hunt(BaseModule):
watched_events = ["HTTP_RESPONSE"]
produced_events = ["FINDING"]
flags = ["active", "safe", "web-basic", "web-thorough"]
flags = ["active", "safe", "web-thorough"]
meta = {"description": "Watch for commonly-exploitable HTTP parameters"}
# accept all events regardless of scope distance
scope_distance_modifier = None
Expand Down
3 changes: 3 additions & 0 deletions bbot/test/test_step_1/test_modules_basic.py
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,9 @@ async def test_modules_basic(scan, helpers, events, bbot_config, bbot_scanner, h
assert ("active" in flags and not "passive" in flags) or (
not "active" in flags and "passive" in flags
), f'module "{module_name}" must have either "active" or "passive" flag'
assert ("safe" in flags and not "aggressive" in flags) or (
not "safe" in flags and "aggressive" in flags
), f'module "{module_name}" must have either "safe" or "aggressive" flag'
assert preloaded.get("meta", {}).get("description", ""), f"{module_name} must have a description"

# attribute checks
Expand Down
15 changes: 13 additions & 2 deletions bbot/test/test_step_2/module_tests/test_module_dehashed.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"id": "4363462346",
"email": "[email protected]",
"ip_address": "",
"username": "",
"username": "[email protected]",
"password": "",
"hashed_password": "$2a$12$pVmwJ7pXEr3mE.DmCCE4fOUDdeadbeefd2KuCy/tq1ZUFyEOH2bve",
"name": "Bob Smith",
Expand Down Expand Up @@ -46,8 +46,19 @@ async def setup_before_prep(self, module_test):
)

def check(self, module_test, events):
assert len(events) == 7
assert len(events) == 9
assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "[email protected]"])
assert 1 == len(
[
e
for e in events
if e.type == "EMAIL_ADDRESS"
and e.data == "[email protected]"
and e.scope_distance == 1
and "affiliate" in e.tags
and e.source.data == "[email protected]"
]
)
assert 1 == len([e for e in events if e.type == "EMAIL_ADDRESS" and e.data == "[email protected]"])
assert 1 == len(
[
Expand Down