Skip to content

blacklanternsecurity/bbot

Repository files navigation

bbot_banner

/ˈBEE·bot/ (noun): A recursive internet scanner for hackers.

Python Version License DEF CON Demo Labs 2023 PyPi Downloads Black Tests Codecov Discord

first-bbot-scan.mp4

A BBOT scan in real-time - visualization with VivaGraphJS

Installation

# stable version
pipx install bbot

# bleeding edge (dev branch)
pipx install --pip-args '\--pre' bbot

For more installation methods, including Docker, see Getting Started

What is BBOT?

BBOT is...

1) A Subdomain Finder

Passive API sources plus a recursive DNS brute-force with target-specific subdomain mutations.

# find subdomains of evilcorp.com
bbot -t evilcorp.com -p subdomain-enum
subdomain-enum.yml
description: Enumerate subdomains via APIs, brute-force

flags:
  - subdomain-enum

output_modules:
  - subdomains

config:
  modules:
    stdout:
      format: text
      # only output DNS_NAMEs to the console
      event_types:
        - DNS_NAME
      # only show in-scope subdomains
      in_scope_only: True
      # display the raw subdomains, nothing else
      event_fields:
        - data
      # automatically dedupe
      accept_dups: False
SEE: Comparison to Other Subdomain Enumeration Tools

BBOT consistently finds 20-50% more subdomains than other tools. The bigger the domain, the bigger the difference. To learn how this is possible, see How It Works.

subdomain-stats-ebay

2) A Web Spider

# crawl evilcorp.com, extracting emails and other goodies
bbot -t evilcorp.com -p spider

3) An Email Gatherer

# enumerate evilcorp.com email addresses
bbot -t evilcorp.com -p subdomain-enum spider email-enum

4) A Web Scanner

# run a light web scan against www.evilcorp.com
bbot -t www.evilcorp.com -p web-basic

# run a heavy web scan against www.evilcorp.com
bbot -t www.evilcorp.com -p web-thorough

5) ...And Much More

# everything everywhere all at once
bbot -t evilcorp.com -p kitchen-sink

# roughly equivalent to:
bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots

6) It's Also a Python Library

Synchronous

from bbot.scanner import Scanner

scan = Scanner("evilcorp.com", presets=["subdomain-enum"])
for event in scan.start():
    print(event)

Asynchronous

from bbot.scanner import Scanner

async def main():
    scan = Scanner("evilcorp.com", presets=["subdomain-enum"])
    async for event in scan.async_start():
        print(event.json())

import asyncio
asyncio.run(main())
SEE: This Nefarious Discord Bot

A BBOT Discord Bot that responds to the /scan command. Scan the internet from the comfort of your discord server!

bbot-discord

Feature Overview

BBOT (Bighuge BLS OSINT Tool) is a recursive internet scanner inspired by Spiderfoot, but designed to be faster, more reliable, and friendlier to pentesters, bug bounty hunters, and developers.

Special features include:

  • Support for Multiple Targets
  • Web Screenshots
  • Suite of Offensive Web Modules
  • AI-powered Subdomain Mutations
  • Native Output to Neo4j (and more)
  • Python API + Developer Documentation

Targets

BBOT accepts an unlimited number of targets via -t. You can specify targets either directly on the command line or in files (or both!):

bbot -t evilcorp.com evilcorp.org 1.2.3.0/24 -f subdomain-enum

Targets can be any of the following:

  • DNS_NAME (evilcorp.com)
  • IP_ADDRESS (1.2.3.4)
  • IP_RANGE (1.2.3.0/24)
  • OPEN_TCP_PORT (192.168.0.1:80)
  • URL (https://www.evilcorp.com)

For more information, see Targets. To learn how BBOT handles scope, see Scope.

API Keys

Similar to Amass or Subfinder, BBOT supports API keys for various third-party services such as SecurityTrails, etc.

The standard way to do this is to enter your API keys in ~/.config/bbot/bbot.yml:

modules:
  shodan_dns:
    api_key: 4f41243847da693a4f356c0486114bc6
  c99:
    api_key: 21a270d5f59c9b05813a72bb41707266
  virustotal:
    api_key: dd5f0eee2e4a99b71a939bded450b246
  securitytrails:
    api_key: d9a05c3fd9a514497713c54b4455d0b0

If you like, you can also specify them on the command line:

bbot -c modules.virustotal.api_key=dd5f0eee2e4a99b71a939bded450b246

For details, see Configuration

Documentation

Contribution

Some of the best BBOT modules were written by the community. BBOT is being constantly improved; every day it grows more powerful!

We welcome contributions. Not just code, but ideas too! If you have an idea for a new feature, please let us know in Discussions. If you want to get your hands dirty, see Contribution. There you can find setup instructions and a simple tutorial on how to write a BBOT module. We also have extensive Developer Documentation.

Thanks to these amazing people for contributing to BBOT! ❤️

Special thanks to:

  • @TheTechromancer for creating BBOT
  • @liquidsec for his extensive work on BBOT's web hacking features, including badsecrets and baddns
  • Steve Micallef (@smicallef) for creating Spiderfoot
  • @kerrymilan for his Neo4j and Ansible expertise
  • @domwhewell-sage for his family of badass code-looting modules
  • @aconite33 and @amiremami for their ruthless testing
  • Aleksei Kornev (@alekseiko) for allowing us ownership of the bbot Pypi repository <3