Closed domwhewell-sage closed 2 months ago
It seems like somewhere in your target list there's a host of github.com.
This was the target list https://gist.github.com/domwhewell-sage/f198f395e0cf07b29528a99ad210f9b0, I was wondering if its pulled github.com out from a URL
and speculate has used that as a ORG_STUB
.
I cant remember if the scope_distance_modifier = 2
is relevant in these modules. Maybe thats the cause
Ah I think this is the culprit
CODE_REPOSITORY is inheriting a scope distance of 0 and speculate is turning it into a URL.
So... The real cause of this bug is that we set all targets' scope distance to 0 when the scan starts.
The fix for this is awkward because in BBOT 2.0, targets aren't blindly marked as in-scope anymore; so target ORGs become distance-1
, which solves this issue.
I'm not sure what to do here since if we pushed a fix, we'd need to remember to unfix it when we merge 2.0.
Describe the bug When running the dockerhub module using
org:sage
as a target, github gets raised as an in-scope orgExpected behavior Only in scope orgs should be accepted
BBOT Command
bbot -t github-orgs.txt -m github_org, git_clone, dockerhub, docker_pull, trufflehog -om teams -y --name sage --debug
OS, BBOT Installation Method + Version 1.1.7.3277rc0
BBOT Config Attach your BBOT config (
bbot --current-config
).Logs I think these are the relevant parts of the log
https://gist.github.com/domwhewell-sage/495184d7136670b51da33731aeb2430a