dockerhub not accepting `org:` from targets

blacklanternsecurity / bbot

A recursive internet scanner for hackers.

https://www.blacklanternsecurity.com/bbot/

GNU General Public License v3.0

4.59k stars 415 forks source link

dockerhub not accepting `org:` from targets #1347

Closed domwhewell-sage closed 4 months ago

domwhewell-sage commented 5 months ago

Describe the bug Starting the scan by specifying specific orgs in targets. Some do not get accepted by dockerhub as they are not in the whitelist?

Expected behavior All orgs specified by org: get scanned

Logs

2024-05-03 07:24:06,363 [DEBUG] bbot.modules.dockerhub base.py:1214 Not accepting ORG_STUB("sageailabs", module=TARGET, tags={'target', 'in-scope'}) because it is not in whitelist and module has active flag

TheTechromancer commented 5 months ago

Hmm, that's kind of an annoying filter. It was designed to prevent active modules from scanning out-of-scope things. I'll revisit it in BBOT 2.0 and see if we really need it. In the meantime we should change dockerhub to passive. Since it's talking only to docker's infrastructure and not the target itself, I think it qualifies as passive. What do you think?

EDIT: we should probably also write a test for this

domwhewell-sage commented 5 months ago

Yep that sounds good I will open a PR for it when I'm free

domwhewell-sage commented 4 months ago

This is fixed in version 1.1.7.3285rc0