`self.timeout` unused in gowitness module

[domwhewell-sage]

Describe the bug In the gowitness module a timeout config is allowed but never used in the command. https://github.com/blacklanternsecurity/bbot/blob/stable/bbot/modules/gowitness.py#L83

def construct_command(self):
        # base executable
        command = ["gowitness"]
        # chrome path
        if self.chrome_path is not None:
            command += ["--chrome-path", str(self.chrome_path)]
        # db path
        command += ["--db-path", str(self.db_path)]
        # screenshot path
        command += ["--screenshot-path", str(self.screenshot_path)]
        # user agent
        command += ["--user-agent", f"{self.scan.useragent}"]
        # proxy
        if self.proxy:
            command += ["--proxy", str(self.proxy)]
        # resolution
        command += ["--resolution-x", str(self.resolution_x)]
        command += ["--resolution-y", str(self.resolution_y)]
        # input
        command += ["file", "-f", "-"]
        # threads
        command += ["--threads", str(self.threads)]
        return command

As httpx is raising the URL events its timeouts are inherited by this module. But it would be good if this was configurable as mentioned here

[TheTechromancer]

Nice catch, thanks for reporting. It's a good point and also I think we could be setting a timeout on the gowitness command in case it gets stuck.

[TheTechromancer]

Actually something else we could do is automatically scale the threads based on the number of CPUs. I'll see about making a quick PR.

[TheTechromancer]

Added a new timeout feature for subprocesses, and set gowitness to time out after 30 minutes. If it times out, it will log the offending URLs.

https://github.com/blacklanternsecurity/bbot/pull/1379

[TheTechromancer]

After this PR: https://github.com/blacklanternsecurity/bbot/pull/1384, gowitness will default to a thread count of 2x the number of CPU cores on the system.