blacklanternsecurity / bbot

A recursive internet scanner for hackers.
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
4.67k stars 422 forks source link

Sublist3r API Link Not Works #1588

Closed Sh4d0wHunt3rX closed 3 months ago

Sh4d0wHunt3rX commented 3 months ago

It seems the api link not works anymore. Also sublist3r.com redirects to https://www.gearbest.ma/

2024-07-25 21:19:08,495 [TRACE] bbot.core.helpers.web.engine engine.py:230 SSL error with request to URL: https://api.sublist3r.com/search.php?domain=tesla.com: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:1007)
TheTechromancer commented 3 months ago

The API has been down for more than a year now. The module can probably be deleted.

Sh4d0wHunt3rX commented 3 months ago

@TheTechromancer All of these modules produced 0 events:

crobat riddler threatminer viewdns digitorus

It seems they are not working either.

TheTechromancer commented 3 months ago

Thanks for your testing @amiremami. I don't have time right now to investigate these, but hopefully I will have time after DEFCON. In the meantime if you feel like investigating them yourself, that would be a big help.

Sh4d0wHunt3rX commented 3 months ago

I investigated them a bit.

crobat: In the code written: "# tag "subdomain-enum" removed 2023-02-24 because API is offline"

riddler: https://riddler.io [api offline]

threatminer: https://api.threatminer.org/v2/domain.php?q=tesla&rt=5 [api offline]

digitorus: This seems working, but didn't produce anything in my dell.com scan

viewdns: As far as I understood, this code is responsible to do reverse whois lookup. So it get dell.com and do reverse whois, all of the results are scope distance 1 and not related to our dell.com target. I guess this module works but not sure in which scenario can be useful.

TheTechromancer commented 3 months ago

Thanks for looking into those. riddler, sublist3r, and threatminer can all be deleted. As for viewdns, that is mainly for finding affiliates. It works by searching for domains with contact email addresses that match your target domain.

You wanna make a PR to delete those modules? Basically for each module it would just be its main file (e.g. modules/crobat.py) and its test (test/test_step_1/test_module_crobat.py).

Sh4d0wHunt3rX commented 3 months ago

Fixed in #1591.