search

blacklanternsecurity / bbot

A recursive internet scanner for hackers.
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
4.64k stars 419 forks source link

Bug with RAW_DNS_RECORD discovery_path #1594

Closed TheTechromancer closed 2 months ago

TheTechromancer commented 2 months ago 
{"type": "RAW_DNS_RECORD", "id": "RAW_DNS_RECORD:78f971682ee9ef651f9740456466e53ed8da3ba1", "data": {"host": "ind.dell.com", "type": "MX", "answer": "10 dmx1.bfi0.com."}, "host": "ind.dell.com", "resolved_hosts": ["208.70.143.18"], "dns_children": {"A": ["208.70.143.18"], "MX": ["dmx1.bfi0.com"], "TXT": ["dmx1.bfi0.com", "spf2.0", "bfi0.com"]}, "scan": "SCAN:5ba8f0947209a7f8e2362774209cefc59b650ea9", "timestamp": 1721859008.039669, "parent": "RAW_DNS_RECORD:b177e9c1d7c9f90025a25ab10aa9dc8581c7ddbb", "tags": ["in-scope", "mx-record"], "discovery_context": "MX lookup on ind.dell.com produced RAW_DNS_RECORD", "discovery_path": ["Scan 2024-07-24_06-52-07 seeded with DNS_NAME: dell.com", "rapiddns searched rapiddns API for \"dell.com\" and found DNS_NAME: ind.dell.com", "TXT lookup on ind.dell.com produced RAW_DNS_RECORD", "TXT lookup on ind.dell.com produced RAW_DNS_RECORD", "TXT lookup on ind.dell.com produced RAW_DNS_RECORD", "TXT lookup on ind.dell.com produced RAW_DNS_RECORD", "TXT lookup on ind.dell.com produced RAW_DNS_RECORD", "TXT lookup on ind.dell.com produced RAW_DNS_RECORD", "MX lookup on ind.dell.com produced RAW_DNS_RECORD"]}

Discovered by @amiremami

TheTechromancer commented 2 months ago

@amiremami I'm having a hard time replicating this one. Can you share your command?

Sh4d0wHunt3rX commented 2 months ago

Sure, I can also share my output.json if you need, 1.36 GB

{"type": "SCAN", "id": "SCAN:5ba8f0947209a7f8e2362774209cefc59b650ea9", "scope_description": "in-scope", "data": {"id": "SCAN:5ba8f0947209a7f8e2362774209cefc59b650ea9", "name": "2024-07-24_06-52-07", "target": {"seeds": ["dell.com", "delltechnologies.com"], "whitelist": ["dell.com", "delltechnologies.com"], "blacklist": [], "strict_scope": false, "hash": "8d3b89af39d84802582af17500463d527857ba95", "seed_hash": "dd80a36d545d94749634a9dce7ec6050ccc3381b", "whitelist_hash": "dd80a36d545d94749634a9dce7ec6050ccc3381b", "blacklist_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "scope_hash": "deae9218a3ef26485032e1d739c5b3633af5b3be"}, "preset": {"config": {"dns": {"brute_threads": 5000}, "web_spider_distance": 1, "web_spider_depth": 2, "web_spider_links_per_page": 10, "modules": {"gowitness": {"resolution_x": 720, "resolution_y": 450}, "portscan": {"ports": "80,23,443,21,22,25,3389,110,445,139,143,53,135,3306,8080,1723,111,995,993,5900,1025,587,8888,199,1720,465,548,113,81,6001,10000,514,5060,179,1026,2000,8443,8000,32768,554,26,1433,49152,2001,515,8008,49154,1027,5666,646,5000,5631,631,49153,8081,2049,88,79,5800,106,2121,1110,49155,6000,513,990,5357,427,49156,543,544,5101,144,7,389,8009,3128,444,9999,5009,7070,5190,3000,5432,1900,3986,13,1029,9,5051,6646,49157,1028,873,1755,2717,4899,9100,119,37,8880,2052,2082,2086,2095,2053,2083,2087,2096,10443"}, "filedownload": {"extensions": ["bak", "bash", "bashrc", "conf", "cfg", "crt", "csv", "db", "sqlite", "doc", "docx", "exe", "ica", "indd", "ini", "jar", "key", "pub", "log", "markdown", "md", "msi", "odg", "odp", "ods", "odt", "pdf", "pem", "pps", "ppsx", "ppt", "pptx", "ps1", "raw", "rdp", "sh", "sql", "swp", "sxw", "tar", "tar.gz", "zip", "txt", "vbs", "wpd", "xls", "xlsx", "xml", "yml", "yaml", "js", "mjs", "jsx", "ts", "vue", "coffee", "json", "js.php", "js.erb", "map", "bundle.js", "cjs"]}, "nuclei": {"templates": "/root/.bbot/tools/nuclei-templates/headless/postmessage-tracker.yaml,/root/.bbot/tools/nuclei-templates/headless/postmessage-outgoing-tracker.yaml,/root/.bbot/tools/nuclei-templates/http/misconfiguration/wildcard-postmessage.yaml,/root/server-setup/dom-invader-xss.yaml,/root/.bbot/tools/nuclei-templates/http/miscellaneous/xml-schema-detect.yaml,/root/.bbot/tools/nuclei-templates/http/miscellaneous/cloudflare-rocketloader-htmli.yaml", "silent": true}, "c99": {}, "chaos": {}, "hunterio": {}, "virustotal": {}, "leakix": {}, "securitytrails": {}, "builtwith": {}, "wpscan": {}, "github_org": {}, "zoomeye": {}, "bevigil": {}, "binaryedge": {}, "shodan_dns": {}, "github_codesearch": {}, "baddns": {"only_high_confidence": true}}, "omit_event_types": ["DNS_NAME_UNRESOLVED", "URL_UNVERIFIED"], "url_extension_httpx_only": [], "url_querystring_remove": false}, "modules": ["affiliates", "ajaxpro", "anubisdb", "asn", "baddns", "baddns_zone", "badsecrets", "bevigil", "binaryedge", "builtwith", "c99", "censys", "certspotter", "chaos", "columbus", "crobat", "crt", "dastardly", "digitorus", "dnsbrute", "dnsbrute_mutations", "dnscaa", "dnscommonsrv", "dnsdumpster", "filedownload", "fingerprintx", "fullhunt", "git", "github_codesearch", "gowitness", "hackertarget", "host_header", "httpx", "hunt", "iis_shortnames", "internetdb", "ipneighbor", "leakix", "myssl", "ntlm", "nuclei", "oauth", "otx", "paramminer_headers", "passivetotal", "portscan", "postman", "rapiddns", "riddler", "robots", "secretsdb", "securitytrails", "shodan_dns", "sitedossier", "smuggler", "sslcert", "subdomaincenter", "sublist3r", "telerik", "threatminer", "trufflehog", "url_manipulation", "urlscan", "vhost", "viewdns", "virustotal", "wafw00f", "wappalyzer", "wayback", "wpscan", "zoomeye"], "output_modules": ["asset_inventory", "csv", "json", "python", "stdout", "subdomains", "txt"], "scan_name": "2024-07-24_06-52-07", "output_dir": "/root/.bbot/scans/Dell"}}, "web_spider_distance": 0, "scope_distance": 0, "scan": "SCAN:5ba8f0947209a7f8e2362774209cefc59b650ea9", "timestamp": 1721789535.395805, "parent": "SCAN:5ba8f0947209a7f8e2362774209cefc59b650ea9", "tags": ["in-scope", "target"], "module": "TARGET", "module_sequence": "TARGET", "discovery_context": "Scan 2024-07-24_06-52-07 started at 2024-07-24 04:52:15.395805", "discovery_path": []}
2024-07-24 06:52:15,380 [TRACE] bbot.scanner scanner.py:1071 Ran BBOT v2.0.0.4272rc at 2024-07-24 06:52:15.379378, command: /root/.local/bin/bbot -t /root/.bbot/scans/Dell/project-settings/Dell-whitelists.txt -m affiliates anubisdb asn baddns baddns_zone badsecrets bevigil binaryedge builtwith c99 censys certspotter chaos columbus crobat crt dnscaa digitorus dnscommonsrv dnsdumpster filedownload fingerprintx fullhunt git github_codesearch gowitness hackertarget httpx internetdb ipneighbor leakix dnsbrute dnsbrute_mutations myssl portscan oauth otx passivetotal postman rapiddns riddler robots securitytrails secretsdb shodan_dns sitedossier sslcert subdomaincenter sublist3r threatminer urlscan viewdns virustotal wafw00f wappalyzer wayback zoomeye hunt paramminer_headers dastardly nuclei vhost wpscan ajaxpro host_header iis_shortnames ntlm smuggler telerik url_manipulation trufflehog -om asset_inventory subdomains -c omit_event_types=[DNS_NAME_UNRESOLVED,URL_UNVERIFIED] url_extension_httpx_only=[] url_querystring_remove=false modules.baddns.only_high_confidence=true -y --allow-deadly --blacklist /root/.bbot/scans/Dell/project-settings/Dell-blacklists.txt -o /root/.bbot/scans/Dell -n 2024-07-24_06-52-07
TheTechromancer commented 2 months ago

Fixed in https://github.com/blacklanternsecurity/bbot/pull/1603.