blacklanternsecurity / bbot

A recursive internet scanner for hackers. 🧡
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
7.08k stars 537 forks source link

Integrating with additional scanners #1682

Open joostgrunwald opened 3 months ago

joostgrunwald commented 3 months ago

Description Hey there, love this tool, I have some ideas/additions which I would build myself if I only had the time.... :

TheTechromancer commented 3 months ago

Hey @joostgrunwald thanks for these observations.

The Nuclei tool is ran with default setting of stopping a scan of a target after its unreachable for 30 requests

It wouldn't be hard to make -max-host-error configurable for the BBOT nuclei module. We're already passing through several options like concurrency, ratelimit, etc.

same functionality as premium wpscan with nuclei for free

Wow interesting. I'm curious to test that out. @TheFunky1Markimark @domwhewell-sage

some internetdb vulnerabilities are verified

If there's a way to programatically pull an updated list of these without an API key, that would be a good feature to add.

retirejs would be a great addition for javascript vulnerabilities

https://github.com/blacklanternsecurity/bbot/discussions/1684

joostgrunwald commented 3 months ago

“If there's a way to programatically pull an updated list of these without an API key, that would be a good feature to add” they have been static for around a year, only thing I can think of is hardcoding them.

some more ideas:

Just some ideas from my personal experience, feel free to throw some away. If I have an intern in the future, could it be good option to send him/her your way to help with development?

TheTechromancer commented 3 months ago

wappalyzer works way better in browser

This is true. The python wappalyzer library is pretty out-of-date, too. The current plan is to retire gowitness in favor of a native chromium+devtools implementation, which hopefully will let us use the web extension.

Nuclei has tech detect fingerprints

BBOT's nuclei module will already raise these as TECHNOLOGY events.

password checking

We are looking for someone to write this module. Legba looks like it could be a good alternative to hydra.

dns records and live subdomains

BBOT does not emit unresolved subdomains (unless you tell it to). If you're looking for subdomains with actual web servers, the event type you want is URL.

paraminer for the win

We have dedicated paramminer modules for cookies, get params, and headers.

spf, dkim, dmarc dns-sec

@colin-stubbs is working on this.

help with development

We have no shortage of ideas, but only a few contributors. Help with these new features would speed them up considerably, since most of my time is spent maintaining the core scanner. It's always appreciated!

joostgrunwald commented 3 months ago

This is true. The python wappalyzer library is pretty out-of-date, too. The current plan is to retire gowitness in favor of a https://github.com/blacklanternsecurity/bbot/discussions/698, which hopefully will let us use the web extension. Wonderfull idea, maybe smart to keep that in consideration for your retirejs implementation as well, as you can fix that in the same way then.

We have dedicated paramminer modules for cookies, get params, and headers. Yes I know that, but you could fuzz the parameters you find with the nuclei fuzzing templates automatically.

We have no shortage of ideas, but only a few contributors. Help with these new features would speed them up considerably, since most of my time is spent maintaining the core scanner. It's always appreciated! - That is really nice, I will get back to this

TheTechromancer commented 3 months ago

fuzz the parameters you find with the nuclei

Ah I see, that's really interesting.

@liquidsec have you seen these? They might be a goldmine for lightfuzz.