TheTechromancer
commented
1 year ago Thanks for your questions. I will work on documenting these.
Closed SkyperTHC closed 1 year ago
TheTechromancer
commented
1 year ago Thanks for your questions. I will work on documenting these.
TheTechromancer
commented
1 year ago @SkyperTHC BBOT now has official documentation.
To answer your specific questions:
Does -f active also load all modules that support the active-flag or does -f active only use those modules that have the 'active' flag and that were specified with -m?
-f active enables all modules with the active flag. To list these, you can do bbot -f active -l. You can also do advanced filtering.
What module are loaded by default? Only the ones marked as 'internal' in bbot -l?
Correct. Internal modules perform essential common-sense tasks and are enabled by default. You can disable them via the config.
Is there an explanation for all the flags (-f)?
You can see a description of all the flags with bbot -lf. Also see: https://www.blacklanternsecurity.com/bbot/scanning/#flags-f
What does --install-all-deps do and why does it matter? When would somebody executed bbot --install-all-deps? I made two fresh ubuntu installs. Once i used bbot without --install-all-deps and then a second time after running --install-all-deps. The two scan produced the same results.
This will pre-download nmap, gowitness, and other external module dependencies. It's useful if you're prepping a pentest box and want to get everything downloaded ahead of time. See: https://www.blacklanternsecurity.com/bbot/scanning/#dependencies
What is the default 'distance'? (web_spider_distance=2?)
In the case of BBOT's web spider, web_spider_distance is the max number of links that are allowed to be followed in a row. This works in conjuction with web_spider_depth to ensure the spider doesn't go absolutely bonkers. https://www.blacklanternsecurity.com/bbot/scanning/#scope-distance
You'll see the concept of "distance" used a lot, and that's because Scope Distance is how BBOT stays in-scope and keeps itself from spidering too far out.
Is there a dependency between modules so that loading one module with -m automatically also loads another module? If so where can I find out about the depedencies?
Yes. For example, if you enable wappalyzer, BBOT is smart enough to know you also need httpx, and will enable it for you. If you enable -v you will see a message like this:
[VERB] Enabling httpx because 1 modules (wappalyzer) rely on it for HTTP_RESPONSEIf there are multiple modules that produce that type of event, you'll instead get a warning:
[WARN] 1 modules (ntlm) rely on URL but no enabled module produces it
[WARN] Recommend enabling one or more of the following modules which produce URL:
[WARN] - gowitness
[WARN] - httpxIt seems that (cd ~/.bbot/tools ; git clone https://github.com/projectdiscovery/nuclei-templates) is recommended but it is not documented why or if bbot otherwise uses the default location for nuclei templates?
BBOT's nuclei module automatically updates templates; there is no need to do this manually.
Great tool. Thank you for your hard work.
I struggle to figure out some details.
-f activealso load all modules that support the active-flag or does-f activeonly use those modules that have the 'active' flag and that were specified with-m?bbot -l?-f)?--install-all-depsdo and why does it matter? When would somebody executedbbot --install-all-deps? I made two fresh ubuntu installs. Once i used bbot without--install-all-depsand then a second time after running--install-all-deps. The two scan produced the same results.web_spider_distance=2?)-mautomatically also loads another module? If so where can I find out about the depedencies?(cd ~/.bbot/tools ; git clone https://github.com/projectdiscovery/nuclei-templates)is recommended but it is not documented why or if bbot otherwise uses the default location for nuclei templates?thanks for helping,
p.s the neo4j is pretty.