Output module: neo4j, python error

[dchughes2]

Describe the bug I received a python error when trying to run bbot with the neo4j output module, example flow of what happens below: └─$ bbot -t ips.txt -f subdomain-enum email-enum cloud-enum web-basic -m nmap gowitness nuclei --allow-deadly -om neo4j
[INFO] Loaded defaults from /home/kali/.local/pipx/venvs/bbot/lib/python3.11/site-packages/bbot/defaults.yml [INFO] Loaded config from /home/kali/.config/bbot/bbot.yml [INFO] Loaded secrets from /home/kali/.config/bbot/secrets.yml [ERRR] Encountered unknown error: Traceback (most recent call last): File "/home/kali/.local/pipx/venvs/bbot/lib/python3.11/site-packages/bbot/cli.py", line 135, in _main output_modules += default_output_modules TypeError: unsupported operand type(s) for +=: 'set' and 'list'

BBOT Command bbot -t ips.txt -f subdomain-enum email-enum cloud-enum web-basic -om neo4j -m nmap gowitness nuclei --allow-deadly

OS, BBOT Installation Method + Version OS: Kali Linux, Installation method: pipx, BBOT version v1.1.0.2090

BBOT Config [INFO] Loaded defaults from /home/kali/.local/pipx/venvs/bbot/lib/python3.11/site-packages/bbot/defaults.yml [INFO] Loaded config from /home/kali/.config/bbot/bbot.yml [INFO] Loaded secrets from /home/kali/.config/bbot/secrets.yml modules: ffuf: wordlist: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-small-directories.txt lines: 5000 max_depth: 0 version: 2.0.0 extensions: '' nuclei: version: 2.9.9 tags: '' templates: '' severity: '' ratelimit: 150 concurrency: 25 mode: manual etags: '' budget: 1 directory_only: true vhost: wordlist: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt force_basehost: '' lines: 5000 azure_realm: {} secretsdb: min_confidence: 99 signatures: https://raw.githubusercontent.com/blacklanternsecurity/secrets-patterns-db/master/db/rules-stable.yml sslcert: timeout: 5.0 skip_non_ssl: true emailformat: {} telerik: exploit_RAU_crypto: false generic_ssrf: {} subdomaincenter: {} paramminer_cookies: wordlist: '' http_extract: true skip_boring_words: true bevigil: api_key: '' urls: false leakix: api_key: '' ipneighbor: num_bits: 4 git: {} url_manipulation: allow_redirects: true gowitness: version: 2.4.2 threads: 4 timeout: 10 resolution_x: 1440 resolution_y: 900 output_path: '' crt: {} securitytrails: api_key: '' subdomain_hijack: fingerprints: https://raw.githubusercontent.com/EdOverflow/can-i-take-over-xyz/master/fingerprints.json wafw00f: generic_detect: true httpx: threads: 50 in_scope_only: true version: 1.2.5 max_response_size: 5242880 ffuf_shortnames: wordlist: '' wordlist_extensions: '' lines: 1000000 max_depth: 1 version: 2.0.0 extensions: '' ignore_redirects: true find_common_prefixes: false find_delimeters: true myssl: {} viewdns: {} censys: api_id: '' api_secret: '' max_pages: 5 robots: include_sitemap: false include_allow: true include_disallow: true riddler: {} bucket_azure: permutations: false crobat: {} columbus: {} badsecrets: {} wayback: urls: false garbage_threshold: 10 rapiddns: {} sitedossier: {} oauth: try_all: false bucket_aws: permutations: false skymem: {} hackertarget: {} iis_shortnames: detect_only: true max_node_count: 30 github: api_key: '' nmap: ports: '' top_ports: 100 timing: T4 skip_host_discovery: true passivetotal: username: '' api_key: '' urlscan: urls: false bucket_gcp: permutations: false hunt: {} sublist3r: {} virustotal: api_key: '' dnsdumpster: {} fingerprintx: version: 1.1.4 builtwith: api_key: '' redirects: true binaryedge: api_key: '' max_records: 1000 bypass403: {} ipstack: api_key: '' host_header: {} masscan: ports: 80,443 rate: 600 wait: 10 ping_first: false use_cache: false pgp: search_urls:

• https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=vindex&search=
• http://the.earth.li:11371/pks/lookup?fingerprint=on&op=vindex&search= dnscommonsrv: {} certspotter: {} fullhunt: api_key: '' paramminer_headers: wordlist: '' http_extract: true skip_boring_words: true bucket_firebase: permutations: false massdns: wordlist: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt max_resolvers: 1000 max_mutations: 500 paramminer_getparams: wordlist: '' http_extract: true skip_boring_words: true zoomeye: api_key: '' max_pages: 20 include_related: false hunterio: api_key: '' azure_tenant: {} nsec: {} anubisdb: {} wappalyzer: {} smuggler: {} threatminer: {} shodan_dns: api_key: '' digitorus: {} social: {} otx: {} c99: api_key: '' dnszonetransfer: timeout: 10 ntlm: try_all: false bucket_digitalocean: permutations: false asn: {} affiliates: {} output_modules: http: url: '' method: POST bearer: '' username: '' password: '' timeout: 10 asset_inventory: output_file: '' use_previous: false summary_netmask: 16 json: output_file: '' console: false human: output_file: '' console: true web_report: output_file: '' css_theme_file: https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/5.1.0/github-markdown.min.css neo4j: uri: bolt://localhost:7687 username: neo4j password: bbotislife csv: output_file: '' subdomains: output_file: '' include_unresolved: false websocket: url: '' token: '' python: {} internal_modules: excavate: {} speculate: max_hosts: 65536 ports: 80,443 aggregate: {} home: /home/kali/.bbot scope_report_distance: 0 dns_resolution: true max_threads: 25 dns_queries_per_second: 1000 web_requests_per_second: 100 status_frequency: 15 http_proxy: null user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 web_spider_distance: 0 web_spider_depth: 1 web_spider_links_per_page: 25 scope_search_distance: 0 scope_dns_search_distance: 2 dns_resolve_distance: 5 speculate: true excavate: true aggregate: true http_timeout: 10 httpx_timeout: 5 http_headers: {} http_retries: 1 httpx_retries: 1 http_debug: false http_max_redirects: 5 dns_timeout: 5 dns_retries: 1 dns_wildcard_ignore: [] dns_wildcard_tests: 10 dns_abort_threshold: 10 dns_filter_ptrs: true dns_debug: false ssl_verify: false keep_scans: 20 url_extension_blacklist:
  • png
  • jpg
  • bmp
  • ico
  • jpeg
  • gif
  • svg
  • css
  • woff
  • woff2
  • ttf
  • mp3
  • m4a
  • wav
  • flac
  • mp4
  • mkv
  • avi
  • wmv
  • mov
  • flv
  • webm url_extension_httpx_only:
  • js omit_event_types:
  • HTTP_RESPONSE
  • URL_UNVERIFIED
  • DNS_NAME_UNRESOLVED agent_url: '' agent_token: '' interactsh_server: null interactsh_token: null interactsh_disable: false dns_omit_queries:
  • SRV:mail.protection.outlook.com
  • CNAME:mail.protection.outlook.com
  • TXT:mail.protection.outlook.com

Logs If possible, produce the bug while --debug is enabled, and attach the relevant parts of ~/.bbot/logs/bbot.debug.log 2023-08-09 12:36:09,793 [DEBUG] asyncio selector_events.py:54 Using selector: EpollSelector 2023-08-09 12:36:09,795 [VERBOSE] bbot.cli logger.py:90 Command: /home/kali/.local/bin/bbot -t ips.txt -f subdomain-enum email-enum cloud-enum web-basic -om neo4j -m nmap gowitness nuclei --allow-deadly --debug

[TheTechromancer]

Thanks for reporting. The fix for this is already in dev and should make it into stable today.

Commit: https://github.com/blacklanternsecurity/bbot/commit/49f85abe0dedaa586595430cd71d5eb3d2a91f9a