Closed DeathHacks closed 11 months ago
Thanks for the report. This is a common issue. Usually it's due to one of two causes:
modules:
module_name:
key: value
Can you verify on both these fronts and let me know if it's still giving you trouble?
I knew it would be stupidity on my end. fml.
Thanks for the swift response. I really appreciate it.
Describe the bug What happened?
API Keys are loading from secrets.yml. Items have been added, testing with and without ''
Expected behavior What was supposed to happen? API keys would be picked up allowing for modules needing keys to run
BBOT Command Example:
bbot -m httpx -t evilcorp.com
bbot -t example.com -f subdomain-enumOS, BBOT Installation Method + Version pipx install PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" VERSION_ID="2023.2" VERSION="2023.2" VERSION_CODENAME=kali-rolling ID=kali ID_LIKE=debian HOME_URL="https://www.kali.org/" SUPPORT_URL="https://forums.kali.org/" BUG_REPORT_URL="https://bugs.kali.org/" ANSI_COLOR="1;31"
BBOT Config └─$ bbot --current-config
[INFO] Loaded defaults from /home/kali/.local/lib/python3.11/site-packages/bbot/defaults.yml [INFO] Loaded config from /home/kali/.config/bbot/bbot.yml [INFO] Loaded secrets from /home/kali/.config/bbot/secrets.yml modules: vhost: wordlist: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt force_basehost: '' lines: 5000 ffuf: wordlist: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-small-directories.txt lines: 5000 max_depth: 0 version: 2.0.0 extensions: '' nuclei: version: 2.9.15 tags: '' templates: '' severity: '' ratelimit: 150 concurrency: 25 mode: manual etags: '' budget: 1 directory_only: true retries: 0 batch_size: 200 robots: include_sitemap: false include_allow: true include_disallow: true urlscan: urls: false bevigil: api_key: '' urls: false nmap: ports: '' top_ports: 100 timing: T4 skip_host_discovery: true virustotal: api_key: '' ipneighbor: num_bits: 4 hackertarget: {} github: api_key: '' leakix: api_key: '' bucket_digitalocean: permutations: false crobat: {} subdomain_hijack: fingerprints: https://raw.githubusercontent.com/EdOverflow/can-i-take-over-xyz/master/fingerprints.json bucket_aws: permutations: false columbus: {} bypass403: {} url_manipulation: allow_redirects: true threatminer: {} emailformat: {} fullhunt: api_key: '' azure_tenant: {} viewdns: {} ntlm: try_all: false builtwith: api_key: '' redirects: true chaos: api_key: '' binaryedge: api_key: '' max_records: 1000 git: {} certspotter: {} skymem: {} secretsdb: min_confidence: 99 signatures: https://raw.githubusercontent.com/blacklanternsecurity/secrets-patterns-db/master/db/rules-stable.yml azure_realm: {} bucket_gcp: permutations: false fingerprintx: version: 1.1.4 smuggler: {} dnscommonsrv: {} passivetotal: username: '' api_key: '' credshed: username: '' password: '' credshed_url: '' generic_ssrf: {} paramminer_headers: wordlist: '' http_extract: true skip_boring_words: true dehashed: username: '' api_key: '' bucket_azure: permutations: false httpx: threads: 50 in_scope_only: true version: 1.2.5 max_response_size: 5242880 sslcert: timeout: 5.0 skip_non_ssl: true wayback: urls: false garbage_threshold: 10 anubisdb: {} telerik: exploit_RAU_crypto: false rapiddns: {} paramminer_getparams: wordlist: '' http_extract: true skip_boring_words: true pgp: search_urls:
Logs [INFO] Loaded defaults from /home/kali/.local/lib/python3.11/site-packages/bbot/defaults.yml [INFO] Loaded config from /home/kali/.config/bbot/bbot.yml [INFO] Loaded secrets from /home/kali/.config/bbot/secrets.yml [DBUG] Using selector: EpollSelector [VERB] Command: /home/kali/.local/bin/bbot -t example.com -f subdomain-enum --dry-run --debug [VERB] Enabling urlscan because it has flag "subdomain-enum" [VERB] Enabling bevigil because it has flag "subdomain-enum" [VERB] Enabling virustotal because it has flag "subdomain-enum" [VERB] Enabling ipneighbor because it has flag "subdomain-enum" [VERB] Enabling hackertarget because it has flag "subdomain-enum" [VERB] Enabling github because it has flag "subdomain-enum" [VERB] Enabling leakix because it has flag "subdomain-enum" [VERB] Enabling subdomain_hijack because it has flag "subdomain-enum" [VERB] Enabling columbus because it has flag "subdomain-enum" [VERB] Enabling threatminer because it has flag "subdomain-enum" [VERB] Enabling fullhunt because it has flag "subdomain-enum" [VERB] Enabling azure_tenant because it has flag "subdomain-enum" [VERB] Enabling builtwith because it has flag "subdomain-enum" [VERB] Enabling chaos because it has flag "subdomain-enum" [VERB] Enabling binaryedge because it has flag "subdomain-enum" [VERB] Enabling certspotter because it has flag "subdomain-enum" [VERB] Enabling azure_realm because it has flag "subdomain-enum" [VERB] Enabling dnscommonsrv because it has flag "subdomain-enum" [VERB] Enabling passivetotal because it has flag "subdomain-enum" [VERB] Enabling httpx because it has flag "subdomain-enum" [VERB] Enabling sslcert because it has flag "subdomain-enum" [VERB] Enabling wayback because it has flag "subdomain-enum" [VERB] Enabling anubisdb because it has flag "subdomain-enum" [VERB] Enabling rapiddns because it has flag "subdomain-enum" [VERB] Enabling securitytrails because it has flag "subdomain-enum" [VERB] Enabling otx because it has flag "subdomain-enum" [VERB] Enabling massdns because it has flag "subdomain-enum" [VERB] Enabling zoomeye because it has flag "subdomain-enum" [VERB] Enabling subdomaincenter because it has flag "subdomain-enum" [VERB] Enabling sitedossier because it has flag "subdomain-enum" [VERB] Enabling oauth because it has flag "subdomain-enum" [VERB] Enabling shodan_dns because it has flag "subdomain-enum" [VERB] Enabling hunterio because it has flag "subdomain-enum" [VERB] Enabling dnszonetransfer because it has flag "subdomain-enum" [VERB] Enabling dnsdumpster because it has flag "subdomain-enum" [VERB] Enabling crt because it has flag "subdomain-enum" [VERB] Enabling censys because it has flag "subdomain-enum" [VERB] Enabling c99 because it has flag "subdomain-enum" [VERB] Enabling digitorus because it has flag "subdomain-enum" [VERB] Enabling riddler because it has flag "subdomain-enum" [VERB] Enabling nsec because it has flag "subdomain-enum" [VERB] Enabling myssl because it has flag "subdomain-enum" [VERB] Enabling asn because it has flag "subdomain-enum" [VERB] Enabling subdomains because it has flag "subdomain-enum" [VERB] Creating events from 1 targets [DBUG] Autodetected event type "DNS_NAME" based on data: "example.com"