[Feature request] Include tags in bbrf show - Githubissues

honoki / bbrf-client

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

MIT License

613 stars 90 forks source link

[Feature request] Include tags in bbrf show #49

Closed pdelteil closed 3 years ago

pdelteil commented 3 years ago

A common task for me is to discover where a subdomain/url is coming from (program + platform) it would be super useful to have something like this:

> bbrf show domain.example -t 

{"_id":"domain.example","_rev":"2-f0XXXX4226734cf9da7002e6","ips":["91.199.XX.XX"],"program":"Program","type":"domain","source":"subfinder", "tags": "key:value" }

Thanks!

honoki commented 3 years ago

How does this differ from doing just bbrf show sub.domain.com?

Edit – I didn't read the title before. The show command will return all tags attached to a document. Pipe to jq .tags to find them easily.

pdelteil commented 3 years ago

In fact I found a work around


> a=$(bbrf show a.test.com |jq '.program'|sed 's/"//g');  bbrf show "$a" | jq '.tags'

{
  "platform": "bugcrowd"
}

``

Directly from the subdomain retrieve the tags of the program.

pdelteil commented 3 years ago

How does this differ from doing just bbrf show sub.domain.com?

Edit – I didn't read the title before. The show command will return all tags attached to a document. Pipe to jq .tags to find them easily.

I think I proposed the wrong syntax.

It should be something like

bbrf show domain.example -p

Would show the properties of the program and not the domain's.

honoki commented 3 years ago

I see what you mean. I don't have plans to support that at the level of BBRF, so I think your one-liner should do the trick.

Note that you can also use jq -r to get the value without quotes, so you don't have to use sed