search

honoki / bbrf-client

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
MIT License
613 stars 90 forks source link

Cann't add domain name same as program name #52

Closed xqd-ai closed 3 years ago

xqd-ai commented 3 years ago

Hi, I usually create programs with the parent org's domain name for example 

bbrf new yahoo.com
bbrf inscope add 'yahoo.com' -p yahoo.com
bbrf domain add yahoo.com -p yahoo.com

The last step always fails without error output in debug mode, is there a way around it, other than to rename all my program names? Thanks!

debug output: 

┌──(root💀kali)-[~]
└─# bbrf domain add yahoo.com -p yahoo.com                                                                                                                                                   1 ⨯
[DEBUG] getting program scope
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): IP:PORT
DEBUG:urllib3.connectionpool:http://IP:PORT "GET /bbrf/yahoo.com HTTP/1.1" 200 3167
[DEBUG] getting program blacklist
[DEBUG] adding documents in bulk
DEBUG:urllib3.connectionpool:http://IP:PORT "POST /bbrf/_bulk_docs HTTP/1.1" 201 77

┌──(root💀kali)-[~]
└─# bbrf domains -p yahoo.com|egrep '^yahoo.com'
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): IP:PORT
DEBUG:urllib3.connectionpool:http://IP:PORT "GET /bbrf/_design/bbrf/_view/domains?reduce=false&key=%22yahoo.com%22 HTTP/1.1" 200 None
honoki commented 3 years ago

Hi @xqd-ai - yeah, this is a side effect of how I designed how identifiers are used in the underlying CouchDB. All identifiers have to be unique, and both program names and domains are used as identifiers.

As a result, you cannot both have a program named yahoo.com and a domain yahoo.com. I realize this is annoying, and I'll think about a way to avoid this from occurring, but the only real solution now is to create a new program yahoo instead.

xqd-ai commented 3 years ago

Thanks @honoki, I will try to do that at least on newly created programs,

honoki commented 3 years ago

I've decided to issue the following warning when BBRF notices a program name looks like a domain:

[WARNING] You are adding a program name that looks like a domain name, which is discouraged. You will now not be able to add the domain example.com to your database

This should give the user an opportunity to choose another program name before starting to populate the dataset.