search

honoki / bbrf-client

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
MIT License
613 stars 90 forks source link

Docopt "arguments=" option not understanding arguments like sys.argv does #67

Open ElSicarius opened 3 years ago

ElSicarius commented 3 years ago

Hi, While using BBRF client directly from the python package I came across an issue:

I tried the following code:

from bbrf import BBRFClient as bbrf

conf = {
    "username": "*********",
    "password": "*********",
    "couchdb": "https://**.**.**.**/bbrf",
    "discord_webhook": "<snip>",
    "ignore_ssl_errors": True
}
# no problems
bbrf("new test")
bbrf("inscope add *.example.com", conf).run()

url = "https://example.com"
status = 200
content_length = 2000
title = "Cool_Title"

commandline = f"""url add -p test "{url} {status} {content_length}" -t title:{title}"""
bbrf(commandline, conf).run()

Stacktrace:

Illegal hostname: "https
Illegal hostname: 200
Illegal hostname: 2000"

My understanding:

When passed to docopt directly line 76;bbrf.py:

self.arguments = docopt(__doc__, argv=arguments, version=VERSION)

Docopt parses the full str ignoring the quotes (").

The main problem is that a url should be processed like a sys.argv before giving it to docopt.

My workaround:

I'm using shlex to do the work of parsing the input parameters, and then i'm giving to docopt a list of arguments:

from bbrf import BBRFClient as bbrf

import shlex

conf = {
    "username": "*********",
    "password": "*********",
    "couchdb": "https://**.**.**.**/bbrf",
    "discord_webhook": "<snip>",
    "ignore_ssl_errors": True
}
# no problems
bbrf("new test")
bbrf("inscope add *.example.com", conf).run()

url = "https://example.com"
status = 200
content_length = 2000
title = "Cool_Title"

commandline = f"""url add -p test "{url} {status} {content_length}" -t title:{title}"""
bbrf_safe_command = shlex.split(commandline)
# bbrf_safe_command = ['url', 'add', '-p', 'test', 'https://example.com 200 2000', '-t', 'title:Cool_title']
# Works fine
bbrf(commandline, conf).run()

Thanks for this awesome tool !

Have a nice day

ElSicarius commented 3 years ago

In addition, here are the arguments parsed by docopt showing the problem:

[___] BBRF internal, arguments of type <class 'str'> : url add -p test "https://example.com 200 2000" -t title:Cool_title
{'-': False,
 '--all': False,
 '--append-tags': False,
 '--filter-cdns': False,
 '--show-disabled': False,
 '--show-empty-scope': False,
 '--show-new': False,
 '--top': False,
 '--view': False,
 '--wildcard': False,
 '--with-query': False,
 '-d': None,
 '-p': 'test',
 '-s': None,
 '-t': ['title:Cool_title'],
 '-y': False,
 '<agent>': [],
 '<document>': [],
 '<domain>': [],
 '<element>': [],
 '<ip>': [],
 '<message>': None,
 '<name>': None,
 '<program>': [],
 '<service>': [],
 '<tag_name>': None,
 '<url>': ['"https://example.com', '200', '2000"'],
 '<value>': None,
 '<view>': None,
 'active': False,
 'add': True,
 'after': False,
 'agent': False,
 'agents': False,

the differents recognized urls are : --> "https://example.com 200, and 2000"<-- (note the quotes included in the "urls")