search

honoki / bbrf-client

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
MIT License
613 stars 90 forks source link

Support for advanced query operators in `where` statements #84

Closed Regala closed 2 years ago

Regala commented 3 years ago

The tag feature is immensely helpful. However there are sometimes where you'd want to query multiple tags at the same time, e.g.:

bbrf urls where source is subfinder and cve is cve-2021-1337

By chaining those tags we could do very fine grained searches on the documents (maybe this is already possible somehow and I just don't know how).

Personally I think the and would be more than enough but having an or would make it even better.

0xblackbird commented 2 years ago

I'm also experiencing the same thing, I really need the 'and' operator to query for multiple tags. I thought that it'd be easy to implement this but it turns out that that couchdb doesn't really support this, I might 've overlooked this but as far as I know, couchdb can't do this (yet). But we can use a little workaround this of course. I'm currently working on it, I will try to create a pull request in the coming days

0xblackbird commented 2 years ago

I got it to work by using startkey and endkey in couchdb which then looked at the documents where both of the keys and values were seen and it returns you the id of the document (in this case domain name). I'm unsure if this is the best way to do it, I guess it even can be done with couchdb but I'm fairly new to that so I haven't had the time to try that out. (The OR operator can be implemented via a view on couchdb)

$ bbrf show $domain

{"_id":"$domain","_rev":"1-..","program":"$program","type":"domain","ips":[],"tags":{"CVE":["CVE-2022-1337","CVE-2021-1337"],"comment":["xyz","test"]}}

$ bbrf show $domain2

{"_id":"$domain2","_rev":"2-..","ips":[],"tags":{"CVE":["CVE-2022-1337","CVE-2021-1337"],"comment":["xyz","test","xyzxyz"]},"program":"$program","type":"domain"}

$ bbrf domains where CVE is CVE-2022-1337 and comment is xyz

$domain
$domain2

$ bbrf domains where CVE is CVE-2022-1337 and comment is xyzxyz

$domain2

I would really love to see case insensitivity get implemented here too (or at least an optional flag which allows you to do so), because if you try for example $ bbrf domains where cve is CVE-2022-1337 .. it won't return anything.

Regala commented 2 years ago

Great job @0xblackbird, this is awesome!

honoki commented 2 years ago

This has been implemented!