blacklanternsecurity/bbot

[](https://github.com/blacklanternsecurity/bbot) [](https://www.python.org) [](https://github.com/blacklanternsecurity/bbot/blob/dev/LICENSE) [](https://www.reconvillage.org/talks) [](https://pepy.tech/project/bbot) [](https://github.com/astral-sh/ruff) [](https://github.com/blacklanternsecurity/bbot/actions?query=workflow%3A"tests") [](https://codecov.io/gh/blacklanternsecurity/bbot) [](https://discord.com/invite/PZqkgxu5SA) ### **BEE·bot** 是受 [Spiderfoot](https://github.com/smicallef/spiderfoot) 启发的多功能扫描器，旨在自动化您的 **Recon**、**Bug Bounties** 和 **ASM**！ https://github.com/blacklanternsecurity/bbot/assets/20261699/e539e89b-92ea-46fa-b893-9cde94eebf81 _实时 BBOT 扫描 - 可视化使用 [VivaGraphJS](https://github.com/blacklanternsecurity/bbot-vivagraphjs)_ ## 安装 ``` # 稳定版本 pipx install bbot # 前沿（开发分支） pipx install --pip-args '\--pre' bbot ``` _有关更多安装方法，包括 [Docker](https://hub.docker.com/r/blacklanternsecurity/bbot)，请参阅 [Getting Started](https://www.blacklanternsecurity.com/bbot/Stable/)_ ## 示例命令 ### 1) 子域名查找 被动 API 源 + 递归 DNS 暴力破解，带有针对目标的子域名变体。 ``` # 查找 evilcorp.com 的子域名 bbot -t evilcorp.com -p subdomain-enum # 仅被动来源 bbot -t evilcorp.com -p subdomain-enum -rf passive ```

subdomain-enum.yml

``` description: Enumerate subdomains via APIs, brute-force flags: # enable every module with the subdomain-enum flag - subdomain-enum output_modules: # output unique subdomains to TXT file - subdomains config: dns: threads: 25 brute_threads: 1000 # put your API keys here # modules: # github: # api_key: "" # chaos: # api_key: "" # securitytrails: # api_key: "" ```

BBOT 持续发现比其他工具多 20-50% 的子域名。域名越大，差异越明显。了解其实现方式，请参见 [How It Works](https://www.blacklanternsecurity.com/bbot/Dev/how_it_works/)。  ### 2) 网络爬虫 ``` # 爬取 evilcorp.com，提取电子邮件和其他信息 bbot -t evilcorp.com -p spider ```

spider.yml

``` description: Recursive web spider modules: - httpx blacklist: # Prevent spider from invalidating sessions by logging out - "RE:/.*(sign|log)[_-]?out" config: web: # how many links to follow in a row spider_distance: 2 # don't follow links whose directory depth is higher than 4 spider_depth: 4 # maximum number of links to follow per page spider_links_per_page: 25 ```

### 3) 邮件收集器 ``` # 使用免费 API + 抓取进行快速电子邮件枚举 bbot -t evilcorp.com -p email-enum # 与子域名枚举 + 网络爬虫配合以获取最大产出 bbot -t evilcorp.com -p email-enum subdomain-enum spider ```

email-enum.yml

``` description: Enumerate email addresses from APIs, web crawling, etc. flags: - email-enum output_modules: - emails ```

### 4) 网络扫描器 ``` # 对 www.evilcorp.com 进行轻量级网络扫描 bbot -t www.evilcorp.com -p web-basic # 对 www.evilcorp.com 进行重量级网络扫描 bbot -t www.evilcorp.com -p web-thorough ```

web-basic.yml

``` description: Quick web scan include: - iis-shortnames flags: - web-basic ```

web-thorough.yml

``` description: Aggressive web scan include: # include the web-basic preset - web-basic flags: - web-thorough ```

### 5) 万能全能 ``` # 一切皆在同一时间 bbot -t evilcorp.com -p kitchen-sink --allow-deadly # 大致等同于： bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots --allow-deadly ```

kitchen-sink.yml

``` description: Everything everywhere all at once include: - subdomain-enum - cloud-enum - code-enum - email-enum - spider - web-basic - paramminer - dirbust-light - web-screenshots - baddns-intense config: modules: baddns: enable_references: True ```

## 工作原理 点击下面的图表探索 BBOT 的 [inner workings](https://www.blacklanternsecurity.com/bbot/Stable/how_it_works/)。 [](https://www.blacklanternsecurity.com/bbot/Stable/how_it_works/) ## 输出模块 - [Neo4j](docs/scanning/output.md#neo4j) - [Teams](docs/scanning/output.md#teams) - [Discord](docs/scanning/output.md#discord) - [Slack](docs/scanning/output.md#slack) - [Postgres](docs/scanning/output.md#postgres) - [MySQL](docs/scanning/output.md#mysql) - [SQLite](docs/scanning/output.md#sqlite) - [Splunk](docs/scanning/output.md#splunk) - [Elasticsearch](docs/scanning/output.md#elasticsearch) - [CSV](docs/scanning/output.md#csv) - [JSON](docs/scanning/output.md#json) - [HTTP](docs/scanning/output.md#http) - [Websocket](docs/scanning/output.md#websocket) ...以及 [more](docs/scanning/output.md)！ ## BBOT 作为 Python 库 #### 同步 ``` from bbot.scanner import Scanner if __name__ == "__main__": scan = Scanner("evilcorp.com", presets=["subdomain-enum"]) for event in scan.start(): print(event) ``` #### 异步 ``` from bbot.scanner import Scanner async def main(): scan = Scanner("evilcorp.com", presets=["subdomain-enum"]) async for event in scan.async_start(): print(event.json()) if __name__ == "__main__": import asyncio asyncio.run(main()) ```

SEE: This Nefarious Discord Bot

一个响应 `/scan` 命令的 [BBOT Discord Bot](https://www.blacklanternsecurity.com/bbot/Stable/dev/#discord-bot-example)。在 Discord 服务器上轻松扫描互联网！ 

## 功能概览 - 支持多目标 - 网站截图 - 攻击性 Web 模块套件 - 基于 NLP 的子域名变体 - 原生输出到 Neo4j（以及更多） - 使用 Ansible 自动安装依赖 - 使用自定义 YARA 规则搜索整个攻击面 - Python API + 开发者文档 ## 目标 BBOT 通过 `-t` 接受无限数量的目标。您可以直接在命令行上或在文件中（或两者）指定目标： ``` bbot -t evilcorp.com evilcorp.org 1.2.3.0/24 -p subdomain-enum ``` 目标可以是以下任意一种： - DNS 名称 (`evilcorp.com`) - IP 地址 (`1.2.3.4`) - IP 范围 (`1.2.3.0/24`) - 开放的 TCP 端口 (`192.168.0.1:80`) - URL (`https://www.evilcorp.com`) - 电子邮件地址 (`bob@evilcorp.com`) - 组织 (`ORG:evilcorp`) - 用户名 (`USER:bobsmith`) - 文件系统 (`FILESYSTEM:/tmp/asdf`) - 移动应用 (`MOBILE_APP:https://play.google.com/store/apps/details?id=com.evilcorp.app`) 更多信息请参见 [Targets](https://www.blacklanternsecurity.com/bbot/Stable/scanning/#targets-t)。了解 BBOT 如何处理范围，请参见 [Scope](https://www.blacklanternsecurity.com/bbot/Stable/scanning/#scope)。 ## API 密钥 类似于 Amass 或 Subfinder，BBOT 支持各种第三方服务（如 SecurityTrails 等）的 API 密钥。 标准做法是将 API 密钥写入 **`~/.config/bbot/bbot.yml`**。注意可以使用多个 API 密钥： ``` modules: shodan_dns: api_key: 4f41243847da693a4f356c0486114bc6 c99: # multiple API keys api_key: - 21a270d5f59c9b05813a72bb41707266 - ea8f243d9885cf8ce9876a580224fd3c - 5bc6ed268ab6488270e496d3183a1a27 virustotal: api_key: dd5f0eee2e4a99b71a939bded450b246 securitytrails: api_key: d9a05c3fd9a514497713c54b4455d0b0 ``` 如果愿意，也可以在命令行上指定： ``` bbot -c modules.virustotal.api_key=dd5f0eee2e4a99b71a939bded450b246 ``` 详情请参见 [Configuration](https://www.blacklanternsecurity.com/bbot/Stable/scanning/configuration/)。 ## 模块、标志等完整列表 - [Modules](https://www.blacklanternsecurity.com/bbot/Stable/modules/list_of_modules/) 完整列表 - [Flags](https://www.blacklanternsecurity.com/bbot/Stable/scanning/#list-of-flags) 完整列表 - [Presets](https://www.blacklanternsecurity.com/bbot/Stable/scanning/presets_list/) 完整列表 - [Global Config Options](https://www.blacklanternsecurity.com/bbot/Stable/scanning/configuration/#global-config-options) 完整列表 - [Module Config Options](https://www.blacklanternsecurity.com/bbot/Stable/scanning/configuration/#module-config-options) 完整列表 ## 文档 - **用户手册** - **基础** - [Getting Started](https://www.blacklanternsecurity.com/bbot/Stable/) - [How it Works](https://www.blacklanternsecurity.com/bbot/Stable/how_it_works) - [Comparison to Other Tools](https://www.blacklanternsecurity.com/bbot/Stable/comparison) - **扫描** - [Scanning Overview](https://www.blacklanternsecurity.com/bbot/Stable/scanning/) - **预设** - [Overview](https://www.blacklanternsecurity.com/bbot/Stable/scanning/presets) - [List of Presets](https://www.blacklanternsecurity.com/bbot/Stable/scanning/presets_list) - [Events](https://www.blacklanternsecurity.com/bbot/Stable/scanning/events) - [Output](https://www.blacklanternsecurity.com/bbot/Stable/scanning/output) - [Tips and Tricks](https://www.blacklanternsecurity.com/bbot/Stable/scanning/tips_and_tricks) - [Advanced Usage](https://www.blacklanternsecurity.com/bbot/Stable/scanning/advanced) - [Configuration](https://www.blacklanternsecurity.com/bbot/Stable/scanning/configuration) - **模块** - [List of Modules](https://www.blacklanternsecurity.com/bbot/Stable/modules/list_of_modules) - [Nuclei](https://www.blacklanternsecurity.com/bbot/Stable/modules/nuclei) - [Custom YARA Rules](https://www.blacklanternsecurity.com/bbot/Stable/modules/custom_yara_rules) - [Lightfuzz](https://www.blacklanternsecurity.com/bbot/Stable/modules/lightfuzz) - **其他** - [Contribution](https://www.blacklanternsecurity.com/bbot/Stable/contribution) - [Release History](https://www.blacklanternsecurity.com/bbot/Stable/release_history) - [Troubleshooting](https://www.blacklanternsecurity.com/bbot/Stable/troubleshooting) - **开发者手册** - [Development Overview](https://www.blacklanternsecurity.com/bbot/Stable/dev/) - [Setting Up a Dev Environment](https://www.blacklanternsecurity.com/bbot/Stable/dev/dev_environment) - [BBOT Internal Architecture](https://www.blacklanternsecurity.com/bbot/Stable/dev/architecture) - [How to Write a BBOT Module](https://www.blacklanternsecurity.com/bbot/Stable/dev/module_howto) - [Unit Tests](https://www.blacklanternsecurity.com/bbot/Stable/dev/tests) - [Discord Bot Example](https://www.blacklanternsecurity.com/bbot/Stable/dev/discord_bot) - **代码参考** - [Scanner](https://www.blacklanternsecurity.com/bbot/Stable/dev/scanner) - [Presets](https://www.blacklanternsecurity.com/bbot/Stable/dev/presets) - [Event](https://www.blacklanternsecurity.com/bbot/Stable/dev/event) - [Target](https://www.blacklanternsecurity.com/bbot/Stable/dev/target) - [BaseModule](https://www.blacklanternsecurity.com/bbot/Stable/dev/basemodule) - [BBOTCore](https://www.blacklanternsecurity.com/bbot/Stable/dev/core) - [Engine](https://www.blacklanternsecurity.com/bbot/Stable/dev/engine) - **辅助工具** - [Overview](https://www.blacklanternsecurity.com/bbot/Stable/dev/helpers/) - [Command](https://www.blacklanternsecurity.com/bbot/Stable/dev/helpers/command) - [DNS](https://www.blacklanternsecurity.com/bbot/Stable/dev/helpers/dns) - [Interactsh](https://www.blacklanternsecurity.com/bbot/Stable/dev/helpers/interactsh) [Miscellaneous](https://www.blacklanternsecurity.com/bbot/Stable/dev/helpers/misc) - [Web](https://www.blacklanternsecurity.com/bbot/Stable/dev/helpers/web) - [Word Cloud](https://www.blacklanternsecurity.com/bbot/Stable/dev/helpers/wordcloud)

标签：AGPLv3 许可证, API哈希动态解析, DEF CON 演示, DNS解析, Docker 部署, eBPF, GPLv3, IPFIX, meg, NetFlow, ntopng, pipx 安装, pip 包, Python 3.9+, sFlow, Spiderfoot 类似工具, Traffic Monitoring, VivaGraphJS, 云原生安全, 云存储安全, 信息安全, 可视化图形, 子域名枚举, 安全研究社区, 开源项目, 测试用例, 漏洞赏金, 系统可观测性, 系统安全, 网络安全, 网络态势感知, 网络性能监控, 网络扫描, 网络探针, 网络运维, 自动化侦查, 请求拦截, 运行时安全, 逆向工具, 隐私保护, 高性能网络