[![bbot_banner](https://user-images.githubusercontent.com/20261699/158000235-6c1ace81-a267-4f8e-90a1-f4c16884ebac.png)](https://github.com/blacklanternsecurity/bbot)
# BEEĀ·bot
### A Recursive Internet Scanner for Hackers.
[![Python Version](https://img.shields.io/badge/python-3.9+-FF8400)](https://www.python.org) [![License](https://img.shields.io/badge/license-GPLv3-FF8400.svg)](https://github.com/blacklanternsecurity/bbot/blob/dev/LICENSE) [![DEF CON Demo Labs 2023](https://img.shields.io/badge/DEF%20CON%20Demo%20Labs-2023-FF8400.svg)](https://forum.defcon.org/node/246338) [![PyPi Downloads](https://static.pepy.tech/personalized-badge/bbot?right_color=orange&left_color=grey)](https://pepy.tech/project/bbot) [![Black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) [![Tests](https://github.com/blacklanternsecurity/bbot/actions/workflows/tests.yml/badge.svg?branch=stable)](https://github.com/blacklanternsecurity/bbot/actions?query=workflow%3A"tests") [![Codecov](https://codecov.io/gh/blacklanternsecurity/bbot/branch/dev/graph/badge.svg?token=IR5AZBDM5K)](https://codecov.io/gh/blacklanternsecurity/bbot) [![Discord](https://img.shields.io/discord/859164869970362439)](https://discord.com/invite/PZqkgxu5SA)
BBOT (Bighuge BLS OSINT Tool) is a recursive internet scanner inspired by [Spiderfoot](https://github.com/smicallef/spiderfoot), but designed to be faster, more reliable, and friendlier to pentesters, bug bounty hunters, and developers.
Special features include:
- Support for Multiple Targets
- Web Screenshots
- Suite of Offensive Web Modules
- AI-powered Subdomain Mutations
- Native Output to Neo4j (and more)
- Python API + Developer [Documentation](https://www.blacklanternsecurity.com/bbot/)
https://github.com/blacklanternsecurity/bbot/assets/20261699/742df3fe-5d1f-4aea-83f6-f990657bf695
_A BBOT scan in real-time - visualization with [VivaGraphJS](https://github.com/blacklanternsecurity/bbot-vivagraphjs)_
## Quick Start Guide
Below are some short help sections to get you up and running.
<details>
<summary><b>Installation ( Pip )</b></summary>
Note: BBOT's [PyPi package](https://pypi.org/project/bbot/) requires Linux and Python 3.9+.
```bash
# stable version
pipx install bbot
# bleeding edge (dev branch)
pipx install --pip-args '\--pre' bbot
bbot --help
```
</details>
<details>
<summary><b>Installation ( Docker )</b></summary>
[Docker images](https://hub.docker.com/r/blacklanternsecurity/bbot) are provided, along with helper script `bbot-docker.sh` to persist your scan data.
```bash
# bleeding edge (dev)
docker run -it blacklanternsecurity/bbot --help
# stable
docker run -it blacklanternsecurity/bbot:stable --help
# helper script
git clone https://github.com/blacklanternsecurity/bbot && cd bbot
./bbot-docker.sh --help
```
</details>
<details>
<summary><b>Example Usage</b></summary>
## Example Commands
Scan output, logs, etc. are saved to `~/.bbot`. For more detailed examples and explanations, see [Scanning](https://www.blacklanternsecurity.com/bbot/scanning).
<!-- BBOT EXAMPLE COMMANDS -->
**Subdomains:**
```bash
# Perform a full subdomain enumeration on evilcorp.com
bbot -t evilcorp.com -f subdomain-enum
```
**Subdomains (passive only):**
```bash
# Perform a passive-only subdomain enumeration on evilcorp.com
bbot -t evilcorp.com -f subdomain-enum -rf passive
```
**Subdomains + port scan + web screenshots:**
```bash
# Port-scan every subdomain, screenshot every webpage, output to current directory
bbot -t evilcorp.com -f subdomain-enum -m nmap gowitness -n my_scan -o .
```
**Subdomains + basic web scan:**
```bash
# A basic web scan includes wappalyzer, robots.txt, and other non-intrusive web modules
bbot -t evilcorp.com -f subdomain-enum web-basic
```
**Web spider:**
```bash
# Crawl www.evilcorp.com up to a max depth of 2, automatically extracting emails, secrets, etc.
bbot -t www.evilcorp.com -m httpx robots badsecrets secretsdb -c web_spider_distance=2 web_spider_depth=2
```
**Everything everywhere all at once:**
```bash
# Subdomains, emails, cloud buckets, port scan, basic web, web screenshots, nuclei
bbot -t evilcorp.com -f subdomain-enum email-enum cloud-enum web-basic -m nmap gowitness nuclei --allow-deadly
```
<!-- END BBOT EXAMPLE COMMANDS -->
## Targets
BBOT accepts an unlimited number of targets via `-t`. You can specify targets either directly on the command line or in files (or both!):
```bash
bbot -t evilcorp.com evilcorp.org 1.2.3.0/24 -f subdomain-enum
```
Targets can be any of the following:
- `DNS_NAME` (`evilcorp.com`)
- `IP_ADDRESS` (`1.2.3.4`)
- `IP_RANGE` (`1.2.3.0/24`)
- `OPEN_TCP_PORT` (`192.168.0.1:80`)
- `URL` (`https://www.evilcorp.com`)
For more information, see [Targets](https://www.blacklanternsecurity.com/bbot/scanning/#targets-t). To learn how BBOT handles scope, see [Scope](https://www.blacklanternsecurity.com/bbot/scanning/#scope).
## API Keys
Similar to Amass or Subfinder, BBOT supports API keys for various third-party services such as SecurityTrails, etc.
The standard way to do this is to enter your API keys in **`~/.config/bbot/secrets.yml`**:
```yaml
modules:
shodan_dns:
api_key: 4f41243847da693a4f356c0486114bc6
c99:
api_key: 21a270d5f59c9b05813a72bb41707266
virustotal:
api_key: dd5f0eee2e4a99b71a939bded450b246
securitytrails:
api_key: d9a05c3fd9a514497713c54b4455d0b0
```
If you like, you can also specify them on the command line:
```bash
bbot -c modules.virustotal.api_key=dd5f0eee2e4a99b71a939bded450b246
```
For details, see [Configuration](https://www.blacklanternsecurity.com/bbot/scanning/configuration/)
## BBOT as a Python Library
BBOT exposes a Python API that allows it to be used for all kinds of fun and nefarious purposes, like a [Discord Bot](https://www.blacklanternsecurity.com/bbot/dev/#bbot-python-library-advanced-usage#discord-bot-example) that responds to the `/scan` command.
![bbot-discord](https://github.com/blacklanternsecurity/bbot/assets/20261699/22b268a2-0dfd-4c2a-b7c5-548c0f2cc6f9)
**Synchronous**
```python
from bbot.scanner import Scanner
# any number of targets can be specified
scan = Scanner("example.com", "scanme.nmap.org", modules=["nmap", "sslcert"])
for event in scan.start():
print(event.json())
```
**Asynchronous**
```python
from bbot.scanner import Scanner
async def main():
scan = Scanner("example.com", "scanme.nmap.org", modules=["nmap", "sslcert"])
async for event in scan.async_start():
print(event.json())
import asyncio
asyncio.run(main())
```
</details>
<details>
<summary><b>Documentation - Table of Contents</b></summary>
<!-- BBOT DOCS TOC -->
- **User Manual**
- **Basics**
- [Getting Started](https://www.blacklanternsecurity.com/bbot/)
- [How it Works](https://www.blacklanternsecurity.com/bbot/how_it_works)
- [Comparison to Other Tools](https://www.blacklanternsecurity.com/bbot/comparison)
- **Scanning**
- [Scanning Overview](https://www.blacklanternsecurity.com/bbot/scanning/)
- [Events](https://www.blacklanternsecurity.com/bbot/scanning/events)
- [Output](https://www.blacklanternsecurity.com/bbot/scanning/output)
- [Tips and Tricks](https://www.blacklanternsecurity.com/bbot/scanning/tips_and_tricks)
- [Advanced Usage](https://www.blacklanternsecurity.com/bbot/scanning/advanced)
- [Configuration](https://www.blacklanternsecurity.com/bbot/scanning/configuration)
- **Modules**
- [List of Modules](https://www.blacklanternsecurity.com/bbot/modules/list_of_modules)
- [Nuclei](https://www.blacklanternsecurity.com/bbot/modules/nuclei)
- **Misc**
- [Release History](https://www.blacklanternsecurity.com/bbot/release_history)
- [Troubleshooting](https://www.blacklanternsecurity.com/bbot/troubleshooting)
- **Developer Manual**
- [How to Write a Module](https://www.blacklanternsecurity.com/bbot/contribution)
- [Development Overview](https://www.blacklanternsecurity.com/bbot/dev/)
- [Scanner](https://www.blacklanternsecurity.com/bbot/dev/scanner)
- [Event](https://www.blacklanternsecurity.com/bbot/dev/event)
- [Target](https://www.blacklanternsecurity.com/bbot/dev/target)
- [BaseModule](https://www.blacklanternsecurity.com/bbot/dev/basemodule)
- **Helpers**
- [Overview](https://www.blacklanternsecurity.com/bbot/dev/helpers/)
- [Command](https://www.blacklanternsecurity.com/bbot/dev/helpers/command)
- [DNS](https://www.blacklanternsecurity.com/bbot/dev/helpers/dns)
- [Interactsh](https://www.blacklanternsecurity.com/bbot/dev/helpers/interactsh)
- [Miscellaneous](https://www.blacklanternsecurity.com/bbot/dev/helpers/misc)
- [Web](https://www.blacklanternsecurity.com/bbot/dev/helpers/web)
- [Word Cloud](https://www.blacklanternsecurity.com/bbot/dev/helpers/wordcloud)
<!-- END BBOT DOCS TOC -->
</details>
<details>
<summary><b>Contribution</b></summary>
BBOT is constantly being improved by the community. Every day it grows more powerful!
We welcome contributions. Not just code, but ideas too! If you have an idea for a new feature, please let us know in [Discussions](https://github.com/blacklanternsecurity/bbot/discussions). If you want to get your hands dirty, see [Contribution](https://www.blacklanternsecurity.com/bbot/contribution/). There you can find setup instructions and a simple tutorial on how to write a BBOT module. We also have extensive [Developer Documentation](https://www.blacklanternsecurity.com/bbot/dev/).
Thanks to these amazing people for contributing to BBOT! :heart:
<p align="center">
<a href="https://github.com/blacklanternsecurity/bbot/graphs/contributors">
<img src="https://contrib.rocks/image?repo=blacklanternsecurity/bbot&max=500">
</a>
</p>
Special thanks to the following people who made BBOT possible:
- @TheTechromancer for creating [BBOT](https://github.com/blacklanternsecurity/bbot)
- @liquidsec for his extensive work on BBOT's web hacking features, including [badsecrets](https://github.com/blacklanternsecurity/badsecrets)
- Steve Micallef (@smicallef) for creating Spiderfoot
- @kerrymilan for his Neo4j and Ansible expertise
- @aconite33 and @amiremami for their ruthless testing
- Aleksei Kornev (@alekseiko) for allowing us ownership of the bbot Pypi repository <3
</details>
## Comparison to Other Tools
BBOT consistently finds 20-50% more subdomains than other tools. The bigger the domain, the bigger the difference. To learn how this is possible, see [How It Works](https://www.blacklanternsecurity.com/bbot/how_it_works/).
![subdomain-stats-ebay](https://github.com/blacklanternsecurity/bbot/assets/20261699/53e07e9f-50b6-4b70-9e83-297dbfbcb436)
## BBOT Modules By Flag
For a full list of modules, including the data types consumed and emitted by each one, see [List of Modules](https://www.blacklanternsecurity.com/bbot/modules/list_of_modules/).
<!-- BBOT MODULE FLAGS -->
| Flag | # Modules | Description | Modules |
|------------------|-------------|----------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| safe | 82 | Non-intrusive, safe to run | affiliates, aggregate, ajaxpro, anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crobat, crt, dehashed, digitorus, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, filedownload, fingerprintx, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, gowitness, hackertarget, httpx, hunt, hunterio, iis_shortnames, internetdb, ip2location, ipstack, leakix, myssl, newsletters, ntlm, oauth, otx, passivetotal, pgp, postman, rapiddns, riddler, robots, secretsdb, securitytrails, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, sublist3r, threatminer, trufflehog, urlscan, viewdns, virustotal, wappalyzer, wayback, zoomeye |
| passive | 62 | Never connects to target systems | affiliates, aggregate, anubisdb, asn, azure_realm, azure_tenant, bevigil, binaryedge, bucket_file_enum, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crobat, crt, dehashed, digitorus, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, excavate, fullhunt, git_clone, github_codesearch, github_org, github_workflows, hackertarget, hunterio, internetdb, ip2location, ipneighbor, ipstack, leakix, massdns, myssl, otx, passivetotal, pgp, postman, rapiddns, riddler, securitytrails, shodan_dns, sitedossier, skymem, social, speculate, subdomaincenter, sublist3r, threatminer, trufflehog, urlscan, viewdns, virustotal, wayback, zoomeye |
| subdomain-enum | 45 | Enumerates subdomains | anubisdb, asn, azure_realm, azure_tenant, baddns_zone, bevigil, binaryedge, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, massdns, myssl, oauth, otx, passivetotal, postman, rapiddns, riddler, securitytrails, shodan_dns, sitedossier, sslcert, subdomaincenter, subdomains, threatminer, urlscan, virustotal, wayback, zoomeye |
| active | 42 | Makes active connections to target systems | ajaxpro, baddns, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf, ffuf_shortnames, filedownload, fingerprintx, generic_ssrf, git, gitlab, gowitness, host_header, httpx, hunt, iis_shortnames, masscan, newsletters, nmap, ntlm, nuclei, oauth, paramminer_cookies, paramminer_getparams, paramminer_headers, robots, secretsdb, smuggler, sslcert, telerik, url_manipulation, vhost, wafw00f, wappalyzer |
| web-thorough | 29 | More advanced web scanning functionality | ajaxpro, azure_realm, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf_shortnames, filedownload, generic_ssrf, git, host_header, httpx, hunt, iis_shortnames, nmap, ntlm, oauth, robots, secretsdb, smuggler, sslcert, telerik, url_manipulation, wappalyzer |
| aggressive | 20 | Generates a large amount of network traffic | bypass403, dastardly, dotnetnuke, ffuf, ffuf_shortnames, generic_ssrf, host_header, ipneighbor, masscan, massdns, nmap, nuclei, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, telerik, url_manipulation, vhost, wafw00f |
| web-basic | 17 | Basic, non-intrusive web scan functionality | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, sslcert, wappalyzer |
| cloud-enum | 12 | Enumerates cloud resources | azure_realm, azure_tenant, baddns, baddns_zone, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, httpx, oauth |
| slow | 10 | May take a long time to complete | bucket_digitalocean, dastardly, docker_pull, fingerprintx, git_clone, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, vhost |
| affiliates | 8 | Discovers affiliated hostnames/domains | affiliates, azure_realm, azure_tenant, builtwith, oauth, sslcert, viewdns, zoomeye |
| email-enum | 7 | Enumerates email addresses | dehashed, emailformat, emails, hunterio, pgp, skymem, sslcert |
| deadly | 4 | Highly aggressive | dastardly, ffuf, nuclei, vhost |
| portscan | 3 | Discovers open ports | internetdb, masscan, nmap |
| web-paramminer | 3 | Discovers HTTP parameters through brute-force | paramminer_cookies, paramminer_getparams, paramminer_headers |
| baddns | 2 | Runs all modules from the DNS auditing tool BadDNS | baddns, baddns_zone |
| iis-shortnames | 2 | Scans for IIS Shortname vulnerability | ffuf_shortnames, iis_shortnames |
| report | 2 | Generates a report at the end of the scan | affiliates, asn |
| social-enum | 2 | Enumerates social media | httpx, social |
| repo-enum | 1 | Enumerates code repositories | code_repository |
| service-enum | 1 | Identifies protocols running on open ports | fingerprintx |
| subdomain-hijack | 1 | Detects hijackable subdomains | baddns |
| web-screenshots | 1 | Takes screenshots of web pages | gowitness |
<!-- END BBOT MODULE FLAGS -->
## BBOT Output Modules
BBOT can save its data to TXT, CSV, JSON, and tons of other destinations including [Neo4j](https://www.blacklanternsecurity.com/bbot/scanning/output/#neo4j), [Splunk](https://www.blacklanternsecurity.com/bbot/scanning/output/#splunk), and [Discord](https://www.blacklanternsecurity.com/bbot/scanning/output/#discord-slack-teams). For instructions on how to use these, see [Output Modules](https://www.blacklanternsecurity.com/bbot/scanning/output).
<!-- BBOT OUTPUT MODULES -->
| Module | Type | Needs API Key | Description | Flags | Consumed Events | Produced Events |
|-----------------|--------|-----------------|-----------------------------------------------------------------------------------------|----------------|--------------------------------------------------------------------------------------------------|---------------------------|
| asset_inventory | output | No | Merge hosts, open ports, technologies, findings, etc. into a single asset inventory CSV | | DNS_NAME, FINDING, HTTP_RESPONSE, IP_ADDRESS, OPEN_TCP_PORT, TECHNOLOGY, URL, VULNERABILITY, WAF | IP_ADDRESS, OPEN_TCP_PORT |
| csv | output | No | Output to CSV | | * | |
| discord | output | No | Message a Discord channel when certain events are encountered | | * | |
| emails | output | No | Output any email addresses found belonging to the target domain | email-enum | EMAIL_ADDRESS | |
| http | output | No | Send every event to a custom URL via a web request | | * | |
| human | output | No | Output to text | | * | |
| json | output | No | Output to Newline-Delimited JSON (NDJSON) | | * | |
| neo4j | output | No | Output to Neo4j | | * | |
| python | output | No | Output via Python API | | * | |
| slack | output | No | Message a Slack channel when certain events are encountered | | * | |
| splunk | output | No | Send every event to a splunk instance through HTTP Event Collector | | * | |
| subdomains | output | No | Output only resolved, in-scope subdomains | subdomain-enum | DNS_NAME, DNS_NAME_UNRESOLVED | |
| teams | output | No | Message a Teams channel when certain events are encountered | | * | |
| web_report | output | No | Create a markdown report with web assets | | FINDING, TECHNOLOGY, URL, VHOST, VULNERABILITY | |
| websocket | output | No | Output to websockets | | * | |
<!-- END BBOT OUTPUT MODULES -->
Raw data
{
"_id": null,
"home_page": "https://github.com/blacklanternsecurity/bbot",
"name": "bbot",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.9",
"maintainer_email": null,
"keywords": "python, cli, automation, osint, neo4j, scanner, python-library, hacking, recursion, pentesting, recon, command-line-tool, bugbounty, subdomains, security-tools, subdomain-scanner, osint-framework, attack-surface, subdomain-enumeration, osint-tool",
"author": "TheTechromancer",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/46/2c/1e0274544462ed7ab45f3cf9605b5ca114ecf2d000b9810241b0fb2370a1/bbot-1.1.7.tar.gz",
"platform": null,
"description": "[![bbot_banner](https://user-images.githubusercontent.com/20261699/158000235-6c1ace81-a267-4f8e-90a1-f4c16884ebac.png)](https://github.com/blacklanternsecurity/bbot)\n\n# BEE\u00b7bot\n\n### A Recursive Internet Scanner for Hackers.\n\n[![Python Version](https://img.shields.io/badge/python-3.9+-FF8400)](https://www.python.org) [![License](https://img.shields.io/badge/license-GPLv3-FF8400.svg)](https://github.com/blacklanternsecurity/bbot/blob/dev/LICENSE) [![DEF CON Demo Labs 2023](https://img.shields.io/badge/DEF%20CON%20Demo%20Labs-2023-FF8400.svg)](https://forum.defcon.org/node/246338) [![PyPi Downloads](https://static.pepy.tech/personalized-badge/bbot?right_color=orange&left_color=grey)](https://pepy.tech/project/bbot) [![Black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) [![Tests](https://github.com/blacklanternsecurity/bbot/actions/workflows/tests.yml/badge.svg?branch=stable)](https://github.com/blacklanternsecurity/bbot/actions?query=workflow%3A\"tests\") [![Codecov](https://codecov.io/gh/blacklanternsecurity/bbot/branch/dev/graph/badge.svg?token=IR5AZBDM5K)](https://codecov.io/gh/blacklanternsecurity/bbot) [![Discord](https://img.shields.io/discord/859164869970362439)](https://discord.com/invite/PZqkgxu5SA)\n\nBBOT (Bighuge BLS OSINT Tool) is a recursive internet scanner inspired by [Spiderfoot](https://github.com/smicallef/spiderfoot), but designed to be faster, more reliable, and friendlier to pentesters, bug bounty hunters, and developers.\n\nSpecial features include:\n\n- Support for Multiple Targets\n- Web Screenshots\n- Suite of Offensive Web Modules\n- AI-powered Subdomain Mutations\n- Native Output to Neo4j (and more)\n- Python API + Developer [Documentation](https://www.blacklanternsecurity.com/bbot/)\n\nhttps://github.com/blacklanternsecurity/bbot/assets/20261699/742df3fe-5d1f-4aea-83f6-f990657bf695\n\n_A BBOT scan in real-time - visualization with [VivaGraphJS](https://github.com/blacklanternsecurity/bbot-vivagraphjs)_\n\n## Quick Start Guide\n\nBelow are some short help sections to get you up and running.\n\n<details>\n<summary><b>Installation ( Pip )</b></summary>\n\nNote: BBOT's [PyPi package](https://pypi.org/project/bbot/) requires Linux and Python 3.9+.\n\n```bash\n# stable version\npipx install bbot\n\n# bleeding edge (dev branch)\npipx install --pip-args '\\--pre' bbot\n\nbbot --help\n```\n\n</details>\n\n<details>\n<summary><b>Installation ( Docker )</b></summary>\n\n[Docker images](https://hub.docker.com/r/blacklanternsecurity/bbot) are provided, along with helper script `bbot-docker.sh` to persist your scan data.\n\n```bash\n# bleeding edge (dev)\ndocker run -it blacklanternsecurity/bbot --help\n\n# stable\ndocker run -it blacklanternsecurity/bbot:stable --help\n\n# helper script\ngit clone https://github.com/blacklanternsecurity/bbot && cd bbot\n./bbot-docker.sh --help\n```\n\n</details>\n\n<details>\n<summary><b>Example Usage</b></summary>\n\n## Example Commands\n\nScan output, logs, etc. are saved to `~/.bbot`. For more detailed examples and explanations, see [Scanning](https://www.blacklanternsecurity.com/bbot/scanning).\n\n<!-- BBOT EXAMPLE COMMANDS -->\n**Subdomains:**\n\n```bash\n# Perform a full subdomain enumeration on evilcorp.com\nbbot -t evilcorp.com -f subdomain-enum\n```\n\n**Subdomains (passive only):**\n\n```bash\n# Perform a passive-only subdomain enumeration on evilcorp.com\nbbot -t evilcorp.com -f subdomain-enum -rf passive\n```\n\n**Subdomains + port scan + web screenshots:**\n\n```bash\n# Port-scan every subdomain, screenshot every webpage, output to current directory\nbbot -t evilcorp.com -f subdomain-enum -m nmap gowitness -n my_scan -o .\n```\n\n**Subdomains + basic web scan:**\n\n```bash\n# A basic web scan includes wappalyzer, robots.txt, and other non-intrusive web modules\nbbot -t evilcorp.com -f subdomain-enum web-basic\n```\n\n**Web spider:**\n\n```bash\n# Crawl www.evilcorp.com up to a max depth of 2, automatically extracting emails, secrets, etc.\nbbot -t www.evilcorp.com -m httpx robots badsecrets secretsdb -c web_spider_distance=2 web_spider_depth=2\n```\n\n**Everything everywhere all at once:**\n\n```bash\n# Subdomains, emails, cloud buckets, port scan, basic web, web screenshots, nuclei\nbbot -t evilcorp.com -f subdomain-enum email-enum cloud-enum web-basic -m nmap gowitness nuclei --allow-deadly\n```\n<!-- END BBOT EXAMPLE COMMANDS -->\n\n## Targets\n\nBBOT accepts an unlimited number of targets via `-t`. You can specify targets either directly on the command line or in files (or both!):\n\n```bash\nbbot -t evilcorp.com evilcorp.org 1.2.3.0/24 -f subdomain-enum\n```\n\nTargets can be any of the following:\n\n- `DNS_NAME` (`evilcorp.com`)\n- `IP_ADDRESS` (`1.2.3.4`)\n- `IP_RANGE` (`1.2.3.0/24`)\n- `OPEN_TCP_PORT` (`192.168.0.1:80`)\n- `URL` (`https://www.evilcorp.com`)\n\nFor more information, see [Targets](https://www.blacklanternsecurity.com/bbot/scanning/#targets-t). To learn how BBOT handles scope, see [Scope](https://www.blacklanternsecurity.com/bbot/scanning/#scope).\n\n## API Keys\n\nSimilar to Amass or Subfinder, BBOT supports API keys for various third-party services such as SecurityTrails, etc.\n\nThe standard way to do this is to enter your API keys in **`~/.config/bbot/secrets.yml`**:\n```yaml\nmodules:\n shodan_dns:\n api_key: 4f41243847da693a4f356c0486114bc6\n c99:\n api_key: 21a270d5f59c9b05813a72bb41707266\n virustotal:\n api_key: dd5f0eee2e4a99b71a939bded450b246\n securitytrails:\n api_key: d9a05c3fd9a514497713c54b4455d0b0\n```\n\nIf you like, you can also specify them on the command line:\n```bash\nbbot -c modules.virustotal.api_key=dd5f0eee2e4a99b71a939bded450b246\n```\n\nFor details, see [Configuration](https://www.blacklanternsecurity.com/bbot/scanning/configuration/)\n\n## BBOT as a Python Library\n\nBBOT exposes a Python API that allows it to be used for all kinds of fun and nefarious purposes, like a [Discord Bot](https://www.blacklanternsecurity.com/bbot/dev/#bbot-python-library-advanced-usage#discord-bot-example) that responds to the `/scan` command.\n\n![bbot-discord](https://github.com/blacklanternsecurity/bbot/assets/20261699/22b268a2-0dfd-4c2a-b7c5-548c0f2cc6f9)\n\n**Synchronous**\n\n```python\nfrom bbot.scanner import Scanner\n\n# any number of targets can be specified\nscan = Scanner(\"example.com\", \"scanme.nmap.org\", modules=[\"nmap\", \"sslcert\"])\nfor event in scan.start():\n print(event.json())\n```\n\n**Asynchronous**\n\n```python\nfrom bbot.scanner import Scanner\n\nasync def main():\n scan = Scanner(\"example.com\", \"scanme.nmap.org\", modules=[\"nmap\", \"sslcert\"])\n async for event in scan.async_start():\n print(event.json())\n\nimport asyncio\nasyncio.run(main())\n```\n\n</details>\n\n<details>\n<summary><b>Documentation - Table of Contents</b></summary>\n\n<!-- BBOT DOCS TOC -->\n- **User Manual**\n - **Basics**\n - [Getting Started](https://www.blacklanternsecurity.com/bbot/)\n - [How it Works](https://www.blacklanternsecurity.com/bbot/how_it_works)\n - [Comparison to Other Tools](https://www.blacklanternsecurity.com/bbot/comparison)\n - **Scanning**\n - [Scanning Overview](https://www.blacklanternsecurity.com/bbot/scanning/)\n - [Events](https://www.blacklanternsecurity.com/bbot/scanning/events)\n - [Output](https://www.blacklanternsecurity.com/bbot/scanning/output)\n - [Tips and Tricks](https://www.blacklanternsecurity.com/bbot/scanning/tips_and_tricks)\n - [Advanced Usage](https://www.blacklanternsecurity.com/bbot/scanning/advanced)\n - [Configuration](https://www.blacklanternsecurity.com/bbot/scanning/configuration)\n - **Modules**\n - [List of Modules](https://www.blacklanternsecurity.com/bbot/modules/list_of_modules)\n - [Nuclei](https://www.blacklanternsecurity.com/bbot/modules/nuclei)\n - **Misc**\n - [Release History](https://www.blacklanternsecurity.com/bbot/release_history)\n - [Troubleshooting](https://www.blacklanternsecurity.com/bbot/troubleshooting)\n- **Developer Manual**\n - [How to Write a Module](https://www.blacklanternsecurity.com/bbot/contribution)\n - [Development Overview](https://www.blacklanternsecurity.com/bbot/dev/)\n - [Scanner](https://www.blacklanternsecurity.com/bbot/dev/scanner)\n - [Event](https://www.blacklanternsecurity.com/bbot/dev/event)\n - [Target](https://www.blacklanternsecurity.com/bbot/dev/target)\n - [BaseModule](https://www.blacklanternsecurity.com/bbot/dev/basemodule)\n - **Helpers**\n - [Overview](https://www.blacklanternsecurity.com/bbot/dev/helpers/)\n - [Command](https://www.blacklanternsecurity.com/bbot/dev/helpers/command)\n - [DNS](https://www.blacklanternsecurity.com/bbot/dev/helpers/dns)\n - [Interactsh](https://www.blacklanternsecurity.com/bbot/dev/helpers/interactsh)\n - [Miscellaneous](https://www.blacklanternsecurity.com/bbot/dev/helpers/misc)\n - [Web](https://www.blacklanternsecurity.com/bbot/dev/helpers/web)\n - [Word Cloud](https://www.blacklanternsecurity.com/bbot/dev/helpers/wordcloud)\n<!-- END BBOT DOCS TOC -->\n\n</details>\n\n<details>\n<summary><b>Contribution</b></summary>\n\nBBOT is constantly being improved by the community. Every day it grows more powerful!\n\nWe welcome contributions. Not just code, but ideas too! If you have an idea for a new feature, please let us know in [Discussions](https://github.com/blacklanternsecurity/bbot/discussions). If you want to get your hands dirty, see [Contribution](https://www.blacklanternsecurity.com/bbot/contribution/). There you can find setup instructions and a simple tutorial on how to write a BBOT module. We also have extensive [Developer Documentation](https://www.blacklanternsecurity.com/bbot/dev/).\n\nThanks to these amazing people for contributing to BBOT! :heart:\n\n<p align=\"center\">\n<a href=\"https://github.com/blacklanternsecurity/bbot/graphs/contributors\">\n <img src=\"https://contrib.rocks/image?repo=blacklanternsecurity/bbot&max=500\">\n</a>\n</p>\n\nSpecial thanks to the following people who made BBOT possible:\n\n- @TheTechromancer for creating [BBOT](https://github.com/blacklanternsecurity/bbot)\n- @liquidsec for his extensive work on BBOT's web hacking features, including [badsecrets](https://github.com/blacklanternsecurity/badsecrets)\n- Steve Micallef (@smicallef) for creating Spiderfoot\n- @kerrymilan for his Neo4j and Ansible expertise\n- @aconite33 and @amiremami for their ruthless testing\n- Aleksei Kornev (@alekseiko) for allowing us ownership of the bbot Pypi repository <3\n\n</details>\n\n## Comparison to Other Tools\n\nBBOT consistently finds 20-50% more subdomains than other tools. The bigger the domain, the bigger the difference. To learn how this is possible, see [How It Works](https://www.blacklanternsecurity.com/bbot/how_it_works/).\n\n![subdomain-stats-ebay](https://github.com/blacklanternsecurity/bbot/assets/20261699/53e07e9f-50b6-4b70-9e83-297dbfbcb436)\n\n## BBOT Modules By Flag\nFor a full list of modules, including the data types consumed and emitted by each one, see [List of Modules](https://www.blacklanternsecurity.com/bbot/modules/list_of_modules/).\n\n<!-- BBOT MODULE FLAGS -->\n| Flag | # Modules | Description | Modules |\n|------------------|-------------|----------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| safe | 82 | Non-intrusive, safe to run | affiliates, aggregate, ajaxpro, anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crobat, crt, dehashed, digitorus, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, filedownload, fingerprintx, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, gowitness, hackertarget, httpx, hunt, hunterio, iis_shortnames, internetdb, ip2location, ipstack, leakix, myssl, newsletters, ntlm, oauth, otx, passivetotal, pgp, postman, rapiddns, riddler, robots, secretsdb, securitytrails, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, sublist3r, threatminer, trufflehog, urlscan, viewdns, virustotal, wappalyzer, wayback, zoomeye |\n| passive | 62 | Never connects to target systems | affiliates, aggregate, anubisdb, asn, azure_realm, azure_tenant, bevigil, binaryedge, bucket_file_enum, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crobat, crt, dehashed, digitorus, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, excavate, fullhunt, git_clone, github_codesearch, github_org, github_workflows, hackertarget, hunterio, internetdb, ip2location, ipneighbor, ipstack, leakix, massdns, myssl, otx, passivetotal, pgp, postman, rapiddns, riddler, securitytrails, shodan_dns, sitedossier, skymem, social, speculate, subdomaincenter, sublist3r, threatminer, trufflehog, urlscan, viewdns, virustotal, wayback, zoomeye |\n| subdomain-enum | 45 | Enumerates subdomains | anubisdb, asn, azure_realm, azure_tenant, baddns_zone, bevigil, binaryedge, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, massdns, myssl, oauth, otx, passivetotal, postman, rapiddns, riddler, securitytrails, shodan_dns, sitedossier, sslcert, subdomaincenter, subdomains, threatminer, urlscan, virustotal, wayback, zoomeye |\n| active | 42 | Makes active connections to target systems | ajaxpro, baddns, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf, ffuf_shortnames, filedownload, fingerprintx, generic_ssrf, git, gitlab, gowitness, host_header, httpx, hunt, iis_shortnames, masscan, newsletters, nmap, ntlm, nuclei, oauth, paramminer_cookies, paramminer_getparams, paramminer_headers, robots, secretsdb, smuggler, sslcert, telerik, url_manipulation, vhost, wafw00f, wappalyzer |\n| web-thorough | 29 | More advanced web scanning functionality | ajaxpro, azure_realm, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf_shortnames, filedownload, generic_ssrf, git, host_header, httpx, hunt, iis_shortnames, nmap, ntlm, oauth, robots, secretsdb, smuggler, sslcert, telerik, url_manipulation, wappalyzer |\n| aggressive | 20 | Generates a large amount of network traffic | bypass403, dastardly, dotnetnuke, ffuf, ffuf_shortnames, generic_ssrf, host_header, ipneighbor, masscan, massdns, nmap, nuclei, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, telerik, url_manipulation, vhost, wafw00f |\n| web-basic | 17 | Basic, non-intrusive web scan functionality | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, sslcert, wappalyzer |\n| cloud-enum | 12 | Enumerates cloud resources | azure_realm, azure_tenant, baddns, baddns_zone, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, httpx, oauth |\n| slow | 10 | May take a long time to complete | bucket_digitalocean, dastardly, docker_pull, fingerprintx, git_clone, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, vhost |\n| affiliates | 8 | Discovers affiliated hostnames/domains | affiliates, azure_realm, azure_tenant, builtwith, oauth, sslcert, viewdns, zoomeye |\n| email-enum | 7 | Enumerates email addresses | dehashed, emailformat, emails, hunterio, pgp, skymem, sslcert |\n| deadly | 4 | Highly aggressive | dastardly, ffuf, nuclei, vhost |\n| portscan | 3 | Discovers open ports | internetdb, masscan, nmap |\n| web-paramminer | 3 | Discovers HTTP parameters through brute-force | paramminer_cookies, paramminer_getparams, paramminer_headers |\n| baddns | 2 | Runs all modules from the DNS auditing tool BadDNS | baddns, baddns_zone |\n| iis-shortnames | 2 | Scans for IIS Shortname vulnerability | ffuf_shortnames, iis_shortnames |\n| report | 2 | Generates a report at the end of the scan | affiliates, asn |\n| social-enum | 2 | Enumerates social media | httpx, social |\n| repo-enum | 1 | Enumerates code repositories | code_repository |\n| service-enum | 1 | Identifies protocols running on open ports | fingerprintx |\n| subdomain-hijack | 1 | Detects hijackable subdomains | baddns |\n| web-screenshots | 1 | Takes screenshots of web pages | gowitness |\n<!-- END BBOT MODULE FLAGS -->\n\n## BBOT Output Modules\nBBOT can save its data to TXT, CSV, JSON, and tons of other destinations including [Neo4j](https://www.blacklanternsecurity.com/bbot/scanning/output/#neo4j), [Splunk](https://www.blacklanternsecurity.com/bbot/scanning/output/#splunk), and [Discord](https://www.blacklanternsecurity.com/bbot/scanning/output/#discord-slack-teams). For instructions on how to use these, see [Output Modules](https://www.blacklanternsecurity.com/bbot/scanning/output). \n\n<!-- BBOT OUTPUT MODULES -->\n| Module | Type | Needs API Key | Description | Flags | Consumed Events | Produced Events |\n|-----------------|--------|-----------------|-----------------------------------------------------------------------------------------|----------------|--------------------------------------------------------------------------------------------------|---------------------------|\n| asset_inventory | output | No | Merge hosts, open ports, technologies, findings, etc. into a single asset inventory CSV | | DNS_NAME, FINDING, HTTP_RESPONSE, IP_ADDRESS, OPEN_TCP_PORT, TECHNOLOGY, URL, VULNERABILITY, WAF | IP_ADDRESS, OPEN_TCP_PORT |\n| csv | output | No | Output to CSV | | * | |\n| discord | output | No | Message a Discord channel when certain events are encountered | | * | |\n| emails | output | No | Output any email addresses found belonging to the target domain | email-enum | EMAIL_ADDRESS | |\n| http | output | No | Send every event to a custom URL via a web request | | * | |\n| human | output | No | Output to text | | * | |\n| json | output | No | Output to Newline-Delimited JSON (NDJSON) | | * | |\n| neo4j | output | No | Output to Neo4j | | * | |\n| python | output | No | Output via Python API | | * | |\n| slack | output | No | Message a Slack channel when certain events are encountered | | * | |\n| splunk | output | No | Send every event to a splunk instance through HTTP Event Collector | | * | |\n| subdomains | output | No | Output only resolved, in-scope subdomains | subdomain-enum | DNS_NAME, DNS_NAME_UNRESOLVED | |\n| teams | output | No | Message a Teams channel when certain events are encountered | | * | |\n| web_report | output | No | Create a markdown report with web assets | | FINDING, TECHNOLOGY, URL, VHOST, VULNERABILITY | |\n| websocket | output | No | Output to websockets | | * | |\n<!-- END BBOT OUTPUT MODULES -->\n\n",
"bugtrack_url": null,
"license": "GPL-3.0",
"summary": "OSINT automation for hackers.",
"version": "1.1.7",
"project_urls": {
"Discord": "https://discord.com/invite/PZqkgxu5SA",
"Docker Hub": "https://hub.docker.com/r/blacklanternsecurity/bbot",
"Documentation": "https://www.blacklanternsecurity.com/bbot/",
"Homepage": "https://github.com/blacklanternsecurity/bbot",
"Repository": "https://github.com/blacklanternsecurity/bbot"
},
"split_keywords": [
"python",
" cli",
" automation",
" osint",
" neo4j",
" scanner",
" python-library",
" hacking",
" recursion",
" pentesting",
" recon",
" command-line-tool",
" bugbounty",
" subdomains",
" security-tools",
" subdomain-scanner",
" osint-framework",
" attack-surface",
" subdomain-enumeration",
" osint-tool"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9c3ee7bec2bb6a9946c0422a7d9b4bac1ca20a568521b1aa142a04577f4515fb",
"md5": "4bfb334d4afbc0e8c80a58cfdf61f93f",
"sha256": "16c1bd6d6b915075ec723db5b429c80efd45b3f3e357fb0e024492708d603d4f"
},
"downloads": -1,
"filename": "bbot-1.1.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4bfb334d4afbc0e8c80a58cfdf61f93f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.9",
"size": 1525795,
"upload_time": "2024-05-15T20:57:37",
"upload_time_iso_8601": "2024-05-15T20:57:37.517988Z",
"url": "https://files.pythonhosted.org/packages/9c/3e/e7bec2bb6a9946c0422a7d9b4bac1ca20a568521b1aa142a04577f4515fb/bbot-1.1.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "462c1e0274544462ed7ab45f3cf9605b5ca114ecf2d000b9810241b0fb2370a1",
"md5": "1693d641b6e544042fd890e0dd335a71",
"sha256": "7820c96145daae53c4142cfcddf8ee6048479dc054f723ef71bd24ccc0088497"
},
"downloads": -1,
"filename": "bbot-1.1.7.tar.gz",
"has_sig": false,
"md5_digest": "1693d641b6e544042fd890e0dd335a71",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.9",
"size": 1389941,
"upload_time": "2024-05-15T20:57:43",
"upload_time_iso_8601": "2024-05-15T20:57:43.138065Z",
"url": "https://files.pythonhosted.org/packages/46/2c/1e0274544462ed7ab45f3cf9605b5ca114ecf2d000b9810241b0fb2370a1/bbot-1.1.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-15 20:57:43",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "blacklanternsecurity",
"github_project": "bbot",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "bbot"
}