blackpocalypse

bbot/cli.py

@@ -32,12 +32,10 @@
 
 
 def main():
-
     err = False
     scan_name = ""
 
     try:
-
         if len(sys.argv) == 1:
             parser.print_help()
             sys.exit(1)

bbot/core/configurator/files.py

@@ -26,7 +26,6 @@ def _get_config(filename, name="config", notify=True):
 
 
 def get_config():
-
     return OmegaConf.merge(
         _get_config(defaults_filename, name="defaults"),
         _get_config(config_filename, name="config"),

bbot/core/event/base.py

@@ -29,7 +29,6 @@
 
 
 class BaseEvent:
-
     # Exclude from output modules
     _omit = False
     # Disables certain data validations
@@ -51,7 +50,6 @@ def __init__(
         _dummy=False,
         _internal=None,
     ):
-
         self._id = None
         self._hash = None
         self.__host = None

bbot/core/helpers/cloud/aws.py

@@ -2,7 +2,6 @@
 
 
 class AWS(BaseCloudProvider):
-
     domains = [
         "amazon-dss.com",
         "amazonaws.com",

bbot/core/helpers/cloud/base.py

@@ -5,7 +5,6 @@
 
 
 class BaseCloudProvider:
-
     domains = []
     regexes = {}
 

bbot/core/helpers/diff.py

@@ -11,7 +11,6 @@
 
 class HttpCompare:
     def __init__(self, baseline_url, parent_helper, method="GET", allow_redirects=False):
-
         self.parent_helper = parent_helper
         self.baseline_url = baseline_url
 
@@ -77,7 +76,6 @@ def gen_cache_buster(self):
         return {self.parent_helper.rand_string(6): "1"}
 
     def compare_headers(self, headers_1, headers_2):
-
         differing_headers = []
 
         for i, headers in enumerate((headers_1, headers_2)):
@@ -99,7 +97,6 @@ def compare_headers(self, headers_1, headers_2):
         return differing_headers
 
     def compare_body(self, content_1, content_2):
-
         if content_1 == content_2:
             return True
 

bbot/core/helpers/dns.py

@@ -26,7 +26,6 @@ class DNSHelper:
     all_rdtypes = ["A", "AAAA", "SRV", "MX", "NS", "SOA", "CNAME", "TXT"]
 
     def __init__(self, parent_helper):
-
         self.parent_helper = parent_helper
         try:
             self.resolver = dns.resolver.Resolver()
@@ -92,7 +91,7 @@ def resolve(self, query, **kwargs):
         """
         results = set()
         raw_results, errors = self.resolve_raw(query, **kwargs)
-        for (rdtype, answers) in raw_results:
+        for rdtype, answers in raw_results:
             for answer in answers:
                 for _, t in self.extract_targets(answer):
                     results.add(t)
@@ -580,7 +579,7 @@ def is_wildcard(self, query, ips=None):
                     self.debug(f"Failed to resolve {query} ({rdtype}) during wildcard detection")
                     result[rdtype] = (None, parent)
                     continue
-                for (rdtype, answers) in raw_results:
+                for rdtype, answers in raw_results:
                     for answer in answers:
                         for _, t in self.extract_targets(answer):
                             query_ips.add(t)
@@ -624,7 +623,6 @@ def is_wildcard_domain(self, domain, retries=5):
             # have we checked this host before?
             host_hash = hash(host)
             with self._wildcard_lock.get_lock(host_hash):
-
                 # if we've seen this host before
                 if host_hash in self._wildcard_cache:
                     wildcard_domain_results[host] = self._wildcard_cache[host_hash]

bbot/core/helpers/helper.py

@@ -58,7 +58,6 @@ def interactsh(self):
         return Interactsh(self)
 
     def http_compare(self, url, allow_redirects=False):
-
         return HttpCompare(url, self, allow_redirects=allow_redirects)
 
     def temp_filename(self):

bbot/core/helpers/interactsh.py

@@ -29,7 +29,6 @@ def __init__(self, parent_helper):
         self._thread = None
 
     def register(self, callback=None):
-
         rsa = RSA.generate(1024)
 
         self.public_key = rsa.publickey().exportKey()
@@ -84,7 +83,6 @@ def register(self, callback=None):
         return self.domain
 
     def deregister(self):
-
         if not self.server or not self.correlation_id or not self.secret:
             raise InteractshError(f"Missing required information to deregister")
 
@@ -99,7 +97,6 @@ def deregister(self):
             raise InteractshError(f"Failed to de-register with interactsh server {self.server}")
 
     def poll(self):
-
         if not self.server or not self.correlation_id or not self.secret:
             raise InteractshError(f"Missing required information to poll")
 
@@ -116,7 +113,6 @@ def poll(self):
             aes_key = r.json()["aes_key"]
 
             for data in data_list:
-
                 decrypted_data = self.decrypt(aes_key, data)
                 yield decrypted_data
 

bbot/core/helpers/web.py

@@ -181,7 +181,6 @@ def api_page_iter(self, url, page_size=100, json=True, **requests_kwargs):
 
 
 def curl(self, *args, **kwargs):
-
     url = kwargs.get("url", "")
 
     if not url:
@@ -248,7 +247,6 @@ def curl(self, *args, **kwargs):
 
     cookies = kwargs.get("cookies", "")
     if cookies:
-
         curl_command.append("-b")
         cookies_str = ""
         for k, v in cookies.items():

bbot/core/logger/logger.py

@@ -110,7 +110,6 @@ def log_worker_setup(logging_queue):
 
 
 def log_listener_setup(logging_queue):
-
     log_dir = Path(config["home"]) / "logs"
     if not mkdir(log_dir, raise_error=False):
         error_and_exit(f"Failure creating or error writing to BBOT logs directory ({log_dir})")

bbot/modules/anubisdb.py

@@ -2,7 +2,6 @@
 
 
 class anubisdb(crobat):
-
     flags = ["subdomain-enum", "passive", "safe"]
     watched_events = ["DNS_NAME"]
     produced_events = ["DNS_NAME"]

bbot/modules/badsecrets.py

@@ -4,7 +4,6 @@
 
 
 class badsecrets(BaseModule):
-
     watched_events = ["HTTP_RESPONSE"]
     produced_events = ["FINDING", "VULNERABILITY"]
     flags = ["active", "safe", "web-basic"]

bbot/modules/base.py

@@ -13,7 +13,6 @@
 
 
 class BaseModule:
-
     # Event types to watch
     watched_events = []
     # Event types to produce
@@ -260,7 +259,6 @@ def start(self):
         self.thread.start()
 
     def _setup(self):
-
         status_codes = {False: "hard-fail", None: "soft-fail", True: "success"}
 
         status = False

bbot/modules/builtwith.py

@@ -14,7 +14,6 @@
 
 
 class builtwith(shodan_dns):
-
     watched_events = ["DNS_NAME"]
     produced_events = ["DNS_NAME"]
     flags = ["affiliates", "subdomain-enum", "passive", "safe"]

bbot/modules/bypass403.py

@@ -70,23 +70,20 @@
 
 
 class bypass403(BaseModule):
-
     watched_events = ["URL"]
     produced_events = ["FINDING"]
     flags = ["active", "aggressive", "web-advanced"]
     meta = {"description": "Check 403 pages for common bypasses"}
     in_scope_only = True
 
     def handle_event(self, event):
-
         try:
             compare_helper = self.helpers.http_compare(event.data, allow_redirects=True)
         except HttpCompareError as e:
             self.debug(e)
             return
 
         for sig in signatures:
-
             sig = self.format_signature(sig, event)
             if sig[2] != None:
                 headers = dict(sig[2])
@@ -98,7 +95,6 @@ def handle_event(self, event):
 
             if match == False:
                 if str(subject_response.status_code)[0] != "4":
-
                     if sig[2]:
                         added_header_tuple = next(iter(sig[2].items()))
                         reported_signature = f"Added Header: {added_header_tuple[0]}: {added_header_tuple[1]}"

bbot/modules/cookie_brute.py

@@ -22,14 +22,12 @@ class cookie_brute(header_brute):
     compare_mode = "cookie"
 
     def check_batch(self, compare_helper, url, cookie_list):
-
         if self.scan.stopping:
             raise ScanCancelledError()
         cookies = {p: self.rand_string(14) for p in cookie_list}
         return compare_helper.compare(url, cookies=cookies)
 
     def gen_count_args(self, url):
-
         cookie_count = 40
         while 1:
             if cookie_count < 0:

bbot/modules/crt.py

@@ -2,7 +2,6 @@
 
 
 class crt(crobat):
-
     flags = ["subdomain-enum", "passive", "safe"]
     watched_events = ["DNS_NAME"]
     produced_events = ["DNS_NAME"]

bbot/modules/deadly/ffuf.py

@@ -7,7 +7,6 @@
 
 
 class ffuf(BaseModule):
-
     watched_events = ["URL"]
     produced_events = ["URL_UNVERIFIED"]
     flags = ["brute-force", "aggressive", "active", "web-advanced"]
@@ -48,7 +47,6 @@ class ffuf(BaseModule):
     in_scope_only = True
 
     def setup(self):
-
         self.sanity_canary = "".join(random.choice(string.ascii_lowercase) for i in range(10))
         wordlist_url = self.config.get("wordlist", "")
         self.wordlist = self.helpers.wordlist(wordlist_url)
@@ -74,7 +72,6 @@ def handle_event(self, event):
             self.emit_event(r["url"], "URL_UNVERIFIED", source=event, tags=[f"status-{r['status']}"])
 
     def execute_ffuf(self, tempfile, event, url, suffix=""):
-
         ffuf_exts = [""]
 
         if self.extensions:

bbot/modules/deadly/nuclei.py

@@ -5,7 +5,6 @@
 
 
 class nuclei(BaseModule):
-
     watched_events = ["URL", "TECHNOLOGY"]
     produced_events = ["FINDING", "VULNERABILITY"]
     flags = ["active", "aggressive", "web-advanced"]
@@ -49,7 +48,6 @@ class nuclei(BaseModule):
     in_scope_only = True
 
     def setup(self):
-
         # attempt to update nuclei templates
         self.nuclei_templates_dir = self.helpers.tools_dir / "nuclei-templates"
         self.info("Updating Nuclei templates")
@@ -121,7 +119,6 @@ def setup(self):
         return True
 
     def handle_batch(self, *events):
-
         nuclei_input = [str(e.data) for e in events]
         for severity, template, host, name, extracted_results in self.execute_nuclei(nuclei_input):
             source_event = self.correlate_event(events, host)
@@ -161,7 +158,6 @@ def correlate_event(self, events, host):
         self.warning("Failed to correlate nuclei result with event")
 
     def execute_nuclei(self, nuclei_input):
-
         command = [
             "nuclei",
             "-json",
@@ -297,7 +293,6 @@ def find_collapsable_templates(self):
             if yf:
                 for paths in self.get_yaml_request_attr(yf, "path"):
                     if set(paths).issubset(self.budget_paths):
-
                         headers = self.get_yaml_request_attr(yf, "headers")
                         for header in headers:
                             if header:

bbot/modules/deadly/vhost.py

@@ -2,7 +2,6 @@
 
 
 class vhost(BaseModule):
-
     watched_events = ["URL"]
     produced_events = ["VHOST", "DNS_NAME"]
     flags = ["active", "brute-force", "aggressive", "slow", "web-advanced"]

bbot/modules/dnszonetransfer.py

@@ -5,7 +5,6 @@
 
 
 class dnszonetransfer(BaseModule):
-
     flags = ["subdomain-enum", "active", "safe"]
     watched_events = ["DNS_NAME"]
     produced_events = ["DNS_NAME"]

bbot/modules/ffuf_shortnames.py

@@ -6,7 +6,6 @@
 
 
 class ffuf_shortnames(ffuf):
-
     watched_events = ["URL_HINT"]
     produced_events = ["URL_UNVERIFIED"]
     flags = ["brute-force", "aggressive", "active", "web-advanced", "iis-shortnames"]
@@ -59,7 +58,6 @@ def setup(self):
         return True
 
     def handle_event(self, event):
-
         filename_hint = re.sub(r"~\d", "", event.parsed.path.rsplit(".", 1)[0].split("/")[-1]).lower()
 
         if len(filename_hint) == 6:
@@ -72,12 +70,10 @@ def handle_event(self, event):
             tempfile_len = 1
 
         if tempfile_len > 0:
-
             root_stub = "/".join(event.parsed.path.split("/")[:-1])
             root_url = f"{event.parsed.scheme}://{event.parsed.netloc}{root_stub}/"
 
             if "shortname-file" in event.tags:
-
                 used_extensions = []
                 extension_hint = event.parsed.path.rsplit(".", 1)[1].lower().strip()
 
@@ -88,11 +84,9 @@ def handle_event(self, event):
                             used_extensions.append(l.strip())
 
                 for ext in used_extensions:
-
                     for r in self.execute_ffuf(tempfile, event, root_url, suffix=f".{ext}"):
                         self.emit_event(r["url"], "URL_UNVERIFIED", source=event, tags=[f"status-{r['status']}"])
 
             elif "shortname-directory" in event.tags:
-
                 for r in self.execute_ffuf(tempfile, event, root_url):
                     self.emit_event(r["url"], "URL_UNVERIFIED", source=event, tags=[f"status-{r['status']}"])