Comments (5)
TheTechromancer
commented on June 16, 2024
It seems like somewhere in your target list there's a host of github.com.
from bbot.
domwhewell-sage
commented on June 16, 2024
This was the target list https://gist.github.com/domwhewell-sage/f198f395e0cf07b29528a99ad210f9b0, I was wondering if its pulled github.com out from a URL and speculate has used that as a ORG_STUB.
I cant remember if the scope_distance_modifier = 2 is relevant in these modules. Maybe thats the cause
from bbot.
TheTechromancer
commented on June 16, 2024
Ah I think this is the culprit
CODE_REPOSITORY is inheriting a scope distance of 0 and speculate is turning it into a URL.
from bbot.
TheTechromancer
commented on June 16, 2024
So... The real cause of this bug is that we set all targets' scope distance to 0 when the scan starts.
The fix for this is awkward because in BBOT 2.0, targets aren't blindly marked as in-scope anymore; so target ORGs become distance-1, which solves this issue.
I'm not sure what to do here since if we pushed a fix, we'd need to remember to unfix it when we merge 2.0.
from bbot.
TheTechromancer
commented on June 16, 2024
Fixed in #1348.
from bbot.
Related Issues (20)
- dockerhub not accepting `org:` from targets HOT 3
- Event Discovery Context
- Badsecrets Bug HOT 2
- Wrong Format of URL Detected HOT 5
- Revisit Nuclei directory_only setting HOT 3
- I hope fofa api will be added in the future HOT 3
- Content Search Module
- httpx module not getting downloaded HOT 8
- Enhancement: Notifications Cache
- Baddns Incoming Huge Numbers
- Save Paramminer Dynamic Wordlist For Each HTTP Response
- `self.timeout` unused in gowitness module HOT 4
- RuntimeError: context has already been set HOT 4
- WPScan Module HOT 4
- Kill Multiple Modules
- Sponsor Upstream Dependencies
- IPv6 regex pattern incorrectly matches non-IPv6 addresses, no testing is being done for IP related regex patterns HOT 5
- pre-commit git hooks described in contribution.md, but no example .pre-commit-config.yaml provided
- Utilise DNS CAA records, extract authorised CAA's as affiliates, extract emails and URL's from any IODEF reporting destinations HOT 3
- Filedownload.handle_event (url_unverified) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbot.