Comments (5)
This is difficult to do, since even seconds after the scan starts, new events are spawned from the targets and enqueued with the modules.
To remove a target mid-scan, you would not only need to remove it from the target object, but retroactively inspect every module queue and remove any events related to that target.
It's our next big goal to make an interactive CLI for BBOT that has much richer functionality, especially for interacting with live scans. This might be a good feature request for that tool.
from bbot.
@TheTechromancer fair enough, I did not consider that, it would be a lot of overhead. In the meantime there could be a quick scan of seed DNS names at the start that notifies the user that they have put in a seed domain likely to have a massive enumeration space (AWS, azure, WAFs, CDNs) but this responsibility probably falls outside of the scope of bbot to be honest! It's great to here that a more interactive tool is planned.
from bbot.
That's not a bad idea. I actually think that would be a good feature to have.
BBOT already has builtin functionality to check whether a domain belongs to a cloud provider. So this would be an easy add.
from bbot.
Awesome, I think you're right, one wrong domain and you're looking at infinite recursion which could cost people serious money depending on their setup. In my case, today I found that I had the following huge apex domains in my seeds by accident, leading to 5 hours wasted in my scan and a lot of VPS bandwidth used:
gstatic.com
akamaitechnologies.com
google.com
awscloud.com
awsdns.co.uk
Maybe can start with a small list and let people PR more obscure ones into the list over time.
from bbot.
Feature added in #1461.
@felipewarrener FYI, we keep track of cloud domains in a separate repo: cloudcheck. Currently we're keeping manual track of these cloud domains; however it's on our TODO to automate this, maybe to pull from a community list.
If you run into domains that aren't detected properly, please let us know on the cloudcheck repo. Or if you're interested in working on it yourself we would love to have your help!
from bbot.
Related Issues (20)
- Modile jwt_tool to check for jwts with certain CVE issues? HOT 2
- Enable Cookies By Default
- Don't Increment Scope Distance for Hostless Events HOT 5
- Optimize Neo4j
- Discrepancies in wappalyzer findings. HOT 3
- Duplicate DNS_NAME_UNRESOLVED HOT 1
- Consider adding additional domain URLs using free Hudson Rock Cybercrime Intelligence integration HOT 4
- Occasional Newlines in URLs
- Trufflehog is not version locked HOT 1
- Don't shuffle portscan queues HOT 1
- Numpy import error on tests HOT 2
- unstructured module (dev) doesn't work on arch HOT 5
- Run Tests on Multiple Linux Distros HOT 1
- Tool not moving on with no events in queue? HOT 5
- api key placeholders missing in fresh config HOT 1
- Ways to optimise memory usage? HOT 1
- Wayback misbehaving
- Presets: wait until .bake() to create target object HOT 1
- Merge parse_list_string() and chain_lists() HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbot.