From 628bce98704668fccc7f117677c2abd3bf1eb55f Mon Sep 17 00:00:00 2001 From: TheTechromancer <20261699+TheTechromancer@users.noreply.github.com> Date: Wed, 29 Jan 2025 02:43:39 +0000 Subject: [PATCH] [create-pull-request] automated change --- docs/scanning/advanced.md | 40 ++++++++++++++++------------------ docs/scanning/configuration.md | 1 + docs/scanning/presets_list.md | 2 ++ 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/docs/scanning/advanced.md b/docs/scanning/advanced.md index ffe182bef..794dcf587 100644 --- a/docs/scanning/advanced.md +++ b/docs/scanning/advanced.md @@ -42,9 +42,9 @@ usage: bbot [-h] [-t TARGET [TARGET ...]] [-w WHITELIST [WHITELIST ...]] [--current-preset] [--current-preset-full] [-o DIR] [-om MODULE [MODULE ...]] [-lo] [--json] [--brief] [--event-types EVENT_TYPES [EVENT_TYPES ...]] [--exclude-cdn] - [--no-deps | --force-deps | --retry-deps | --ignore-failed-deps | --install-all-deps] - [--version] [--proxy HTTP_PROXY] - [-H CUSTOM_HEADERS [CUSTOM_HEADERS ...]] + [--no-deps | --force-deps | --retry-deps | + --ignore-failed-deps | --install-all-deps] [--version] + [--proxy HTTP_PROXY] [-H CUSTOM_HEADERS [CUSTOM_HEADERS ...]] [--custom-yara-rules CUSTOM_YARA_RULES] [--user-agent USER_AGENT] @@ -54,41 +54,40 @@ options: -h, --help show this help message and exit Target: - -t TARGET [TARGET ...], --targets TARGET [TARGET ...] + -t, --targets TARGET [TARGET ...] Targets to seed the scan - -w WHITELIST [WHITELIST ...], --whitelist WHITELIST [WHITELIST ...] + -w, --whitelist WHITELIST [WHITELIST ...] What's considered in-scope (by default it's the same as --targets) - -b BLACKLIST [BLACKLIST ...], --blacklist BLACKLIST [BLACKLIST ...] + -b, --blacklist BLACKLIST [BLACKLIST ...] Don't touch these things --strict-scope Don't consider subdomains of target/whitelist to be in-scope Presets: - -p [PRESET ...], --preset [PRESET ...] + -p, --preset [PRESET ...] Enable BBOT preset(s) - -c [CONFIG ...], --config [CONFIG ...] + -c, --config [CONFIG ...] Custom config options in key=value format: e.g. 'modules.shodan.api_key=1234' -lp, --list-presets List available presets. Modules: - -m MODULE [MODULE ...], --modules MODULE [MODULE ...] + -m, --modules MODULE [MODULE ...] Modules to enable. Choices: affiliates,ajaxpro,anubisdb,apkpure,asn,azure_realm,azure_tenant,baddns,baddns_direct,baddns_zone,badsecrets,bevigil,binaryedge,bucket_amazon,bucket_azure,bucket_digitalocean,bucket_file_enum,bucket_firebase,bucket_google,bufferoverrun,builtwith,bypass403,c99,censys,certspotter,chaos,code_repository,credshed,crt,dastardly,dehashed,digitorus,dnsbimi,dnsbrute,dnsbrute_mutations,dnscaa,dnscommonsrv,dnsdumpster,dnstlsrpt,docker_pull,dockerhub,dotnetnuke,emailformat,extractous,ffuf,ffuf_shortnames,filedownload,fingerprintx,fullhunt,generic_ssrf,git,git_clone,github_codesearch,github_org,github_workflows,gitlab,google_playstore,gowitness,hackertarget,host_header,httpx,hunt,hunterio,iis_shortnames,internetdb,ip2location,ipneighbor,ipstack,jadx,leakix,myssl,newsletters,ntlm,nuclei,oauth,otx,paramminer_cookies,paramminer_getparams,paramminer_headers,passivetotal,pgp,portfilter,portscan,postman,postman_download,rapiddns,robots,securitytrails,securitytxt,shodan_dns,sitedossier,skymem,smuggler,social,sslcert,subdomaincenter,subdomainradar,telerik,trickest,trufflehog,url_manipulation,urlscan,vhost,viewdns,virustotal,wafw00f,wappalyzer,wayback,wpscan,zoomeye -l, --list-modules List available modules. -lmo, --list-module-options Show all module config options - -em MODULE [MODULE ...], --exclude-modules MODULE [MODULE ...] + -em, --exclude-modules MODULE [MODULE ...] Exclude these modules. - -f FLAG [FLAG ...], --flags FLAG [FLAG ...] + -f, --flags FLAG [FLAG ...] Enable modules by flag. Choices: active,affiliates,aggressive,baddns,cloud-enum,code-enum,deadly,email-enum,iis-shortnames,passive,portscan,report,safe,service-enum,slow,social-enum,subdomain-enum,subdomain-hijack,web-basic,web-paramminer,web-screenshots,web-thorough -lf, --list-flags List available flags. - -rf FLAG [FLAG ...], --require-flags FLAG [FLAG ...] + -rf, --require-flags FLAG [FLAG ...] Only enable modules with these flags (e.g. -rf passive) - -ef FLAG [FLAG ...], --exclude-flags FLAG [FLAG ...] + -ef, --exclude-flags FLAG [FLAG ...] Disable modules with these flags. (e.g. -ef aggressive) --allow-deadly Enable the use of highly aggressive modules Scan: - -n SCAN_NAME, --name SCAN_NAME - Name of scan (default: random) + -n, --name SCAN_NAME Name of scan (default: random) -v, --verbose Be more verbose -d, --debug Enable debugging -s, --silent Be quiet @@ -101,9 +100,8 @@ Scan: Show the current preset in its full form, including defaults Output: - -o DIR, --output-dir DIR - Directory to output scan results - -om MODULE [MODULE ...], --output-modules MODULE [MODULE ...] + -o, --output-dir DIR Directory to output scan results + -om, --output-modules MODULE [MODULE ...] Output module(s). Choices: asset_inventory,csv,discord,emails,http,json,mysql,neo4j,nmap_xml,postgres,python,slack,splunk,sqlite,stdout,subdomains,teams,txt,web_parameters,web_report,websocket -lo, --list-output-modules List available output modules @@ -125,11 +123,11 @@ Module dependencies: Misc: --version show BBOT version and exit --proxy HTTP_PROXY Use this proxy for all HTTP requests - -H CUSTOM_HEADERS [CUSTOM_HEADERS ...], --custom-headers CUSTOM_HEADERS [CUSTOM_HEADERS ...] + -H, --custom-headers CUSTOM_HEADERS [CUSTOM_HEADERS ...] List of custom headers as key value pairs (header=value). - --custom-yara-rules CUSTOM_YARA_RULES, -cy CUSTOM_YARA_RULES + --custom-yara-rules, -cy CUSTOM_YARA_RULES Add custom yara rules to excavate - --user-agent USER_AGENT, -ua USER_AGENT + --user-agent, -ua USER_AGENT Set the user-agent for all HTTP requests EXAMPLES diff --git a/docs/scanning/configuration.md b/docs/scanning/configuration.md index d7940a337..2417d628a 100644 --- a/docs/scanning/configuration.md +++ b/docs/scanning/configuration.md @@ -399,6 +399,7 @@ Many modules accept their own configuration options. These options have the abil | modules.sslcert.skip_non_ssl | bool | Don't try common non-SSL ports | True | | modules.sslcert.timeout | float | Socket connect timeout in seconds | 5.0 | | modules.telerik.exploit_RAU_crypto | bool | Attempt to confirm any RAU AXD detections are vulnerable | False | +| modules.telerik.include_subdirs | bool | Include subdirectories in the scan (off by default) | False | | modules.url_manipulation.allow_redirects | bool | Allowing redirects will sometimes create false positives. Disallowing will sometimes create false negatives. Allowed by default. | True | | modules.vhost.force_basehost | str | Use a custom base host (e.g. evilcorp.com) instead of the default behavior of using the current URL | | | modules.vhost.lines | int | take only the first N lines from the wordlist when finding directories | 5000 | diff --git a/docs/scanning/presets_list.md b/docs/scanning/presets_list.md index 50fccb1d9..4f8df91f0 100644 --- a/docs/scanning/presets_list.md +++ b/docs/scanning/presets_list.md @@ -239,6 +239,7 @@ Comprehensive scan for all IIS/.NET specific modules and module settings extensions: asp,aspx,ashx,asmx,ascx telerik: exploit_RAU_crypto: True + include_subdirs: True # Run against every directory, not the default first received URL per-host ``` Category: web @@ -272,6 +273,7 @@ Comprehensive scan for all IIS/.NET specific modules and module settings extensions: asp,aspx,ashx,asmx,ascx telerik: exploit_RAU_crypto: True + include_subdirs: True # Run against every directory, not the default first received URL per-host ```