### BBOT List Presets Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/advanced.md Command to list all available BBOT presets. ```bash bbot -lp ``` -------------------------------- ### Install Python 3.9+ and BBOT Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/troubleshooting.md Use this command sequence to install a newer Python version (3.9+) and then install BBOT if you encounter installation errors related to old Python versions. ```bash # install a newer version of python sudo apt install python3.9 python3.9-venv # install pipx python3.9 -m pip install --user pipx # add pipx to your path python3.9 -m pipx ensurepath # reboot reboot # install bbot python3.9 -m pipx install bbot # run bbot bbot --help ``` -------------------------------- ### BBOT Module Help Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/advanced.md Command to display help information for a specific BBOT module. ```bash bbot -mh ``` -------------------------------- ### Preset Load Order Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Demonstrates how preset order affects configuration, where later presets override earlier ones. ```bash bbot -t evilcorp.com -p ./my_spider.yml spider ``` -------------------------------- ### BBOT List Modules Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/advanced.md Command to list all available BBOT modules. ```bash bbot -l ``` -------------------------------- ### BBOT List Flags Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/advanced.md Command to list all available BBOT flags. ```bash bbot -lf ``` -------------------------------- ### BBOT List Output Modules Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/advanced.md Command to list all available BBOT output modules. ```bash bbot -lo ``` -------------------------------- ### Execute BBOT Command Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Shows how to execute the BBOT command after installation to view its help message. ```bash bbot --help ``` -------------------------------- ### Proxying Burp with BBOT Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/tips_and_tricks.md Example of running BBOT with subdomain enumeration, web screenshots, and proxying through Burp. ```bash bbot -t evilcorp.com -f subdomain-enum -m gowitness -c web.http_proxy=http://127.0.0.1:8080 ``` -------------------------------- ### Start Neo4j with Docker Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md Launches a Neo4j instance in the background using Docker, mapping ports and mounting a volume for data persistence. It sets the authentication credentials. ```bash # start Neo4j in the background with docker docker run -d -p 7687:7687 -p 7474:7474 -v "$(pwd)/neo4j/:/data/" -e NEO4J_AUTH=neo4j/bbotislife neo4j ``` -------------------------------- ### Install Bleeding Edge BBOT with pipx Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Installs the development version of BBOT from the main branch using pipx. Use this for the latest features and bug fixes, but be aware it may be less stable. ```bash pipx install --pip-args '\--pre' bbot ``` -------------------------------- ### Install Stable BBOT with pipx Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Installs the latest stable version of BBOT using pipx. This method installs the package in its own isolated virtual environment. ```bash pipx install bbot ``` -------------------------------- ### Preset Load Order Reversed Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Ensures the 'spider' preset's configuration takes precedence over 'my_spider.yml' by changing the load order. ```bash bbot -t evilcorp.com -p spider ./my_spider.yml ``` -------------------------------- ### Example JSON Event Output Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md This is an example of a single event record in JSON format, as produced by the JSON output module. ```json { "type": "IP_ADDRESS", "id": "IP_ADDRESS:13cd09c2adf0860a582240229cd7ad1dccdb5eb1", "data": "1.2.3.4", "scope_distance": 1, "scan": "SCAN:64c0e076516ae7aa6502fd99489693d0d5ec26cc", "timestamp": 1688518967.740472, "resolved_hosts": ["1.2.3.4"], "parent": "DNS_NAME:2da045542abbf86723f22383d04eb453e573723c", "tags": ["distance-1", "ipv4", "internal"], "module": "A", "module_sequence": "A" } ``` -------------------------------- ### DNS Wildcard Detection Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/index.md Illustrates how BBOT detects and tags wildcard DNS names. Wildcard hosts are collapsed into a single host prefixed with '_wildcard'. ```text [DNS_NAME] github.io TARGET (a-record, a-wildcard-domain, aaaa-wildcard-domain, wildcard-domain) ^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^ [DNS_NAME] _wildcard.github.io TARGET (a-record, a-wildcard, a-wildcard-domain, aaaa-record, aaaa-wildcard, aaaa-wildcard-domain, wildcard, wildcard-domain) ^^^^^^^^^ ``` -------------------------------- ### Console Output of BBOT Events Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/events.md This example shows how BBOT events are displayed on the console during a scan, illustrating the event type, data, source module, and associated tags. ```text [DNS_NAME] www.evilcorp.com sslcert (distance-0, in-scope, resolved, subdomain, a-record) ^^^^^^^^ ^^^^^^^^^^^^^^^^ ^^^^^^^ ^^^^^^^^^^ ``` -------------------------------- ### Subdomains Output Example Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md The subdomains output module generates a simple text file containing in-scope and resolved subdomains. ```text evilcorp.com www.evilcorp.com mail.evilcorp.com portal.evilcorp.com ``` -------------------------------- ### Grep TXT Output for DNS Names Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md This example shows how to extract specific data, like DNS names, from the tab-delimited TXT output file using standard Unix tools. ```bash cat ~/.bbot/scans/extreme_johnny/output.txt | grep '[DNS_NAME]' | cut -f2 evilcorp.com www.evilcorp.com mail.evilcorp.com ``` -------------------------------- ### Configure Web Spider Settings Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/tips_and_tricks.md Enable and configure the web spider to find data within webpages by adjusting depth, distance, and links per page. The 'spider_distance' must be non-zero to enable spidering. The example configures depth to 2, distance to 2, and links per page to 25. ```yaml config: web: spider_depth: 2 spider_distance: 2 spider_links_per_page: 25 ``` ```bash bbot -t www.evilcorp.com -m httpx -c spider.yml ``` ```bash bbot -t evilcorp.com -f subdomain-enum -c spider.yml ``` -------------------------------- ### Lightfuzz-Heavy Web Parameter Discovery Preset Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets_list.md This preset discovers web parameters and performs light fuzzing for vulnerabilities, including POST parameters. It includes the 'lightfuzz-medium' preset and the 'web-paramminer' flag, along with the 'robots' module. The configuration enables specific submodules for fuzzing and allows POST requests to be tried as GET and vice-versa. ```yaml description: Discover web parameters and lightly fuzz them for vulnerabilities, with more intense discovery techniques, including POST parameters, which are more invasive. Uses all lightfuzz modules, and adds paramminer modules for parameter discovery. Avoids running against confirmed WAFs. include: - lightfuzz-medium flags: - web-paramminer modules: - robots config: modules: lightfuzz: enabled_submodules: [cmdi,crypto,path,serial,sqli,ssti,xss,esi] disable_post: False try_post_as_get: True try_get_as_post: True ``` -------------------------------- ### Specify API Key on Command Line Source: https://github.com/blacklanternsecurity/bbot/blob/stable/README.md Alternatively, API keys can be provided directly on the command line when running BBOT. ```bash bbot -c modules.virustotal.api_key=dd5f0eee2e4a99b71a939bded450b246 ``` -------------------------------- ### List Available Presets Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Command to list all available BBOT presets located in ~/.bbot/presets. ```bash # list available presets bbot -lp ``` -------------------------------- ### Enable Multiple Presets Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Combine 'subdomain-enum' and 'spider' presets for a comprehensive scan. ```bash # multiple presets - subdomain enumeration + web spider bbot -t evilcorp.com -p subdomain-enum spider ``` -------------------------------- ### Enable and Use Web Parameters Output Module Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md Demonstrates how to enable the web_parameters output module and use a paramminer module to discover new web parameters. Web parameter extraction is enabled by default when a module consuming WEB_PARAMETER events is included. ```bash bbot -t evilcorp.com -m paramminer_getparams -c modules.paramminer_getparams.wordlist=/path/to/your/new/wordlist.txt ``` -------------------------------- ### dirbust-light Preset YAML Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets_list.md This preset performs basic web directory brute-forcing, focusing on surface-level directories and configuring ffuf for a wordlist size of 1000 lines. ```yaml description: Basic web directory brute-force (surface-level directories only) include: - iis-shortnames modules: - ffuf config: modules: ffuf: # wordlist size = 1000 lines: 1000 ``` -------------------------------- ### Run BBOT Docker Image (Stable-Full) Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Runs the latest stable version of BBOT with all dependencies preinstalled using Docker. The '-it' flags ensure an interactive terminal. ```bash docker run -it blacklanternsecurity/bbot:stable-full --help ``` -------------------------------- ### Execute Custom Preset Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Run BBOT using a locally defined custom preset file. ```bash bbot -p ./my_subdomains.yml ``` -------------------------------- ### Loading Targets from File and Command Line Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/index.md Combine targets from a file and directly on the command line for comprehensive scan scope. BBOT accepts various target formats. ```bash cat targets.txt 4.3.2.1 10.0.0.2:80 1.2.3.0/24 evilcorp.com evilcorp.co.uk https://www.evilcorp.co.uk # load targets from a file and from the command-line $ bbot -t targets.txt fsociety.com 5.6.7.0/24 -m portscan ``` -------------------------------- ### Get all "in-scope" DNS Nodes Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md A Cypher query to retrieve all DNS nodes tagged as "in-scope" and return their data and tags properties. ```cypher // Get all "in-scope" DNS Nodes and return just data and tags properties MATCH (n:DNS_NAME) WHERE "in-scope" IN n.tags RETURN n.data, n.tags ``` -------------------------------- ### Blacklist Specific Subdomain Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/index.md The --blacklist flag takes precedence and excludes specified targets and their children from the scan, even if they are whitelisted. This example scans 'evilcorp.com' but excludes 'internal.evilcorp.com' and its subdomains. ```bash # Scan evilcorp.com, but exclude internal.evilcorp.com and its children bbot -t evilcorp.com --blacklist internal.evilcorp.com -f subdomain-enum -m portscan nuclei --allow-deadly ``` -------------------------------- ### Basic Preset Usage Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Execute a scan using a predefined preset file. ```bash bbot -p ./my_preset.yml ``` -------------------------------- ### Run BBOT Docker Image (Dev-Full) Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Runs the bleeding-edge development version of BBOT with all dependencies preinstalled using Docker. The '-it' flags ensure an interactive terminal. ```bash docker run -it blacklanternsecurity/bbot:dev-full --help ``` -------------------------------- ### Disable URL Querystring Removal for Fuzzing Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/modules/lightfuzz.md To enable fuzzing of GET parameters, the default BBOT setting to strip querystrings must be disabled. This configuration change is necessary for Lightfuzz to function correctly. ```yaml url_querystring_remove: False ``` -------------------------------- ### Example BBOT Event JSON Structure Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/events.md This JSON object represents a typical BBOT event, showcasing all available attributes and their data types. It is useful for understanding the structure of collected data and for programmatic processing. ```json { "type": "DNS_NAME", "id": "DNS_NAME:33bc005c2bdfea4d73e07db733bd11861cf6520e", "uuid": "DNS_NAME:6c96d512-090a-47f0-82e4-6860e46aac13", "scope_description": "in-scope", "data": "link.evilcorp.com", "host": "link.evilcorp.com", "resolved_hosts": [ "184.31.52.65", "2600:1402:b800:d82::700", "2600:1402:b800:d87::700", "link.evilcorp.com.edgekey.net" ], "dns_children": { "A": [ "184.31.52.65" ], "AAAA": [ "2600:1402:b800:d82::700", "2600:1402:b800:d87::700" ], "CNAME": [ "link.evilcorp.com.edgekey.net" ] }, "web_spider_distance": 0, "scope_distance": 0, "scan": "SCAN:b6ef48bc036bc8d001595ae5061846a7e6beadb6", "timestamp": "2024-10-18T15:40:13.716880+00:00", "parent": "DNS_NAME:94c92b7eaed431b37ae2a757fec4e678cc3bd213", "parent_uuid": "DNS_NAME:c737dffa-d4f0-4b6e-a72d-cc8c05bd892e", "tags": [ "subdomain", "a-record", "cdn-akamai", "in-scope", "cname-record", "aaaa-record" ], "module": "speculate", "module_sequence": "speculate->speculate", "discovery_context": "speculated parent DNS_NAME: link.evilcorp.com", "discovery_path": [ "Scan insidious_frederick seeded with DNS_NAME: evilcorp.com", "TXT record for evilcorp.com contains IP_ADDRESS: 149.72.247.52", "PTR record for 149.72.247.52 contains DNS_NAME: o1.ptr2410.link.evilcorp.com", "speculated parent DNS_NAME: ptr2410.link.evilcorp.com", "speculated parent DNS_NAME: link.evilcorp.com" ], "parent_chain": [ "DNS_NAME:34c657a3-0bfa-457e-9e6e-0f22f04b8da5", "IP_ADDRESS:efc0fb3b-1b42-44da-916e-83db2360e10e", "DNS_NAME:c737dffa-d4f0-4b6e-a72d-cc8c05bd892e", "DNS_NAME_UNRESOLVED:722a3473-30c6-40f1-90aa-908d47105d5a", "DNS_NAME:6c96d512-090a-47f0-82e4-6860e46aac13" ] } ``` -------------------------------- ### Preset with Manual Configuration Override Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Apply a preset and override specific configuration options, such as web spider distance. ```bash # preset + manual config override bbot -t www.evilcorp.com -p spider -c web.spider_distance=10 ``` -------------------------------- ### Configure Module Threads Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/tips_and_tricks.md Adjust the number of threads for a specific BBOT module to control its parallelism. This can speed up slow modules by allowing more instances to run concurrently. The example shows increasing threads for the 'baddns' module. ```python class baddns(BaseModule): module_threads = 8 ``` ```bash bbot -t evilcorp.com -m baddns -c modules.baddns.module_threads=20 ``` -------------------------------- ### Boost DNS Brute-force Speed Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/tips_and_tricks.md Increase the thread count for 'massdns' to accelerate subdomain enumeration, especially on fast internet connections or cloud VMs. The default is 1000 threads, but this example sets it to 5000 for higher throughput. ```bash bbot -t evilcorp.com -f subdomain-enum -c dns.brute_threads=5000 ``` -------------------------------- ### Run 'Everything Everywhere All at Once' Scan Source: https://github.com/blacklanternsecurity/bbot/blob/stable/README.md Execute a comprehensive scan using the 'kitchen-sink' preset, which includes a wide array of modules. The '--allow-deadly' flag enables potentially disruptive modules. ```bash # everything everywhere all at once bbot -t evilcorp.com -p kitchen-sink --allow-deadly # roughly equivalent to: bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots --allow-deadly ``` -------------------------------- ### Whitelist Scope to Specific IP Range Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/index.md Use the --whitelist flag to restrict the scan scope to a specific IP range while seeding the scan with a target. This example seeds with 'evilcorp.com' and restricts the scope to the '1.2.3.0/24' IP range, then runs 'portscan' and 'nuclei' modules. ```bash # Seed scan with evilcorp.com, but restrict scope to 1.2.3.0/24 bbot -t evilcorp.com --whitelist 1.2.3.0/24 -f subdomain-enum -m portscan nuclei --allow-deadly ``` -------------------------------- ### Listing Modules by Flag Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/index.md View all available modules associated with a specific flag, like 'subdomain-enum', to understand their grouping. ```bash bbot -f subdomain-enum -l ``` -------------------------------- ### Configure Elasticsearch Output via Preset Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md Set up Elasticsearch output using a configuration preset, specifying the URL, SIEM compatibility, and authentication credentials. ```yaml config: modules: http: url: http://localhost:8000//_doc siem_friendly: true username: elastic password: changeme ``` -------------------------------- ### Execute BBOT Docker Helper Script Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Clones the BBOT repository and executes the helper script for Docker, showing its help message. ```bash git clone https://github.com/blacklanternsecurity/bbot && cd bbot ./bbot-docker.sh --help ``` -------------------------------- ### Enabling Specific Modules Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/index.md Enable a set of modules for your scan, such as port scanning, SSL certificate analysis, and HTTP response checking. ```bash bbot -t www.evilcorp.com -m portscan sslcert httpx ``` -------------------------------- ### Configure Postgres Connection Details Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md Specify custom host, database name, port, username, and password for the Postgres output module. ```yaml config: modules: postgres: host: psq.fsociety.local database: custom_bbot_db port: 5432 username: postgres password: bbotislife ``` -------------------------------- ### Configure Custom HTTP Proxy Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/tips_and_tricks.md Set up a custom HTTP proxy to capture traffic for tools like Burp Suite, enabling the mapping of all subdomains and their associated web resources. This is achieved by setting the 'web.http_proxy' configuration option. ```bash bbot -t evilcorp.com -c web.http_proxy=http://127.0.0.1:8080 ``` -------------------------------- ### Web Scanner (Basic) Source: https://github.com/blacklanternsecurity/bbot/blob/stable/README.md Runs a basic web scan against a specified URL. ```bash # run a light web scan against www.evilcorp.com bbot -t www.evilcorp.com -p web-basic ``` -------------------------------- ### Run BBOT Docker Image (Stable) Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Runs the latest stable version of BBOT using Docker. The '-it' flags ensure an interactive terminal. ```bash docker run -it blacklanternsecurity/bbot:stable --help ``` -------------------------------- ### Run a Thorough Web Scan Source: https://github.com/blacklanternsecurity/bbot/blob/stable/README.md Execute a comprehensive web scan against a target domain using the 'web-thorough' preset. Ensure the preset is defined in a YAML configuration file. ```bash # run a heavy web scan against www.evilcorp.com bbot -t www.evilcorp.com -p web-thorough ``` -------------------------------- ### Run BBOT with Neo4j Output Module Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md Executes BBOT with the subdomain enumeration module and directs the output to the Neo4j database. ```bash bbot -f subdomain-enum -t evilcorp.com -om neo4j ``` -------------------------------- ### Configure API Keys in bbot.yml Source: https://github.com/blacklanternsecurity/bbot/blob/stable/README.md Specify API keys for different modules within the `~/.config/bbot/bbot.yml` file. Multiple API keys can be provided for modules that support them. ```yaml modules: shodan_dns: api_key: 4f41243847da693a4f356c0486114bc6 c99: # multiple API keys api_key: - 21a270d5f59c9b05813a72bb41707266 - ea8f243d9885cf8ce9876a580224fd3c - 5bc6ed268ab6488270e496d3183a1a27 virustotal: api_key: dd5f0eee2e4a99b71a939bded450b246 securitytrails: api_key: d9a05c3fd9a514497713c54b4455d0b0 ``` -------------------------------- ### Enable Subdomain Enumeration Preset Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Execute a scan using the 'subdomain-enum' preset against a target domain. ```bash # do a subdomain enumeration bbot -t evilcorp.com -p subdomain-enum ``` -------------------------------- ### Define Web Basic Scan Preset Source: https://github.com/blacklanternsecurity/bbot/blob/stable/README.md YAML configuration for a quick web scan, including the 'iis-shortnames' module. ```yaml description: Quick web scan include: - iis-shortnames flags: - web-basic ``` -------------------------------- ### Validate Preset Configuration Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Display the final merged configuration that BBOT will use after applying presets. ```bash # verify the preset is what you want bbot -p ./mypreset.yml --current-preset ``` -------------------------------- ### Execute Preset with Environment Variable Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets.md Run BBOT with a preset that utilizes environment variables, setting the NUCLEI_TAGS variable. ```bash NUCLEI_TAGS=apache,nginx bbot -p ./my_nuclei.yml ``` -------------------------------- ### Set Shodan API Key via Command Line Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/configuration.md Override module-specific settings, like the Shodan API key, directly from the command line. ```bash bbot -c modules.shodan_dns.api_key=deadbeef ``` -------------------------------- ### Basic Lightfuzz Usage with Spider Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/modules/lightfuzz.md This command initiates a scan using the 'lightfuzz-medium' preset and enables the spider module for enhanced parameter discovery. The '--allow-deadly' flag permits potentially risky operations. ```bash bbot -p lightfuzz-medium spider -t targets.txt --allow-deadly ``` -------------------------------- ### Configure HTTP Output with Custom Method and Authentication Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/output.md Customize the HTTP method (e.g., PUT) and configure authentication (Bearer token, username/password) for the HTTP output module. ```yaml config: modules: http: url: https://localhost:8000 method: PUT # Authorization: Bearer bearer: # OR username: bob password: P@ssw0rd ``` -------------------------------- ### baddns-intense Preset YAML Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets_list.md This preset runs all baddns modules and submodules, including CNAME, references, MX, NS, and TXT. ```yaml description: Run all baddns modules and submodules. modules: - baddns - baddns_zone - baddns_direct config: modules: baddns: enabled_submodules: [CNAME,references,MX,NS,TXT] ``` -------------------------------- ### web-screenshots.yml Preset Configuration Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/scanning/presets_list.md This preset is used to take screenshots of webpages. It configures the 'gowitness' module with specific resolution and output path settings, and enables social media screenshotting. ```yaml description: Take screenshots of webpages flags: - web-screenshots config: modules: gowitness: resolution_x: 1440 resolution_y: 900 # folder to output web screenshots (default is inside ~/.bbot/scans/scan_name) output_path: "" # whether to take screenshots of social media pages social: True ``` -------------------------------- ### Run BBOT Docker with Persistent Scans and Custom Preset Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Runs BBOT in a Docker container, mapping the local ~/.bbot/scans directory for persistent data and mounting a custom YAML preset file for scan configuration. ```bash docker run --rm -it \ -v "$HOME/.bbot/scans:/root/.bbot/scans" \ -v "$PWD/my_preset.yml:/my_preset.yml" \ blacklanternsecurity/bbot -p /my_preset.yml ``` -------------------------------- ### Run BBOT Docker Image (Dev) Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Runs the bleeding-edge development version of BBOT using Docker. The '-it' flags ensure an interactive terminal. ```bash docker run -it blacklanternsecurity/bbot --help ``` -------------------------------- ### Subdomain Enumeration with Port Scan and Web Screenshots Source: https://github.com/blacklanternsecurity/bbot/blob/stable/docs/index.md Enumerates subdomains, performs a port scan on each, and takes screenshots of web pages found. Scan results are saved to the current directory with the name 'my_scan'. ```bash bbot -t evilcorp.com -p subdomain-enum -m portscan gowitness -n my_scan -o . ```