Bbot Download

0 views

Skip to first unread message

Marquez Feliciano

unread,

Aug 4, 2024, 12:04:25 PM8/4/24

to prunlittthetan

At Black Lantern Security, we do a lot of OSINT. In a way, OSINT is the foundation of everything we do. It's the common denominator between every type of engagement, whether for a red-team, attack surface evaluation, or the usual pentest. If you want to hack something, you first have to find it.

Historically, when it comes to OSINT, each of us have our own tools and our own processes that we like best. For a long time, we stuck to our individual methods because none of us could agree on which tools were best, and because old habits die hard.

But eventually, we began to see that our OSINT was suffering because of this fragmented approach. Some tools were good at some things and some were good at others, but no tool or tools were good at everything, and none of them fit together in a cohesive way.

So we began to envision a way of improving our capabilities by pooling our efforts into a tool that we could all use and trust -- a tool that would replace everything else. This is what we set out to create with BBOT.

BBOT is the culmination of years of manual OSINT-gathering experience. In short, it solves quite a lot of problems. But here I'm going to try and stay as brief as possible, hitting the main points that differentiate BBOT from other tools.

Most tools take a Phased Approach to OSINT. Combine the output from a bunch of miscellaneous command-line tools, sort, clean, and uniq it, then feed it into the next set of tools, sort, clean, and uniq it, and repeat.

If you've done any OSINT yourself, you may already see the problem. What if Step 5 yields a unique subdomain that you didn't have in Step 3? It's possible that subdomain has additional goodies such as PTR records, open ports, and web pages. Should you go back to Step 3 and run your port scan again? Should you go back to Step 2 and resolve it again? Or should you go all the way back to Step 1 and run the brute-force again?

The problem is that each of these steps rely on the output from the step before, which means that if your goal is to find as much as possible, it's not enough to only do this once. You have to repeat these steps again and again, each time feeding their output back into the beginning.

Instead of working in phases, BBOT's modules continually feed results to each other in real-time as they are discovered. Phases are not used because each newly-found piece of information is acted upon immediately, being fed back into the machine and used to continue the discovery process. This allows for the discovery of distant and well-hidden nuggets that a phased approach would not uncover.

You may recognize this recursive model from Spiderfoot. It is worth mentioning that before BBOT, Spiderfoot was my tool of choice, and it's where I learned the value of a recursive approach to OSINT. Spiderfoot is a brilliant tool, and I wanted it to be the one-stop OSINT tool at Black Lantern Security. But, ultimately, it couldn't stand up to our demands, and my efforts led, instead, to the development of something entirely new.

BBOT has over 50 modules and counting. Modules are written in Python, and each one is its own .py file. Modules are easy to write, and they have an arsenal of helper functions at their disposal to help make them the best they can be:

BBOT automates module dependencies with Ansible. When you install BBOT, you pipx install, and that's it. There's no fiddling with third-party tools and dependencies. Even if a module requires a special binary or a specific OS package, BBOT will install it for you.

During each scan, BBOT gathers target-specific keywords from DNS names, web pages, etc., and compiles them into a shared wordlist that is accessible to all modules. This wordlist is saved at the end of a each scan, and can be used for password cracking, etc., or reused in subsequent scans.

BBOT's massdns module makes extensive use of the word cloud for subdomain brute-forcing. But this type of data is useful for all sorts of other tasks, such as dirbuster and storage bucket enumeration.

By default, BBOT searches up to one hop away from your defined target, and although its DNS resolution spiders out to three hops, it will only output the data if it finds something that's in scope. Of course all of these settings are configurable via bbot.yaml.

Scope Distance is a unique feature of BBOT that allows you to control how far out BBOT will explore. Since BBOT is recursive, it needs to have an \\\"exit condition\\\" (i.e., a mechanism that tells it when to stop searching). This is where Scope Distance comes in. Each newly-discovered piece of data\u2014an \\\"Event\\\" in BBOT terms\u2014gets assigned a scope distance that represents how many hops away it is from the main scope.

The maker of smart ordering technology, Bbot simplifies operations for the hospitality industry by allowing guests to order food and beverages from their phone. Bbot offers fast and secure payments, integrations with major point of sale systems and tailored implementation plans and customer support, to help businesses grow, increase efficiency and improve the guest experience, all of which benefits their bottom line. For more information, please visit bbot.menu, or find us on Instagram or YouTube.