bbot icon indicating copy to clipboard operation
bbot copied to clipboard
verified publisher icon blacklanternsecurity

Excavate with yara matching rules doesn't emit a unique enough description

Open aconite33 opened this issue 1 year ago • 1 comments

Describe the bug When using yara rules, the excavate module doesn't generate a unique matching description which causes additional matches on different sites to be suppressed.

Expected behavior Every unique yara rule match should emit a FINDING

BBOT Command Example: bbot -m httpx -t example.com -cy yararule.txt

OS, BBOT Installation Method + Version OS: Arch Linux, Installation method: pip, BBOT version: dev

Example Output

[FINDING]               {"description": "Custom Yara Rule [find_string] Matched via identifier [str1]", "host": "example.com", "path": "/", "url": "https://example.com/"}  httpx->excavate

Debug Message

[DBUG] _scan_ingress: Not forwarding FINDING("{'description': 'Custom Yara Rule [find_string] Matched via identifier [str1]', ...", module=excavate, tags=set()) because event was already emitted by its module

aconite33 avatar Nov 08 '24 19:11 aconite33

Fixed in: https://github.com/blacklanternsecurity/bbot/pull/1938

aconite33 avatar Nov 08 '24 19:11 aconite33

Fixed in https://github.com/blacklanternsecurity/bbot/pull/1969.

TheTechromancer avatar Nov 16 '24 03:11 TheTechromancer