bbot icon indicating copy to clipboard operation
bbot copied to clipboard
verified publisher icon blacklanternsecurity

BBoT scan freezes

Open aconite33 opened this issue 1 year ago • 1 comments

Describe the bug BBoT scan stopped responding, uses 100% CPU

Expected behavior Normal scan behavior

BBOT Command Example: bbot -p preset.yaml -t targets.txt -o ~/scans/

OS, BBOT Installation Method + Version Example: OS: Ubuntu, poetry shell, latest dev version

BBOT Config

config:
  interactsh_server: redacted.com
  interactsh_disable: false
  interactsh_token: redacted
exclude_modules:
- bypass403
- columbus
- hunt
- iis_shortnames
- smuggler
- url_manipulation
- dastardly
- host_header
flags:
- email-enum
- subdomain-enum
- web-thorough
modules:
- baddns
- badsecrets
- dotnetnuke
- gowitness
- httpx
- robots
- telerik
output_modules:
- csv
- json
- subdomains
- txt

Logs Output from gdb debugger:

--Return--
> <string>(1)<module>()->None
(Pdb) where
  /root/.cache/pypoetry/virtualenvs/bbot-aKeTQkGo-py3.10/bin/bbot(6)<module>()->None
-> sys.exit(main())
  /root/bbot/bbot/cli.py(278)main()
-> asyncio.run(_main())
  /usr/lib/python3.10/asyncio/runners.py(44)run()
-> return loop.run_until_complete(main)
  /usr/lib/python3.10/asyncio/base_events.py(633)run_until_complete()
-> self.run_forever()
  /usr/lib/python3.10/asyncio/base_events.py(600)run_forever()
-> self._run_once()
  /usr/lib/python3.10/asyncio/base_events.py(1896)_run_once()
-> handle._run()
  /usr/lib/python3.10/asyncio/events.py(80)_run()
-> self._context.run(self._callback, *self._args)
  /root/bbot/bbot/modules/base.py(683)_worker()
-> await self.finish()
  /root/bbot/bbot/modules/dnsbrute_mutations.py(127)finish()
-> parent_event = self.get_parent_event(hostname)
  /root/bbot/bbot/modules/dnsbrute_mutations.py(44)get_parent_event()
-> parent_host = self.helpers.closest_match(subdomain, self.parent_events)
  /root/bbot/bbot/core/helpers/misc.py(1023)closest_match()
-> matches = difflib.get_close_matches(s, choices, n=n, cutoff=cutoff)
  /usr/lib/python3.10/difflib.py(706)get_close_matches()
-> s.ratio() >= cutoff:
  /usr/lib/python3.10/difflib.py(619)ratio()
-> matches = sum(triple[-1] for triple in self.get_matching_blocks())
  /usr/lib/python3.10/difflib.py(490)get_matching_blocks()
-> return self.matching_blocks
> <string>(1)<module>()->None

aconite33 avatar Dec 13 '24 20:12 aconite33

Added minor fix + debug message in https://github.com/blacklanternsecurity/bbot/blob/3407637c878b5de8afa435e42fc9531f19763ac7/bbot/modules/dnsbrute_mutations.py#L45-L50

TheTechromancer avatar Dec 18 '24 17:12 TheTechromancer