8000 feat: improve bbot output types by ocervell · Pull Request #627 · freelabz/secator · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: improve bbot output types #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 13, 2025
Merged

feat: improve bbot output types #627

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 50 additions & 18 deletions secator/tasks/bbot.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
import re
import shutil

from secator.config import CONFIG
from secator.decorators import task
from secator.definitions import FILENAME, HOST, IP, ORG_NAME, PORT, URL, USERNAME
from secator.runners import Command
from secator.serializers import RegexSerializer
from secator.output_types import Vulnerability, Port, Url, Record, Ip, Tag, Info, Error
from secator.output_types import Vulnerability, Port, Url, Record, Ip, Tag, Info, Error, UserAccount, Warning
from secator.serializers import JSONSerializer


Expand Down Expand Up @@ -151,12 +152,16 @@
'PROTOCOL': Port,
'OPEN_TCP_PORT': Port,
'URL': Url,
'TECHNOLOGY': Tag,
'URL_HINT': Url,
'ASN': Record,
'DNS_NAME': Record,
'WEBSCREENSHOT': Url,
'VULNERABILITY': Vulnerability,
'FINDING': Tag
'EMAIL_ADDRESS': UserAccount,
'FINDING': Tag,
'AZURE_TENANT': Tag,
'STORAGE_BUCKET': Tag,
'TECHNOLOGY': Tag,
}
BBOT_DESCRIPTION_REGEX = RegexSerializer(
regex=r'(?P<name>[\w ]+): \[(?P<value>[^\[\]]+)\]',
Expand Down Expand Up @@ -209,7 +214,7 @@ class bbot(Command):
},
Tag: {
'name': 'name',
'match': lambda x: x['data'].get('url') or x['data'].get('host'),
'match': lambda x: x['data'].get('url') or x['data'].get('host') or '',
'extra_data': 'extra_data',
'_source': lambda x: 'bbot-' + x['module']
},
Expand All @@ -233,8 +238,9 @@ class bbot(Command):
},
Vulnerability: {
'name': 'name',
'match': lambda x: x['data'].get('url') or x['data']['host'],
'matched_at': lambda x: x['data'].get('url') or x['data'].get('host') or '',
'extra_data': 'extra_data',
'confidence': 'high',
'severity': lambda x: x['data']['severity'].lower()
},
Record: {
Expand All @@ -244,6 +250,12 @@ class bbot(Command):
},
Error: {
'message': 'message'
},
UserAccount: {
'username': lambda x: x['data'].split('@')[0],
'email': 'data',
'site_name': 'host',
'extra_data': 'extra_data',
}
}
install_pre = {
Expand All @@ -270,7 +282,8 @@ def on_json_loaded(self, item):
return

if _type not in BBOT_MAP_TYPES:
self._print(f'[bold orange3]Found unsupported bbot type: {_type}.[/] [bold green]Skipping.[/]', rich=True)
yield Warning(message=f'Found unsupported bbot type: {_type}. Skipping.')
self.debug(f'Found unsupported bbot type: {item}')
return

if isinstance(item['data'], str):
Expand All @@ -279,23 +292,37 @@ def on_json_loaded(self, item):
return

item['extra_data'] = item['data']
if self.scan_config:
modules = self.scan_config.get('preset', {}).get('modules', [])
item['extra_data']['bbot_modules'] = modules

# Parse bbot description into extra_data
description = item['data'].get('description')
if description:
del item['data']['description']
match = BBOT_DESCRIPTION_REGEX.run(description)
for chunk in match:
key, val = tuple([c.strip() for c in chunk])
if ',' in val:
val = val.split(',')
key = '_'.join(key.split(' ')).lower()
item['extra_data'][key] = val
parts = description.split(':')
if len(parts) == 2:
description = parts[0].strip()
match = list(BBOT_DESCRIPTION_REGEX.run(description))
if match:
del item['data']['description']
for chunk in match:
key, val = tuple([c.strip() for c in chunk])
if ',' in val:
val = val.split(',')
key = '_'.join(key.split(' ')).lower()
item['extra_data'][key] = val
description = re.split(r'\s*(\(|\.|Detected.)', description.strip(), 1)[0].rstrip()

# Set technology as name for Tag
if item['type'] == 'TECHNOLOGY':
item['name'] = item['data']['technology']
del item['data']['technology']
# Set tag name for objects mapping Tag
if item['type'] in ['AZURE_TENANT', 'STORAGE_BUCKET', 'TECHNOLOGY']:
item['name'] = ' '.join(item['type'].split('_')).lower().title()
keys = ['technology', 'tenant-names', 'url']
info = next((item['data'].get(key) for key in keys if key in item['data']))
if info:
item['extra_data']['info'] = info
for key in keys:
if key in item['data']:
del item['data'][key]

# If 'name' key is present in 'data', set it as name
elif 'name' in item['data'].keys():
Expand All @@ -307,6 +334,11 @@ def on_json_loaded(self, item):
item['name'] = item['extra_data']['name']
del item['extra_data']['name']

# If 'description' key is present in 'data', set it as name
elif description:
item['name'] = description
del item['data']['description']

# If 'discovery_context' and no name set yet, set it as name
else:
item['name'] = item['discovery_context']
Expand Down
0