How to Install and Use BBOT: A Comprehensive Guide for Cybersecurity Enthusiasts 🔧

Saturday, Dec 14, 2024 | 8 minute read

GitHub Trend

A powerful open-source framework that automates OSINT tasks, this tool excels in information collection with user-friendly commands, comprehensive data visualization, and a modular design. Its efficiency enhances cybersecurity operations significantly! 🔍🚀✨

“In the complex world of cybersecurity, acquiring information and analyzing it effectively is crucial, and a great tool can significantly enhance our efficiency and success rate!”🔍

In today’s online landscape, information truly is power! 💪 With the continuous upgrade of cyberattack methods, security researchers and hackers are in desperate need of reliable and efficient tools to support their operations. And that’s where BBOT comes in. As an open-source OSINT (Open Source Intelligence) automation framework, BBOT is designed to help users collect and analyze various types of intelligence information more easily. It perfectly combines simple operation with powerful functionality, making it an essential part of the cybersecurity field.

1. BBOT: The Hacker’s Best Friend 🤖

BBOT, or BEE·bot, is an open-source OSINT automation framework developed by Black Lantern Security. This framework is not only mysterious but also exceptional, offering numerous powerful features for hackers, enabling efficient execution of critical tasks like information collection, port scanning, webpage screenshots, and vulnerability scanning. With a simple command, users can easily perform all operations, significantly improving their productivity while reducing the risk of manual errors. ✨ Furthermore, BBOT’s comprehensive design takes into account the practical needs of hackers in their work, making it an indispensable assistant in various cybersecurity activities.

2. The Magical Power of BBOT: Distinctive Key Features 🌈

Among many OSINT tools, BBOT stands out with its unique features, showcasing astounding capabilities! First, BBOT’s recursive functionality ensures that users do not miss any critical data during information collection, allowing for comprehensive exploration of targeted information. 📊 Next, its graphical display feature presents data in a visual format, helping users to quickly comprehend and analyze. Additionally, the modular design is a highlight, with over 50 modules written in Python available for users to flexibly select and combine to meet various needs! 🧩 Moreover, it supports multi-target processing, capable of handling an unlimited number of targets simultaneously, making it perfect for penetration testing and bug bounty programs. 🏆 Most notably, the automatic dependency management feature utilizes Ansible to simplify user operations, making dependency management a breeze! Finally, the intelligent dictionary attack feature provides users with password-cracking support related to specific keywords, further enhancing the scanning efficiency and success rate! 🔐

3. Why Developers Love BBOT: Extraordinary Reasons to Choose It 💖

BBOT integrates years of OSINT collection experience into its design, successfully achieving a good balance between practicality and high efficiency. The framework uniquely avoids information gaps found in traditional phased workflows, allowing real-time result exchanges through a recursive model, ensuring users can process newly discovered information instantly. 🔥 Particularly in practical applications for penetration testing and bug bounty programs, BBOT’s multi-target support and automatic dependency management significantly enhance developers’ efficiency, helping them achieve more with less effort! 👏 BBOT is not only convenient and efficient but also provides users with a great experience, accelerating the processes of information collection and vulnerability discovery.

Want to learn more about BBOT or access its source code? Visit GitHub! Here, you can find all resources related to BBOT and support from the open-source community! 🌐 With its feature-rich framework and user-friendly design, BBOT is rapidly becoming the secret weapon for hackers and security researchers conducting OSINT investigations! 🚀

Installing BEE·bot 🚀

To install BEE·bot, first ensure that Python is already installed on your system. Next, we will use pipx for installation. This is because pipx allows us to run Python applications in an isolated environment, avoiding dependency conflicts, making it safer and more efficient. Use the following commands to quickly install different versions of BEE·bot:

# Install stable version
pipx install bbot

# Install development version (latest code)
pipx install --pip-args '\--pre' bbot

🌟 The pipx install bbot command installs the published stable version, while pipx install --pip-args '\--pre' bbot installs the version in development, which often contains the latest features and fixes!

Example Commands 🌐

1) Subdomain Finder 🔍

The subdomain finder module of BEE·bot helps us quickly find all subdomains under a target domain, making it an essential tool for information gathering!

# Find subdomains of evilcorp.com
bbot -t evilcorp.com -p subdomain-enum

# Using only passive sources
bbot -t evilcorp.com -p subdomain-enum -rf passive

In this example, -t is used to specify the target, and -p indicates the selected module. In this case, we used the subdomain-enum module for subdomain enumeration. The configuration file content is as follows:

description: Enumerate subdomains through API and brute-forcing

flags:
  - subdomain-enum

output_modules:
  - subdomains

config:
  dns:
    threads: 25  # Concurrently perform 25 DNS query threads
    brute_threads: 1000  # Use 1000 threads for brute-forcing

🌈 This configuration file defines the operations for subdomain enumeration, with threads and brute_threads options allowing us to efficiently launch multiple queries, thus speeding up the search!

2) Web Crawler 🕷️

Using the crawling feature of BEE·bot, we can easily extract publicly available email addresses and other important information from websites, making it ideal for data collection.

# Crawl evilcorp.com to extract emails and other information
bbot -t evilcorp.com -p spider

The corresponding spider.yml configuration file content is as follows:

description: Recursive web crawler

modules:
  - httpx  # httpx module for executing HTTP requests

config:
  web:
    spider_distance: 2  # Crawler's distance depth
    spider_depth: 4  # Crawler's depth
    spider_links_per_page: 25  # Limit on the number of links extracted per page

✨ In this configuration, spider_distance and spider_depth control the crawler’s depth and breadth, ensuring comprehensive and efficient scraping of the target website.

3) Email Collector 📧

The email collector makes use of various techniques and APIs to rapidly enumerate email addresses present on the website.

# Use free APIs for quick email enumeration
bbot -t evilcorp.com -p email-enum

# Combine with subdomain enumeration and web crawling for maximum information
bbot -t evilcorp.com -p email-enum subdomain-enum spider

The corresponding email-enum.yml configuration is as follows:

description: Collect email addresses from APIs, web crawlers, etc.

flags:
  - email-enum

output_modules:
  - emails  # Output module specifies the result as a list of emails

🔥 This configuration file defines the basic operation of email collection and specifies the output format to be a list of emails, making it easy to gather collected emails from the site.

4) Web Scanner 🛡️

BEE·bot can also be used to assess the security of websites, supporting both simple and detailed web scanning.

# Perform lightweight web scan on www.evilcorp.com
bbot -t www.evilcorp.com -p web-basic

# Perform thorough web scan on www.evilcorp.com
bbot -t www.evilcorp.com -p web-thorough

The configuration files for lightweight and thorough web scans are as follows:

# web-basic.yml
description: Quick web scan

include:
  - iis-shortnames  # Include IIS short name module

flags:
  - web-basic  # Scan mode tag

# web-thorough.yml
description: Aggressive web scan

include:
  - web-basic  # Include basic web scan

flags:
  - web-thorough  # Scan mode tag

🚀 These configurations allow us to flexibly choose the depth of the scan, with web-basic providing a quick check while web-thorough delves deep into potential issues.

5) Comprehensive Functionality Integration 🥘

With BEE·bot, we can execute all functionalities at once for rapid comprehensive assessments.

# Conduct a comprehensive assessment
bbot -t evilcorp.com -p kitchen-sink

The corresponding kitchen-sink.yml configuration is as follows:

description: A scan that executes all features at once

include:
  - subdomain-enum
  - cloud-enum
  - code-enum
  - email-enum
  - spider
  - web-basic
  - paramminer
  - dirbust-light
  - web-screenshots
  - baddns-thorough

config:
  modules:
    baddns:
      enable_references: True  # Enable references in bad DNS checks

🌟 This integrated configuration leverages all modules of BEE·bot, rapidly aggregating information to provide a comprehensive security assessment.

Using BEE·bot as a Python Library 📚

Not only as a command-line tool, but BEE·bot can also be integrated into your Python programs, making it very flexible! It supports both synchronous and asynchronous operations; here’s how to use it:

Synchronous Operation

from bbot.scanner import Scanner

if __name__ == "__main__":
    scan = Scanner("evilcorp.com", presets=["subdomain-enum"])
    for event in scan.start():
        print(event)

🌵 In this code, we create a scanner instance, specify the target as evilcorp.com, choose the subdomain-enum module for scanning, and then call scan.start() to start the scan and print each event.

Asynchronous Operation

from bbot.scanner import Scanner

async def main():
    scan = Scanner("evilcorp.com", presets=["subdomain-enum"])
    async for event in scan.async_start():
        print(event.json())

if __name__ == "__main__":
    import asyncio
    asyncio.run(main())

🔗 Utilizing asynchronous functionality allows for more efficient handling of I/O operations, especially during large-scale scans, significantly enhancing performance.

Target Configuration 🎯

BEE·bot allows you to scan multiple targets, which can be specified directly in the command line or configured in a file. For example:

bbot -t evilcorp.com evilcorp.org 1.2.3.0/24 -p subdomain-enum

Acceptable targets include:

• DNS_NAME (e.g., evilcorp.com)
• IP_ADDRESS (e.g., 1.2.3.4)
• IP_RANGE (e.g., 1.2.3.0/24)
• OPEN_TCP_PORT (e.g., 192.168.0.1:80)
• URL (e.g., https://www.evilcorp.com)

🌍 This flexibility allows you to choose your targets based on specific needs, making scanning tasks more precise.

API Key Configuration 🔑

To enhance the capabilities of BEE·bot, you’ll need to configure API keys for some third-party services. This can be achieved in the ~/.config/bbot/bbot.yml file, as illustrated below:

modules:
  shodan_dns:
    api_key: 4f41243847da693a4f356c0486114bc6
  c99:
    api_key:
      - 21a270d5f59c9b05813a72bb41707266
      - ea8f243d9885cf8ce9876a580224fd3c
  virustotal:
    api_key: dd5f0eee2e4a99b71a939bded450b246
  securitytrails:
    api_key: d9a05c3fd9a514497713c54b4455d0b0

💼 By configuring API keys, BEE·bot will be able to access services like Shodan, VirusTotal, SecurityTrails, etc., significantly enhancing its information collection capabilities.

Now that you have set up the environment for BEE·bot, you can begin conducting various security assessments and data collection tasks. With its rich features, you can customize scanning tasks based on specific needs and embark on your journey of exploration! ✨