BBOT (Bighuge BLS OSINT Tool) is Black Lantern Security's flagship OSINT tool. We use it every day on penetration tests and as the backend for our Attack Surface Management (ASM) offering. Some of us also leverage it for bug bounties in our off time (we're not double-dipping, you're double-dipping!).

BBOT gets a lot of testing. Continuous execution against such large fortune-500 targets is sure to uncover every kind of horrible edge case imaginable, and rest assured it has. As the creator and primary maintainer of BBOT, I've taken part in more than a few tense debugging sessions and frantic troubleshootings. It's been really challenging, and sometimes even grueling (our testing has so far uncovered two nasty race conditions in well-established networking libraries). But what doesn't kill you makes you stronger! And it's exactly this cycle of testing and improvement makes BBOT the powerful tool that it is.

As we round out this phase of dev, we are proud to announce the arrival of BBOT 1.1.0. And since we'll be presenting it at DEF CON's Demo Labs, it is hereby dubbed - “DEF CON Release”!

(For those attending DEF CON, we will be presenting BBOT on Saturday August 12th from 12 p.m. - 2 p.m. in the Caesars Forum Boardroom - official forum link.)

New Feature Highlights

Documentation

BBOT now has full-fledged, searchable documentation! Below is a table of contents:

• Basics

  • Getting Started

  • How It Works

  • Comparison to Other Tools

• Scanning

  • Scanning Overview

  • Events

  • Output

  • Tips and Tricks

  • Advanced Usage

  • Configuration

  • List of Modules

• Contribution

  • How to Write a Module

• Misc

  • Release History

  • Troubleshooting

Asyncification

BBOT's threading system has been completely overhauled to use asyncio. What used to be a complex system of thread pools and threading locks is now one clean, well-oiled event loop.

What does this mean? Mainly it means BBOT is leaner and meaner. Its memory footprint is smaller, it’s more efficient, and most importantly, it's fast. Thanks to asyncio (and other small tweaks and optimizations), BBOT is now roughly 40% faster.

A BBOT Scan in Real-Time - Visualization with VivaGraphJS

Other

Features:

• Better handling of DNS wildcards.

• New and improved subdomain mutations (massdns module).

• Ability to list flags and their descriptions (-lf).

• Precise rate-limiting for HTTP and DNS.

• Better tests (one for each individual module, 91% test coverage).

• New and improved paramminer modules.

New Modules:

• Git (detects exposed .git folder on websites)

• Subdomain Center (subdomain enumeration)

• Columbus API (subdomain enumeration)

• MySSL (subdomain enumeration)

• Sitedossier (subdomain enumeration)

• Digitorus (subdomain enumeration)

• Nmap (port scanner, more reliable than naabu)

  • naabu has been removed due to reliability issues.

• NSEC (DNSSEC zone-walking for subdomain enumeration)

• OAUTH (enumerates OAUTH / OpenID-Connect, detects sprayable endpoints)

• Azure Realm (detects managed/federated Azure Tenants)

• Subdomains output module

Conclusion

We've been hard at work on BBOT, and we hope it serves you well in your exploits! If you have questions or comments, please come talk to us in Discord. If you have an idea for a new feature or find a bug, please open an issue on our Github.

Thanks for reading, and we hope to see you at DEF CON!