渗透学习-记录1(信息收集bbot)

最新推荐文章于 2024-10-04 20:50:17 发布

在校大学生入坑网安ing

最新推荐文章于 2024-10-04 20:50:17 发布

阅读量465

点赞数

文章标签：学习

本文链接：https://blog.csdn.net/sinat_61654365/article/details/134277548

版权

bbot 黑客自动化OSINT工具

一.先决条件

1.python版本3.9以上

要是低于3.9版本参考kali Linux下自由切换python版本_kali 如何降低python版本-CSDN博客

2.安装pipx命令

注意不要在root权限下安装，普通用户下安装

python3.11 -m pip install --user pipx

┌──(kali㉿kali)-[~]
└─$ python3.11 -m pip install --user pipx
Requirement already satisfied: pipx in ./.local/lib/python3.11/site-packages (1.2.1)
Requirement already satisfied: argcomplete>=1.9.4 in /usr/lib/python3/dist-packages (from pipx) (2.0.0)
Requirement already satisfied: packaging>=20.0 in /usr/lib/python3/dist-packages (from pipx) (23.1)
Requirement already satisfied: userpath>=1.6.0 in ./.local/lib/python3.11/site-packages (from pipx) (1.9.1)
Requirement already satisfied: click in /usr/lib/python3/dist-packages (from userpath>=1.6.0->pipx) (8.1.3)

安装成功

您可以执行以下命令以自动将 pipx 安装路径添加到您的 PATH 环境变量中：

python3.11 -m pipx ensurepath

这将自动将 /home/kali/.local/bin 添加到您的 PATH 中，以便您可以在终端中全局访问通过 pipx 安装的应用程序。

以上步骤完成reboot重启kali

二.安装bbot

现在，您应该能够在终端中使用pipx命令来安装和管理Python应用程序。例如，您可以执行以下命令来安装bbot：

pipx install bbot

稍稍等待........

执行

bbot --help

┌──(kali㉿kali)-[~]
└─$ bbot --help
usage: bbot [-h] [--help-all] [-t TARGET [TARGET ...]] [-w WHITELIST [WHITELIST ...]] [-b BLACKLIST [BLACKLIST ...]] [--strict-scope]
            [-m MODULE [MODULE ...]] [-l] [-em MODULE [MODULE ...]] [-f FLAG [FLAG ...]] [-lf] [-rf FLAG [FLAG ...]] [-ef FLAG [FLAG ...]]
            [-om MODULE [MODULE ...]] [--allow-deadly] [-n SCAN_NAME] [-o DIR] [-c [CONFIG ...]] [-v] [-d] [-s] [--force] [-y] [--dry-run]
            [--current-config] [--no-deps | --force-deps | --retry-deps | --ignore-failed-deps | --install-all-deps] [-a] [--version]

Bighuge BLS OSINT Tool

options:
  -h, --help            show this help message and exit
  --help-all            Display full help including module config options

Target:
  -t TARGET [TARGET ...], --targets TARGET [TARGET ...]
                        Targets to seed the scan
  -w WHITELIST [WHITELIST ...], --whitelist WHITELIST [WHITELIST ...]
                        What's considered in-scope (by default it's the same as --targets)
  -b BLACKLIST [BLACKLIST ...], --blacklist BLACKLIST [BLACKLIST ...]
                        Don't touch these things
  --strict-scope        Don't consider subdomains of target/whitelist to be in-scope

可以看到bbot下载成功。

三.例子

#列出模块
bbot -l

#子域名枚举
bbot --flags subdomain-enum --targets evilcorp.com

#查询子域名
bbot -m crobat -t baidu.com

#只进行被动扫描
bbot --flags passive --targets evilcorp.com

#使用gowitness进行网页截图
bbot --modules naabu httpx gowitness --name my_scan --output-dir . --targets evilcorp.com 1.2.3.4/28 4.3.2.1 targets.txt

#Web spider(搜索电子邮件等)
bbot -m httpx -c web_spider_distance=2 -t www.evilcorp.com