bbot 黑客自动化OSINT工具
一.先决条件
1.python版本3.9以上
要是低于3.9版本参考kali Linux下自由切换python版本_kali 如何降低python版本-CSDN博客
2.安装pipx命令
注意不要在root权限下安装,普通用户下安装
python3.11 -m pip install --user pipx
┌──(kali㉿kali)-[~]
└─$ python3.11 -m pip install --user pipx
Requirement already satisfied: pipx in ./.local/lib/python3.11/site-packages (1.2.1)
Requirement already satisfied: argcomplete>=1.9.4 in /usr/lib/python3/dist-packages (from pipx) (2.0.0)
Requirement already satisfied: packaging>=20.0 in /usr/lib/python3/dist-packages (from pipx) (23.1)
Requirement already satisfied: userpath>=1.6.0 in ./.local/lib/python3.11/site-packages (from pipx) (1.9.1)
Requirement already satisfied: click in /usr/lib/python3/dist-packages (from userpath>=1.6.0->pipx) (8.1.3)
安装成功
您可以执行以下命令以自动将 pipx
安装路径添加到您的 PATH 环境变量中:
python3.11 -m pipx ensurepath
这将自动将 /home/kali/.local/bin
添加到您的 PATH 中,以便您可以在终端中全局访问通过 pipx
安装的应用程序。
以上步骤完成reboot重启kali
二.安装bbot
现在,您应该能够在终端中使用pipx
命令来安装和管理Python应用程序。例如,您可以执行以下命令来安装bbot
:
pipx install bbot
稍稍等待........
执行
bbot --help
┌──(kali㉿kali)-[~]
└─$ bbot --help
usage: bbot [-h] [--help-all] [-t TARGET [TARGET ...]] [-w WHITELIST [WHITELIST ...]] [-b BLACKLIST [BLACKLIST ...]] [--strict-scope]
[-m MODULE [MODULE ...]] [-l] [-em MODULE [MODULE ...]] [-f FLAG [FLAG ...]] [-lf] [-rf FLAG [FLAG ...]] [-ef FLAG [FLAG ...]]
[-om MODULE [MODULE ...]] [--allow-deadly] [-n SCAN_NAME] [-o DIR] [-c [CONFIG ...]] [-v] [-d] [-s] [--force] [-y] [--dry-run]
[--current-config] [--no-deps | --force-deps | --retry-deps | --ignore-failed-deps | --install-all-deps] [-a] [--version]
Bighuge BLS OSINT Tool
options:
-h, --help show this help message and exit
--help-all Display full help including module config options
Target:
-t TARGET [TARGET ...], --targets TARGET [TARGET ...]
Targets to seed the scan
-w WHITELIST [WHITELIST ...], --whitelist WHITELIST [WHITELIST ...]
What's considered in-scope (by default it's the same as --targets)
-b BLACKLIST [BLACKLIST ...], --blacklist BLACKLIST [BLACKLIST ...]
Don't touch these things
--strict-scope Don't consider subdomains of target/whitelist to be in-scope
可以看到bbot下载成功。
三.例子
#列出模块
bbot -l
#子域名枚举
bbot --flags subdomain-enum --targets evilcorp.com
#查询子域名
bbot -m crobat -t baidu.com
#只进行被动扫描
bbot --flags passive --targets evilcorp.com
#使用gowitness进行网页截图
bbot --modules naabu httpx gowitness --name my_scan --output-dir . --targets evilcorp.com 1.2.3.4/28 4.3.2.1 targets.txt
#Web spider(搜索电子邮件等)
bbot -m httpx -c web_spider_distance=2 -t www.evilcorp.com