diff --git a/docs/contribution.md b/docs/contribution.md index c90a4eb9e..6815944e2 100644 --- a/docs/contribution.md +++ b/docs/contribution.md @@ -93,7 +93,7 @@ This will produce the output: [INFO] Finishing scan ``` -But something's wrong! We're emitting `IP_ADDRESS` [events](./scanning/events), but they're not showing up in the output. This is because by default, BBOT only shows in-scope [events](./scanning/events). To see them, we need to increase the report distance: +But something's wrong! We're emitting `IP_ADDRESS` [events](./scanning/events/), but they're not showing up in the output. This is because by default, BBOT only shows in-scope [events](./scanning/events/). To see them, we need to increase the report distance: ```bash # run the module again but with a higher report distance @@ -122,9 +122,9 @@ Now, with the `report_distance=1`: ### `handle_event()` and `emit_event()` -The `handle_event()` method is the most important part of the module. By overriding this method, you control what the module does. During a scan, when an [event](./scanning/events) from your `watched_events` is encountered (a `DNS_NAME` in this example), `handle_event()` is automatically called with that [event](./scanning/events). +The `handle_event()` method is the most important part of the module. By overriding this method, you control what the module does. During a scan, when an [event](./scanning/events/) from your `watched_events` is encountered (a `DNS_NAME` in this example), `handle_event()` is automatically called with that [event](./scanning/events/). -The `emit_event()` method is how modules return data. When you call `emit_event()`, it creates an [event](./scanning/events) and prints it to the console. It also distributes it any modules that are interested in that data type. +The `emit_event()` method is how modules return data. When you call `emit_event()`, it creates an [event](./scanning/events/) and prints it to the console. It also distributes it any modules that are interested in that data type. ### Module Dependencies diff --git a/docs/index.md b/docs/index.md index 6aee14bbd..c2fd54351 100644 --- a/docs/index.md +++ b/docs/index.md @@ -10,7 +10,7 @@ _A BBOT scan in real-time - visualization with [VivaGraphJS](https://github.com/ Only **Linux** is supported at this time. **Windows** and **macOS** are *not* supported. If you use one of these platforms, consider using [Docker](#Docker). -BBOT offers multiple methods of installation, including **pipx** and **Docker**. If you plan to dev on BBOT, see [Installation (Poetry)](https://www.blacklanternsecurity.com/bbot/contribution#installation-poetry). +BBOT offers multiple methods of installation, including **pipx** and **Docker**. If you plan to dev on BBOT, see [Installation (Poetry)](https://www.blacklanternsecurity.com/bbot/contribution/#installation-poetry). ### [Python (pip / pipx)](https://pypi.org/project/bbot/) @@ -112,6 +112,6 @@ Or on the command-line: bbot -t evilcorp.com -f subdomain-enum -c modules.shodan_dns.api_key=deadbeef modules.virustotal.api_key=cafebabe ``` -For more information, see [Configuration](./scanning/configuration/). For a full list of modules, including which ones require API keys, see [List of Modules](./scanning/list_of_modules). +For more information, see [Configuration](./scanning/configuration/). For a full list of modules, including which ones require API keys, see [List of Modules](./scanning/list_of_modules/). [Next Up: Scanning -->](./scanning/){ .md-button .md-button--primary } diff --git a/docs/scanning/configuration.md b/docs/scanning/configuration.md index 7173287ad..38edec747 100644 --- a/docs/scanning/configuration.md +++ b/docs/scanning/configuration.md @@ -4,8 +4,8 @@ BBOT has a YAML config at `~/.config/bbot`. This config is different from the co For a list of all possible config options, see: -- [Global Options](./global_options/) -- [Module Options](./module_options/) +- [Global Options](#global-config-options) +- [Module Options](#module-config-options) For examples of common config changes, see [Tips and Tricks](../tips_and_tricks/). diff --git a/docs/scanning/index.md b/docs/scanning/index.md index 16ca3d40f..fac60761b 100644 --- a/docs/scanning/index.md +++ b/docs/scanning/index.md @@ -36,13 +36,13 @@ https://www.evilcorp.co.uk $ bbot -t targets.txt fsociety.com 5.6.7.0/24 -m nmap ``` -On start, BBOT automatically converts Targets into [Events](./events). +On start, BBOT automatically converts Targets into [Events](./events/). ## Modules (`-m`) -To see a full list of modules and their descriptions, use `bbot -l` or see [List of Modules](./list_of_modules). +To see a full list of modules and their descriptions, use `bbot -l` or see [List of Modules](./list_of_modules/). -Modules are the part of BBOT that does the work -- port scanning, subdomain brute-forcing, API querying, etc. Modules consume [Events](../events/) (`IP_ADDRESS`, `DNS_NAME`, etc.) from each other, process the data in a useful way, then emit the results as new events. You can enable individual modules with `-m`. +Modules are the part of BBOT that does the work -- port scanning, subdomain brute-forcing, API querying, etc. Modules consume [Events](./events/) (`IP_ADDRESS`, `DNS_NAME`, etc.) from each other, process the data in a useful way, then emit the results as new events. You can enable individual modules with `-m`. ```bash # Enable modules: nmap, sslcert, and httpx @@ -56,14 +56,14 @@ Modules fall into three categories: - **Scan Modules**: - These make up the majority of modules. Examples are `nmap`, `sslcert`, `httpx`, etc. Enable with `-m`. - **Output Modules**: - - These output scan data to different formats/destinations. `human`, `json`, and `csv` are enabled by default. Enable others with `-om`. (See: [Output](./output)) + - These output scan data to different formats/destinations. `human`, `json`, and `csv` are enabled by default. Enable others with `-om`. (See: [Output](./output/)) - **Internal Modules**: - These modules perform essential, common-sense tasks. They are always enabled, unless explicitly disabled via the config (e.g. `-c speculate=false`). - `aggregate`: Summarizes results at the end of a scan - `excavate`: Extracts useful data such as subdomains from webpages, etc. - `speculate`: Intelligently infers new events, e.g. `OPEN_TCP_PORT` from `URL` or `IP_ADDRESS` from `IP_NETWORK`. -For details in the inner workings of modules, see [Creating a Module](../contribution/module_creation/). +For details in the inner workings of modules, see [Creating a Module](../contribution/#creating-a-module). ## Flags (`-f`) @@ -147,15 +147,15 @@ By default, scope is whatever you specify with `-t`. This includes child subdoma ### Scope Distance -Since BBOT is recursive, it would quickly resort to scannning the entire internet without some kind of restraining mechanism. To solve this problem, every [event](./events) discovered by BBOT is assigned a **Scope Distance**. Scope distance represents how far out from the main scope that data was discovered. +Since BBOT is recursive, it would quickly resort to scannning the entire internet without some kind of restraining mechanism. To solve this problem, every [event](./events/) discovered by BBOT is assigned a **Scope Distance**. Scope distance represents how far out from the main scope that data was discovered. For example, if your target is `evilcorp.com`, `www.evilcorp.com` would have a scope distance of `0` (i.e. in-scope). If BBOT discovers that `www.evilcorp.com` resolves to `1.2.3.4`, `1.2.3.4` is one hop away, which means it would have a scope distance of `1`. If `1.2.3.4` has a PTR record that points to `ecorp.blob.core.windows.net`, `ecorp.blob.core.windows.net` is two hops away, so its scope distance is `2`. -Scope distance continues to increase the further out you get. Most modules (e.g. `nuclei` and `nmap`) only consume in-scope events. Certain other passive modules such as `asn` accept out to distance `1`. By default, DNS resolution happens out to a distance of `2`. Upon its discovery, any [event](./events) that's determined to be in-scope (e.g. `www.evilcorp.com`) immediately becomes distance `0`, and the cycle starts over. +Scope distance continues to increase the further out you get. Most modules (e.g. `nuclei` and `nmap`) only consume in-scope events. Certain other passive modules such as `asn` accept out to distance `1`. By default, DNS resolution happens out to a distance of `2`. Upon its discovery, any [event](./events/) that's determined to be in-scope (e.g. `www.evilcorp.com`) immediately becomes distance `0`, and the cycle starts over. #### Displaying Out-of-scope Events -By default, BBOT only displayed in-scope events (with a few exceptions such as `STORAGE_BUCKET`s). If you want to see more, you must increase the [config](./configuration) value of `scope_report_distance`: +By default, BBOT only displayed in-scope events (with a few exceptions such as `STORAGE_BUCKET`s). If you want to see more, you must increase the [config](./configuration/) value of `scope_report_distance`: ```bash # display out-of-scope events up to one hop away from the main scope @@ -202,7 +202,7 @@ Wildcard hosts are collapsed into a single host beginning with `_wildcard`: ^^^^^^^^^ ``` -If you don't want this, you can disable wildcard detection on a domain-to-domain basis in the [config](./configuration): +If you don't want this, you can disable wildcard detection on a domain-to-domain basis in the [config](./configuration/): ```yaml title="~/.bbot/config/bbot.yml" dns_wildcard_ignore: diff --git a/docs/scanning/list_of_modules.md b/docs/scanning/list_of_modules.md index 27dadfe6f..846118271 100644 --- a/docs/scanning/list_of_modules.md +++ b/docs/scanning/list_of_modules.md @@ -94,4 +94,4 @@ | speculate | internal | No | Derive certain event types from others by common sense | passive | DNS_NAME,FINDING,IP_ADDRESS,OPEN_TCP_PORT | -For a list of module config options, see [Module Options](../configuration/#module-config-options). +For a list of module config options, see [Module Options](../configurations/#module-config-options).