diff --git a/docs/data/chord_graph/entities.json b/docs/data/chord_graph/entities.json index c91efc8530..9ddad2e896 100644 --- a/docs/data/chord_graph/entities.json +++ b/docs/data/chord_graph/entities.json @@ -23,36 +23,36 @@ ] }, { - "id": 137, + "id": 136, "name": "AZURE_TENANT", "parent": 88888888, "consumes": [ - 136 + 135 ], "produces": [] }, { - "id": 42, + "id": 41, "name": "CODE_REPOSITORY", "parent": 88888888, "consumes": [ - 61, + 60, + 80, 81, - 82, - 86, - 89, - 123, - 144 + 85, + 88, + 122, + 143 ], "produces": [ - 41, - 62, - 80, + 40, + 61, + 79, + 82, 83, - 84, + 86, 87, - 88, - 122 + 121 ] }, { @@ -62,138 +62,138 @@ "consumes": [ 6, 15, - 19, + 18, + 20, 21, - 22, - 26, + 25, + 27, 28, 29, 30, - 31, + 32, 33, 34, 35, - 36, + 37, 38, 39, - 40, - 43, + 42, + 47, 48, 49, 50, 51, - 52, + 53, 54, 55, 56, 57, - 58, - 60, - 66, - 78, - 83, - 85, - 93, - 97, - 104, - 107, - 109, + 59, + 65, + 77, + 82, + 84, + 92, + 96, + 103, + 106, + 108, + 111, 112, - 113, + 116, 117, - 118, - 120, - 124, + 119, + 123, + 127, 128, 129, 130, 131, 132, - 133, - 136, + 135, + 138, 139, 140, - 141, - 143, - 147, + 142, + 146, + 149, 150, - 151, - 154 + 153 ], "produces": [ 6, - 21, - 28, + 20, + 27, + 34, 35, - 36, + 37, 38, 39, - 40, + 47, 48, - 49, - 51, + 50, + 53, 54, 55, 56, 57, 58, - 59, - 78, - 93, - 97, - 104, - 107, - 110, + 77, + 92, + 96, + 103, + 106, + 109, + 111, 112, - 113, - 117, - 124, - 128, + 116, + 123, + 127, + 129, 130, 131, - 132, - 136, + 135, + 137, 138, 139, - 140, - 143, + 142, + 146, 147, - 148, + 149, 150, - 151, - 154 + 153 ] }, { - "id": 23, + "id": 22, "name": "DNS_NAME_UNRESOLVED", "parent": 88888888, "consumes": [ - 22, - 136, - 141 + 21, + 135, + 140 ], "produces": [] }, { - "id": 44, + "id": 43, "name": "EMAIL_ADDRESS", "parent": 88888888, "consumes": [ - 67 + 66 ], "produces": [ - 43, - 50, - 56, - 60, - 66, - 85, - 97, - 118, - 129, - 133, - 138 + 42, + 49, + 55, + 59, + 65, + 84, + 96, + 117, + 128, + 132, + 137 ] }, { @@ -201,21 +201,21 @@ "name": "FILESYSTEM", "parent": 88888888, "consumes": [ - 71, - 103, - 144, - 145 + 70, + 102, + 143, + 144 ], "produces": [ 8, - 61, - 75, + 60, + 74, + 80, 81, - 82, - 86, - 103, - 123, - 145 + 85, + 102, + 122, + 144 ] }, { @@ -224,60 +224,62 @@ "parent": 88888888, "consumes": [ 15, - 156 + 155 ], "produces": [ 1, - 22, - 24, + 14, + 21, + 23, + 25, 26, - 27, + 28, 29, 30, - 31, + 32, 33, - 34, - 37, - 80, - 88, - 92, - 94, - 96, + 36, + 64, + 78, + 79, + 87, + 91, + 93, + 95, + 104, 105, - 108, + 107, + 109, 110, - 111, - 114, - 115, + 124, 125, - 126, - 131, - 134, - 136, - 142, - 144, - 146, - 157 + 130, + 133, + 135, + 141, + 143, + 145, + 156 ] }, { - "id": 100, + "id": 99, "name": "GEOLOCATION", "parent": 88888888, "consumes": [], "produces": [ - 99, - 102 + 98, + 101 ] }, { - "id": 45, + "id": 44, "name": "HASHED_PASSWORD", "parent": 88888888, "consumes": [], "produces": [ - 43, - 50 + 42, + 49 ] }, { @@ -287,26 +289,26 @@ "consumes": [ 1, 15, - 27, - 65, - 68, - 75, - 88, - 94, + 26, + 64, + 67, + 74, + 87, + 93, + 107, 108, 109, - 110, + 113, 114, 115, - 116, - 136, - 142, - 144, - 153, - 157 + 135, + 141, + 143, + 152, + 156 ], "produces": [ - 95 + 94 ] }, { @@ -316,28 +318,28 @@ "consumes": [ 11, 15, - 99, + 98, + 100, 101, - 102, - 109, - 120, - 131, - 136 + 108, + 119, + 130, + 135 ], "produces": [ 15, - 59, - 101, - 136 + 58, + 100, + 135 ] }, { - "id": 121, + "id": 120, "name": "IP_RANGE", "parent": 88888888, "consumes": [ - 120, - 136 + 119, + 135 ], "produces": [] }, @@ -349,7 +351,7 @@ 8 ], "produces": [ - 89 + 88 ] }, { @@ -358,139 +360,140 @@ "parent": 88888888, "consumes": [ 15, - 76, - 95, - 109, - 119, - 138 + 75, + 94, + 108, + 118, + 137 ], "produces": [ 15, - 120, - 131, - 136 + 119, + 130, + 135 ] }, { - "id": 63, + "id": 62, "name": "ORG_STUB", "parent": 88888888, "consumes": [ - 62, - 84, - 89, - 122 + 61, + 83, + 88, + 121 ], "produces": [ - 136 + 135 ] }, { - "id": 46, + "id": 45, "name": "PASSWORD", "parent": 88888888, "consumes": [], "produces": [ - 43, - 50 + 42, + 49 ] }, { - "id": 77, + "id": 76, "name": "PROTOCOL", "parent": 88888888, "consumes": [ - 106, - 109 + 105, + 108 ], "produces": [ - 76 + 75 ] }, { - "id": 53, + "id": 52, "name": "RAW_DNS_RECORD", "parent": 88888888, "consumes": [], "produces": [ - 52, - 59, - 60 + 51, + 58, + 59 ] }, { - "id": 69, + "id": 68, "name": "RAW_TEXT", "parent": 88888888, "consumes": [ - 68, - 144 + 67, + 143 ], "produces": [ - 71 + 70 ] }, { - "id": 64, + "id": 63, "name": "SOCIAL", "parent": 88888888, "consumes": [ - 62, - 84, + 61, + 83, + 86, 87, - 88, - 90, - 122, - 136 + 89, + 121, + 135 ], "produces": [ - 62, - 85, - 88, - 135 + 61, + 84, + 87, + 134 ] }, { - "id": 25, + "id": 24, "name": "STORAGE_BUCKET", "parent": 88888888, "consumes": [ - 24, + 23, + 28, 29, 30, 31, 32, 33, - 34, - 136 + 135 ], "produces": [ + 28, 29, 30, - 31, - 33, - 34 + 32, + 33 ] }, { - "id": 17, + "id": 5, "name": "TECHNOLOGY", "parent": 88888888, "consumes": [ 15, - 88, - 156, - 157 + 87, + 155, + 156 ], "produces": [ - 27, - 65, - 88, - 90, - 111, - 131, - 153, - 157 + 1, + 26, + 64, + 87, + 89, + 110, + 130, + 152, + 156 ] }, { @@ -501,166 +504,140 @@ 1, 14, 15, - 24, - 37, - 72, + 23, + 36, + 71, + 78, 79, - 80, - 90, - 92, - 95, - 98, - 105, + 89, + 91, + 94, + 97, + 104, + 109, 110, - 111, - 119, - 127, - 134, - 136, - 142, - 146, - 148, - 152, - 156 + 118, + 126, + 133, + 135, + 141, + 145, + 147, + 151, + 155 ], "produces": [ - 90, - 95 + 89, + 94 ] }, { - "id": 74, + "id": 73, "name": "URL_HINT", "parent": 88888888, "consumes": [ - 73 + 72 ], "produces": [ - 98 + 97 ] }, { - "id": 20, + "id": 19, "name": "URL_UNVERIFIED", "parent": 88888888, "consumes": [ - 41, - 75, - 95, - 112, - 119, - 126, - 135, - 136 + 40, + 74, + 94, + 111, + 118, + 125, + 134, + 135 ], "produces": [ - 19, - 28, - 32, - 52, - 56, - 60, - 62, - 68, + 18, + 27, + 31, + 51, + 55, + 59, + 61, + 67, + 71, 72, - 73, - 83, - 90, - 97, - 127, - 129, - 147, - 154, - 157 + 82, + 89, + 96, + 126, + 128, + 146, + 153, + 156 ] }, { - "id": 47, + "id": 46, "name": "USERNAME", "parent": 88888888, "consumes": [ - 136 + 135 ], "produces": [ - 43, - 50 + 42, + 49 ] }, { - "id": 149, + "id": 148, "name": "VHOST", "parent": 88888888, "consumes": [ - 156 - ], - "produces": [ - 148 - ] - }, - { - "id": 5, - "name": "VULNERABILITY", - "parent": 88888888, - "consumes": [ - 15, - 156 + 155 ], "produces": [ - 1, - 14, - 22, - 24, - 26, - 27, - 65, - 79, - 105, - 106, - 111, - 131, - 142, - 144, - 157 + 147 ] }, { - "id": 18, + "id": 17, "name": "WAF", "parent": 88888888, "consumes": [ 15 ], "produces": [ - 152 + 151 ] }, { - "id": 91, + "id": 90, "name": "WEBSCREENSHOT", "parent": 88888888, "consumes": [], "produces": [ - 90 + 89 ] }, { - "id": 70, + "id": 69, "name": "WEB_PARAMETER", "parent": 88888888, "consumes": [ - 96, - 105, + 95, + 104, + 113, 114, 115, - 116, - 125, - 155 + 124, + 154 ], "produces": [ - 68, + 67, + 113, 114, - 115, - 116 + 115 ] }, { @@ -717,7 +694,7 @@ 3 ], "produces": [ - 5 + 4 ] }, { @@ -730,10 +707,9 @@ 2, 12, 16, - 17, - 3, 5, - 18 + 3, + 17 ], "produces": [ 12, @@ -741,18 +717,18 @@ ] }, { - "id": 19, + "id": 18, "name": "azure_realm", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 20 + 19 ] }, { - "id": 21, + "id": 20, "name": "azure_tenant", "parent": 99999999, "consumes": [ @@ -763,45 +739,42 @@ ] }, { - "id": 22, + "id": 21, "name": "baddns", "parent": 99999999, "consumes": [ 7, - 23 + 22 ], "produces": [ - 4, - 5 + 4 ] }, { - "id": 24, + "id": 23, "name": "baddns_direct", "parent": 99999999, "consumes": [ - 25, + 24, 3 ], "produces": [ - 4, - 5 + 4 ] }, { - "id": 26, + "id": 25, "name": "baddns_zone", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 4, - 5 + 4 ] }, { - "id": 27, + "id": 26, "name": "badsecrets", "parent": 99999999, "consumes": [ @@ -809,12 +782,11 @@ ], "produces": [ 4, - 17, 5 ] }, { - "id": 28, + "id": 27, "name": "bevigil", "parent": 99999999, "consumes": [ @@ -822,87 +794,87 @@ ], "produces": [ 7, - 20 + 19 ] }, { - "id": 29, + "id": 28, "name": "bucket_amazon", "parent": 99999999, "consumes": [ 7, - 25 + 24 ], "produces": [ 4, - 25 + 24 ] }, { - "id": 30, + "id": 29, "name": "bucket_azure", "parent": 99999999, "consumes": [ 7, - 25 + 24 ], "produces": [ 4, - 25 + 24 ] }, { - "id": 31, + "id": 30, "name": "bucket_digitalocean", "parent": 99999999, "consumes": [ 7, - 25 + 24 ], "produces": [ 4, - 25 + 24 ] }, { - "id": 32, + "id": 31, "name": "bucket_file_enum", "parent": 99999999, "consumes": [ - 25 + 24 ], "produces": [ - 20 + 19 ] }, { - "id": 33, + "id": 32, "name": "bucket_firebase", "parent": 99999999, "consumes": [ 7, - 25 + 24 ], "produces": [ 4, - 25 + 24 ] }, { - "id": 34, + "id": 33, "name": "bucket_google", "parent": 99999999, "consumes": [ 7, - 25 + 24 ], "produces": [ 4, - 25 + 24 ] }, { - "id": 35, + "id": 34, "name": "bufferoverrun", "parent": 99999999, "consumes": [ @@ -913,7 +885,7 @@ ] }, { - "id": 36, + "id": 35, "name": "builtwith", "parent": 99999999, "consumes": [ @@ -924,7 +896,7 @@ ] }, { - "id": 37, + "id": 36, "name": "bypass403", "parent": 99999999, "consumes": [ @@ -935,7 +907,7 @@ ] }, { - "id": 38, + "id": 37, "name": "c99", "parent": 99999999, "consumes": [ @@ -946,7 +918,7 @@ ] }, { - "id": 39, + "id": 38, "name": "certspotter", "parent": 99999999, "consumes": [ @@ -957,7 +929,7 @@ ] }, { - "id": 40, + "id": 39, "name": "chaos", "parent": 99999999, "consumes": [ @@ -968,32 +940,32 @@ ] }, { - "id": 41, + "id": 40, "name": "code_repository", "parent": 99999999, "consumes": [ - 20 + 19 ], "produces": [ - 42 + 41 ] }, { - "id": 43, + "id": 42, "name": "credshed", "parent": 99999999, "consumes": [ 7 ], "produces": [ + 43, 44, 45, - 46, - 47 + 46 ] }, { - "id": 48, + "id": 47, "name": "crt", "parent": 99999999, "consumes": [ @@ -1004,7 +976,7 @@ ] }, { - "id": 49, + "id": 48, "name": "crt_db", "parent": 99999999, "consumes": [ @@ -1015,21 +987,21 @@ ] }, { - "id": 50, + "id": 49, "name": "dehashed", "parent": 99999999, "consumes": [ 7 ], "produces": [ + 43, 44, 45, - 46, - 47 + 46 ] }, { - "id": 51, + "id": 50, "name": "digitorus", "parent": 99999999, "consumes": [ @@ -1040,19 +1012,19 @@ ] }, { - "id": 52, + "id": 51, "name": "dnsbimi", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 53, - 20 + 52, + 19 ] }, { - "id": 54, + "id": 53, "name": "dnsbrute", "parent": 99999999, "consumes": [ @@ -1063,7 +1035,7 @@ ] }, { - "id": 55, + "id": 54, "name": "dnsbrute_mutations", "parent": 99999999, "consumes": [ @@ -1074,7 +1046,7 @@ ] }, { - "id": 56, + "id": 55, "name": "dnscaa", "parent": 99999999, "consumes": [ @@ -1082,12 +1054,12 @@ ], "produces": [ 7, - 44, - 20 + 43, + 19 ] }, { - "id": 57, + "id": 56, "name": "dnscommonsrv", "parent": 99999999, "consumes": [ @@ -1098,7 +1070,7 @@ ] }, { - "id": 58, + "id": 57, "name": "dnsdumpster", "parent": 99999999, "consumes": [ @@ -1109,157 +1081,157 @@ ] }, { - "id": 59, + "id": 58, "name": "dnsresolve", "parent": 99999999, "consumes": [], "produces": [ 7, 12, - 53 + 52 ] }, { - "id": 60, + "id": 59, "name": "dnstlsrpt", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 44, - 53, - 20 + 43, + 52, + 19 ] }, { - "id": 61, + "id": 60, "name": "docker_pull", "parent": 99999999, "consumes": [ - 42 + 41 ], "produces": [ 10 ] }, { - "id": 62, + "id": 61, "name": "dockerhub", "parent": 99999999, "consumes": [ - 63, - 64 + 62, + 63 ], "produces": [ - 42, - 64, - 20 + 41, + 63, + 19 ] }, { - "id": 65, + "id": 64, "name": "dotnetnuke", "parent": 99999999, "consumes": [ 2 ], "produces": [ - 17, + 4, 5 ] }, { - "id": 66, + "id": 65, "name": "emailformat", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 44 + 43 ] }, { - "id": 67, + "id": 66, "name": "emails", "parent": 99999999, "consumes": [ - 44 + 43 ], "produces": [] }, { - "id": 68, + "id": 67, "name": "excavate", "parent": 99999999, "consumes": [ 2, - 69 + 68 ], "produces": [ - 20, - 70 + 19, + 69 ] }, { - "id": 71, + "id": 70, "name": "extractous", "parent": 99999999, "consumes": [ 10 ], "produces": [ - 69 + 68 ] }, { - "id": 72, + "id": 71, "name": "ffuf", "parent": 99999999, "consumes": [ 3 ], "produces": [ - 20 + 19 ] }, { - "id": 73, + "id": 72, "name": "ffuf_shortnames", "parent": 99999999, "consumes": [ - 74 + 73 ], "produces": [ - 20 + 19 ] }, { - "id": 75, + "id": 74, "name": "filedownload", "parent": 99999999, "consumes": [ 2, - 20 + 19 ], "produces": [ 10 ] }, { - "id": 76, + "id": 75, "name": "fingerprintx", "parent": 99999999, "consumes": [ 16 ], "produces": [ - 77 + 76 ] }, { - "id": 78, + "id": 77, "name": "fullhunt", "parent": 99999999, "consumes": [ @@ -1270,153 +1242,153 @@ ] }, { - "id": 79, + "id": 78, "name": "generic_ssrf", "parent": 99999999, "consumes": [ 3 ], "produces": [ - 5 + 4 ] }, { - "id": 80, + "id": 79, "name": "git", "parent": 99999999, "consumes": [ 3 ], "produces": [ - 42, + 41, 4 ] }, { - "id": 81, + "id": 80, "name": "git_clone", "parent": 99999999, "consumes": [ - 42 + 41 ], "produces": [ 10 ] }, { - "id": 82, + "id": 81, "name": "gitdumper", "parent": 99999999, "consumes": [ - 42 + 41 ], "produces": [ 10 ] }, { - "id": 83, + "id": 82, "name": "github_codesearch", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 42, - 20 + 41, + 19 ] }, { - "id": 84, + "id": 83, "name": "github_org", "parent": 99999999, "consumes": [ - 63, - 64 + 62, + 63 ], "produces": [ - 42 + 41 ] }, { - "id": 85, + "id": 84, "name": "github_usersearch", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 44, - 64 + 43, + 63 ] }, { - "id": 86, + "id": 85, "name": "github_workflows", "parent": 99999999, "consumes": [ - 42 + 41 ], "produces": [ 10 ] }, { - "id": 87, + "id": 86, "name": "gitlab_com", "parent": 99999999, "consumes": [ - 64 + 63 ], "produces": [ - 42 + 41 ] }, { - "id": 88, + "id": 87, "name": "gitlab_onprem", "parent": 99999999, "consumes": [ 2, - 64, - 17 + 63, + 5 ], "produces": [ - 42, + 41, 4, - 64, - 17 + 63, + 5 ] }, { - "id": 89, + "id": 88, "name": "google_playstore", "parent": 99999999, "consumes": [ - 42, - 63 + 41, + 62 ], "produces": [ 9 ] }, { - "id": 90, + "id": 89, "name": "gowitness", "parent": 99999999, "consumes": [ - 64, + 63, 3 ], "produces": [ - 17, + 5, 3, - 20, - 91 + 19, + 90 ] }, { - "id": 92, + "id": 91, "name": "graphql_introspection", "parent": 99999999, "consumes": [ @@ -1427,7 +1399,7 @@ ] }, { - "id": 93, + "id": 92, "name": "hackertarget", "parent": 99999999, "consumes": [ @@ -1438,7 +1410,7 @@ ] }, { - "id": 94, + "id": 93, "name": "host_header", "parent": 99999999, "consumes": [ @@ -1449,13 +1421,13 @@ ] }, { - "id": 95, + "id": 94, "name": "httpx", "parent": 99999999, "consumes": [ 16, 3, - 20 + 19 ], "produces": [ 2, @@ -1463,18 +1435,18 @@ ] }, { - "id": 96, + "id": 95, "name": "hunt", "parent": 99999999, "consumes": [ - 70 + 69 ], "produces": [ 4 ] }, { - "id": 97, + "id": 96, "name": "hunterio", "parent": 99999999, "consumes": [ @@ -1482,34 +1454,34 @@ ], "produces": [ 7, - 44, - 20 + 43, + 19 ] }, { - "id": 98, + "id": 97, "name": "iis_shortnames", "parent": 99999999, "consumes": [ 3 ], "produces": [ - 74 + 73 ] }, { - "id": 99, + "id": 98, "name": "ip2location", "parent": 99999999, "consumes": [ 12 ], "produces": [ - 100 + 99 ] }, { - "id": 101, + "id": 100, "name": "ipneighbor", "parent": 99999999, "consumes": [ @@ -1520,18 +1492,18 @@ ] }, { - "id": 102, + "id": 101, "name": "ipstack", "parent": 99999999, "consumes": [ 12 ], "produces": [ - 100 + 99 ] }, { - "id": 103, + "id": 102, "name": "jadx", "parent": 99999999, "consumes": [ @@ -1542,7 +1514,7 @@ ] }, { - "id": 104, + "id": 103, "name": "leakix", "parent": 99999999, "consumes": [ @@ -1553,31 +1525,30 @@ ] }, { - "id": 105, + "id": 104, "name": "lightfuzz", "parent": 99999999, "consumes": [ 3, - 70 + 69 ], "produces": [ - 4, - 5 + 4 ] }, { - "id": 106, + "id": 105, "name": "medusa", "parent": 99999999, "consumes": [ - 77 + 76 ], "produces": [ - 5 + 4 ] }, { - "id": 107, + "id": 106, "name": "myssl", "parent": 99999999, "consumes": [ @@ -1588,7 +1559,7 @@ ] }, { - "id": 108, + "id": 107, "name": "newsletters", "parent": 99999999, "consumes": [ @@ -1599,7 +1570,7 @@ ] }, { - "id": 109, + "id": 108, "name": "nmap_xml", "parent": 99999999, "consumes": [ @@ -1607,12 +1578,12 @@ 2, 12, 16, - 77 + 76 ], "produces": [] }, { - "id": 110, + "id": 109, "name": "ntlm", "parent": 99999999, "consumes": [ @@ -1625,7 +1596,7 @@ ] }, { - "id": 111, + "id": 110, "name": "nuclei", "parent": 99999999, "consumes": [ @@ -1633,24 +1604,23 @@ ], "produces": [ 4, - 17, 5 ] }, { - "id": 112, + "id": 111, "name": "oauth", "parent": 99999999, "consumes": [ 7, - 20 + 19 ], "produces": [ 7 ] }, { - "id": 113, + "id": 112, "name": "otx", "parent": 99999999, "consumes": [ @@ -1661,45 +1631,43 @@ ] }, { - "id": 114, + "id": 113, "name": "paramminer_cookies", "parent": 99999999, "consumes": [ 2, - 70 + 69 ], "produces": [ - 4, - 70 + 69 ] }, { - "id": 115, + "id": 114, "name": "paramminer_getparams", "parent": 99999999, "consumes": [ 2, - 70 + 69 ], "produces": [ - 4, - 70 + 69 ] }, { - "id": 116, + "id": 115, "name": "paramminer_headers", "parent": 99999999, "consumes": [ 2, - 70 + 69 ], "produces": [ - 70 + 69 ] }, { - "id": 117, + "id": 116, "name": "passivetotal", "parent": 99999999, "consumes": [ @@ -1710,65 +1678,65 @@ ] }, { - "id": 118, + "id": 117, "name": "pgp", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 44 + 43 ] }, { - "id": 119, + "id": 118, "name": "portfilter", "parent": 99999999, "consumes": [ 16, 3, - 20 + 19 ], "produces": [] }, { - "id": 120, + "id": 119, "name": "portscan", "parent": 99999999, "consumes": [ 7, 12, - 121 + 120 ], "produces": [ 16 ] }, { - "id": 122, + "id": 121, "name": "postman", "parent": 99999999, "consumes": [ - 63, - 64 + 62, + 63 ], "produces": [ - 42 + 41 ] }, { - "id": 123, + "id": 122, "name": "postman_download", "parent": 99999999, "consumes": [ - 42 + 41 ], "produces": [ 10 ] }, { - "id": 124, + "id": 123, "name": "rapiddns", "parent": 99999999, "consumes": [ @@ -1779,40 +1747,40 @@ ] }, { - "id": 125, + "id": 124, "name": "reflected_parameters", "parent": 99999999, "consumes": [ - 70 + 69 ], "produces": [ 4 ] }, { - "id": 126, + "id": 125, "name": "retirejs", "parent": 99999999, "consumes": [ - 20 + 19 ], "produces": [ 4 ] }, { - "id": 127, + "id": 126, "name": "robots", "parent": 99999999, "consumes": [ 3 ], "produces": [ - 20 + 19 ] }, { - "id": 128, + "id": 127, "name": "securitytrails", "parent": 99999999, "consumes": [ @@ -1823,19 +1791,19 @@ ] }, { - "id": 129, + "id": 128, "name": "securitytxt", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 44, - 20 + 43, + 19 ] }, { - "id": 130, + "id": 129, "name": "shodan_dns", "parent": 99999999, "consumes": [ @@ -1846,7 +1814,7 @@ ] }, { - "id": 131, + "id": 130, "name": "shodan_idb", "parent": 99999999, "consumes": [ @@ -1857,12 +1825,11 @@ 7, 4, 16, - 17, 5 ] }, { - "id": 132, + "id": 131, "name": "sitedossier", "parent": 99999999, "consumes": [ @@ -1873,18 +1840,18 @@ ] }, { - "id": 133, + "id": 132, "name": "skymem", "parent": 99999999, "consumes": [ 7 ], "produces": [ - 44 + 43 ] }, { - "id": 134, + "id": 133, "name": "smuggler", "parent": 99999999, "consumes": [ @@ -1895,43 +1862,43 @@ ] }, { - "id": 135, + "id": 134, "name": "social", "parent": 99999999, "consumes": [ - 20 + 19 ], "produces": [ - 64 + 63 ] }, { - "id": 136, + "id": 135, "name": "speculate", "parent": 99999999, "consumes": [ - 137, + 136, 7, - 23, + 22, 2, 12, - 121, - 64, - 25, + 120, + 63, + 24, 3, - 20, - 47 + 19, + 46 ], "produces": [ 7, 4, 12, 16, - 63 + 62 ] }, { - "id": 138, + "id": 137, "name": "sslcert", "parent": 99999999, "consumes": [ @@ -1939,11 +1906,11 @@ ], "produces": [ 7, - 44 + 43 ] }, { - "id": 139, + "id": 138, "name": "subdomaincenter", "parent": 99999999, "consumes": [ @@ -1954,7 +1921,7 @@ ] }, { - "id": 140, + "id": 139, "name": "subdomainradar", "parent": 99999999, "consumes": [ @@ -1965,17 +1932,17 @@ ] }, { - "id": 141, + "id": 140, "name": "subdomains", "parent": 99999999, "consumes": [ 7, - 23 + 22 ], "produces": [] }, { - "id": 142, + "id": 141, "name": "telerik", "parent": 99999999, "consumes": [ @@ -1983,12 +1950,11 @@ 3 ], "produces": [ - 4, - 5 + 4 ] }, { - "id": 143, + "id": 142, "name": "trickest", "parent": 99999999, "consumes": [ @@ -1999,22 +1965,21 @@ ] }, { - "id": 144, + "id": 143, "name": "trufflehog", "parent": 99999999, "consumes": [ - 42, + 41, 10, 2, - 69 + 68 ], "produces": [ - 4, - 5 + 4 ] }, { - "id": 145, + "id": 144, "name": "unarchive", "parent": 99999999, "consumes": [ @@ -2025,7 +1990,7 @@ ] }, { - "id": 146, + "id": 145, "name": "url_manipulation", "parent": 99999999, "consumes": [ @@ -2036,7 +2001,7 @@ ] }, { - "id": 147, + "id": 146, "name": "urlscan", "parent": 99999999, "consumes": [ @@ -2044,11 +2009,11 @@ ], "produces": [ 7, - 20 + 19 ] }, { - "id": 148, + "id": 147, "name": "vhost", "parent": 99999999, "consumes": [ @@ -2056,11 +2021,11 @@ ], "produces": [ 7, - 149 + 148 ] }, { - "id": 150, + "id": 149, "name": "viewdns", "parent": 99999999, "consumes": [ @@ -2071,7 +2036,7 @@ ] }, { - "id": 151, + "id": 150, "name": "virustotal", "parent": 99999999, "consumes": [ @@ -2082,29 +2047,29 @@ ] }, { - "id": 152, + "id": 151, "name": "wafw00f", "parent": 99999999, "consumes": [ 3 ], "produces": [ - 18 + 17 ] }, { - "id": 153, + "id": 152, "name": "wappalyzer", "parent": 99999999, "consumes": [ 2 ], "produces": [ - 17 + 5 ] }, { - "id": 154, + "id": 153, "name": "wayback", "parent": 99999999, "consumes": [ @@ -2112,44 +2077,42 @@ ], "produces": [ 7, - 20 + 19 ] }, { - "id": 155, + "id": 154, "name": "web_parameters", "parent": 99999999, "consumes": [ - 70 + 69 ], "produces": [] }, { - "id": 156, + "id": 155, "name": "web_report", "parent": 99999999, "consumes": [ 4, - 17, + 5, 3, - 149, - 5 + 148 ], "produces": [] }, { - "id": 157, + "id": 156, "name": "wpscan", "parent": 99999999, "consumes": [ 2, - 17 + 5 ], "produces": [ 4, - 17, - 20, - 5 + 5, + 19 ] } ] \ No newline at end of file diff --git a/docs/data/chord_graph/rels.json b/docs/data/chord_graph/rels.json index 795ea19895..39dfaa246a 100644 --- a/docs/data/chord_graph/rels.json +++ b/docs/data/chord_graph/rels.json @@ -55,7 +55,7 @@ "type": "consumes" }, { - "source": 5, + "source": 4, "target": 14, "type": "produces" }, @@ -86,7 +86,7 @@ }, { "source": 15, - "target": 17, + "target": 5, "type": "consumes" }, { @@ -96,12 +96,7 @@ }, { "source": 15, - "target": 5, - "type": "consumes" - }, - { - "source": 15, - "target": 18, + "target": 17, "type": "consumes" }, { @@ -115,68 +110,68 @@ "type": "produces" }, { - "source": 19, + "source": 18, "target": 7, "type": "consumes" }, { - "source": 20, - "target": 19, + "source": 19, + "target": 18, "type": "produces" }, { - "source": 21, + "source": 20, "target": 7, "type": "consumes" }, { "source": 7, - "target": 21, + "target": 20, "type": "produces" }, { - "source": 22, + "source": 21, "target": 7, "type": "consumes" }, { - "source": 22, - "target": 23, + "source": 21, + "target": 22, "type": "consumes" }, { "source": 4, - "target": 22, - "type": "produces" - }, - { - "source": 5, - "target": 22, + "target": 21, "type": "produces" }, { - "source": 24, - "target": 25, + "source": 23, + "target": 24, "type": "consumes" }, { - "source": 24, + "source": 23, "target": 3, "type": "consumes" }, { "source": 4, - "target": 24, + "target": 23, "type": "produces" }, { - "source": 5, - "target": 24, + "source": 25, + "target": 7, + "type": "consumes" + }, + { + "source": 4, + "target": 25, "type": "produces" }, { "source": 26, - "target": 7, + "target": 2, "type": "consumes" }, { @@ -191,36 +186,36 @@ }, { "source": 27, - "target": 2, + "target": 7, "type": "consumes" }, { - "source": 4, + "source": 7, "target": 27, "type": "produces" }, { - "source": 17, + "source": 19, "target": 27, "type": "produces" }, { - "source": 5, - "target": 27, - "type": "produces" + "source": 28, + "target": 7, + "type": "consumes" }, { "source": 28, - "target": 7, + "target": 24, "type": "consumes" }, { - "source": 7, + "source": 4, "target": 28, "type": "produces" }, { - "source": 20, + "source": 24, "target": 28, "type": "produces" }, @@ -231,7 +226,7 @@ }, { "source": 29, - "target": 25, + "target": 24, "type": "consumes" }, { @@ -240,7 +235,7 @@ "type": "produces" }, { - "source": 25, + "source": 24, "target": 29, "type": "produces" }, @@ -251,7 +246,7 @@ }, { "source": 30, - "target": 25, + "target": 24, "type": "consumes" }, { @@ -260,37 +255,37 @@ "type": "produces" }, { - "source": 25, + "source": 24, "target": 30, "type": "produces" }, { "source": 31, - "target": 7, - "type": "consumes" - }, - { - "source": 31, - "target": 25, + "target": 24, "type": "consumes" }, { - "source": 4, + "source": 19, "target": 31, "type": "produces" }, { - "source": 25, - "target": 31, - "type": "produces" + "source": 32, + "target": 7, + "type": "consumes" }, { "source": 32, - "target": 25, + "target": 24, "type": "consumes" }, { - "source": 20, + "source": 4, + "target": 32, + "type": "produces" + }, + { + "source": 24, "target": 32, "type": "produces" }, @@ -301,7 +296,7 @@ }, { "source": 33, - "target": 25, + "target": 24, "type": "consumes" }, { @@ -310,7 +305,7 @@ "type": "produces" }, { - "source": 25, + "source": 24, "target": 33, "type": "produces" }, @@ -320,17 +315,7 @@ "type": "consumes" }, { - "source": 34, - "target": 25, - "type": "consumes" - }, - { - "source": 4, - "target": 34, - "type": "produces" - }, - { - "source": 25, + "source": 7, "target": 34, "type": "produces" }, @@ -346,21 +331,21 @@ }, { "source": 36, - "target": 7, + "target": 3, "type": "consumes" }, { - "source": 7, + "source": 4, "target": 36, "type": "produces" }, { "source": 37, - "target": 3, + "target": 7, "type": "consumes" }, { - "source": 4, + "source": 7, "target": 37, "type": "produces" }, @@ -386,47 +371,47 @@ }, { "source": 40, - "target": 7, + "target": 19, "type": "consumes" }, { - "source": 7, + "source": 41, "target": 40, "type": "produces" }, - { - "source": 41, - "target": 20, - "type": "consumes" - }, { "source": 42, - "target": 41, - "type": "produces" + "target": 7, + "type": "consumes" }, { "source": 43, - "target": 7, - "type": "consumes" + "target": 42, + "type": "produces" }, { "source": 44, - "target": 43, + "target": 42, "type": "produces" }, { "source": 45, - "target": 43, + "target": 42, "type": "produces" }, { "source": 46, - "target": 43, + "target": 42, "type": "produces" }, { "source": 47, - "target": 43, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 47, "type": "produces" }, { @@ -445,763 +430,753 @@ "type": "consumes" }, { - "source": 7, + "source": 43, "target": 49, "type": "produces" }, - { - "source": 50, - "target": 7, - "type": "consumes" - }, { "source": 44, - "target": 50, + "target": 49, "type": "produces" }, { "source": 45, - "target": 50, + "target": 49, "type": "produces" }, { "source": 46, - "target": 50, - "type": "produces" - }, - { - "source": 47, - "target": 50, + "target": 49, "type": "produces" }, { - "source": 51, + "source": 50, "target": 7, "type": "consumes" }, { "source": 7, - "target": 51, + "target": 50, "type": "produces" }, { - "source": 52, + "source": 51, "target": 7, "type": "consumes" }, { - "source": 53, - "target": 52, + "source": 52, + "target": 51, "type": "produces" }, { - "source": 20, - "target": 52, + "source": 19, + "target": 51, "type": "produces" }, { - "source": 54, + "source": 53, "target": 7, "type": "consumes" }, { "source": 7, - "target": 54, + "target": 53, "type": "produces" }, { - "source": 55, + "source": 54, "target": 7, "type": "consumes" }, { "source": 7, - "target": 55, + "target": 54, "type": "produces" }, { - "source": 56, + "source": 55, "target": 7, "type": "consumes" }, { "source": 7, - "target": 56, + "target": 55, "type": "produces" }, { - "source": 44, - "target": 56, + "source": 43, + "target": 55, "type": "produces" }, { - "source": 20, - "target": 56, + "source": 19, + "target": 55, "type": "produces" }, { - "source": 57, + "source": 56, "target": 7, "type": "consumes" }, { "source": 7, - "target": 57, + "target": 56, "type": "produces" }, { - "source": 58, + "source": 57, "target": 7, "type": "consumes" }, { "source": 7, - "target": 58, + "target": 57, "type": "produces" }, { "source": 7, - "target": 59, + "target": 58, "type": "produces" }, { "source": 12, - "target": 59, + "target": 58, "type": "produces" }, { - "source": 53, - "target": 59, + "source": 52, + "target": 58, "type": "produces" }, { - "source": 60, + "source": 59, "target": 7, "type": "consumes" }, { - "source": 44, - "target": 60, + "source": 43, + "target": 59, "type": "produces" }, { - "source": 53, - "target": 60, + "source": 52, + "target": 59, "type": "produces" }, { - "source": 20, - "target": 60, + "source": 19, + "target": 59, "type": "produces" }, { - "source": 61, - "target": 42, + "source": 60, + "target": 41, "type": "consumes" }, { "source": 10, - "target": 61, + "target": 60, "type": "produces" }, { - "source": 62, - "target": 63, + "source": 61, + "target": 62, "type": "consumes" }, { - "source": 62, - "target": 64, + "source": 61, + "target": 63, "type": "consumes" }, { - "source": 42, - "target": 62, + "source": 41, + "target": 61, "type": "produces" }, { - "source": 64, - "target": 62, + "source": 63, + "target": 61, "type": "produces" }, { - "source": 20, - "target": 62, + "source": 19, + "target": 61, "type": "produces" }, { - "source": 65, + "source": 64, "target": 2, "type": "consumes" }, { - "source": 17, - "target": 65, + "source": 4, + "target": 64, "type": "produces" }, { "source": 5, - "target": 65, + "target": 64, "type": "produces" }, { - "source": 66, + "source": 65, "target": 7, "type": "consumes" }, { - "source": 44, - "target": 66, + "source": 43, + "target": 65, "type": "produces" }, { - "source": 67, - "target": 44, + "source": 66, + "target": 43, "type": "consumes" }, { - "source": 68, + "source": 67, "target": 2, "type": "consumes" }, { - "source": 68, - "target": 69, + "source": 67, + "target": 68, "type": "consumes" }, { - "source": 20, - "target": 68, + "source": 19, + "target": 67, "type": "produces" }, { - "source": 70, - "target": 68, + "source": 69, + "target": 67, "type": "produces" }, { - "source": 71, + "source": 70, "target": 10, "type": "consumes" }, { - "source": 69, - "target": 71, + "source": 68, + "target": 70, "type": "produces" }, { - "source": 72, + "source": 71, "target": 3, "type": "consumes" }, { - "source": 20, - "target": 72, + "source": 19, + "target": 71, "type": "produces" }, { - "source": 73, - "target": 74, + "source": 72, + "target": 73, "type": "consumes" }, { - "source": 20, - "target": 73, + "source": 19, + "target": 72, "type": "produces" }, { - "source": 75, + "source": 74, "target": 2, "type": "consumes" }, { - "source": 75, - "target": 20, + "source": 74, + "target": 19, "type": "consumes" }, { "source": 10, - "target": 75, + "target": 74, "type": "produces" }, { - "source": 76, + "source": 75, "target": 16, "type": "consumes" }, { - "source": 77, - "target": 76, + "source": 76, + "target": 75, "type": "produces" }, { - "source": 78, + "source": 77, "target": 7, "type": "consumes" }, { "source": 7, - "target": 78, + "target": 77, "type": "produces" }, { - "source": 79, + "source": 78, "target": 3, "type": "consumes" }, { - "source": 5, - "target": 79, + "source": 4, + "target": 78, "type": "produces" }, { - "source": 80, + "source": 79, "target": 3, "type": "consumes" }, { - "source": 42, - "target": 80, + "source": 41, + "target": 79, "type": "produces" }, { "source": 4, - "target": 80, + "target": 79, "type": "produces" }, { - "source": 81, - "target": 42, + "source": 80, + "target": 41, "type": "consumes" }, { "source": 10, - "target": 81, + "target": 80, "type": "produces" }, { - "source": 82, - "target": 42, + "source": 81, + "target": 41, "type": "consumes" }, { "source": 10, - "target": 82, + "target": 81, "type": "produces" }, { - "source": 83, + "source": 82, "target": 7, "type": "consumes" }, { - "source": 42, - "target": 83, + "source": 41, + "target": 82, "type": "produces" }, { - "source": 20, - "target": 83, + "source": 19, + "target": 82, "type": "produces" }, { - "source": 84, - "target": 63, + "source": 83, + "target": 62, "type": "consumes" }, { - "source": 84, - "target": 64, + "source": 83, + "target": 63, "type": "consumes" }, { - "source": 42, - "target": 84, + "source": 41, + "target": 83, "type": "produces" }, { - "source": 85, + "source": 84, "target": 7, "type": "consumes" }, { - "source": 44, - "target": 85, + "source": 43, + "target": 84, "type": "produces" }, { - "source": 64, - "target": 85, + "source": 63, + "target": 84, "type": "produces" }, { - "source": 86, - "target": 42, + "source": 85, + "target": 41, "type": "consumes" }, { "source": 10, - "target": 86, + "target": 85, "type": "produces" }, { - "source": 87, - "target": 64, + "source": 86, + "target": 63, "type": "consumes" }, { - "source": 42, - "target": 87, + "source": 41, + "target": 86, "type": "produces" }, { - "source": 88, + "source": 87, "target": 2, "type": "consumes" }, { - "source": 88, - "target": 64, + "source": 87, + "target": 63, "type": "consumes" }, { - "source": 88, - "target": 17, + "source": 87, + "target": 5, "type": "consumes" }, { - "source": 42, - "target": 88, + "source": 41, + "target": 87, "type": "produces" }, { "source": 4, - "target": 88, + "target": 87, "type": "produces" }, { - "source": 64, - "target": 88, + "source": 63, + "target": 87, "type": "produces" }, { - "source": 17, - "target": 88, + "source": 5, + "target": 87, "type": "produces" }, { - "source": 89, - "target": 42, + "source": 88, + "target": 41, "type": "consumes" }, { - "source": 89, - "target": 63, + "source": 88, + "target": 62, "type": "consumes" }, { "source": 9, - "target": 89, + "target": 88, "type": "produces" }, { - "source": 90, - "target": 64, + "source": 89, + "target": 63, "type": "consumes" }, { - "source": 90, + "source": 89, "target": 3, "type": "consumes" }, { - "source": 17, - "target": 90, + "source": 5, + "target": 89, "type": "produces" }, { "source": 3, - "target": 90, + "target": 89, "type": "produces" }, { - "source": 20, - "target": 90, + "source": 19, + "target": 89, "type": "produces" }, { - "source": 91, - "target": 90, + "source": 90, + "target": 89, "type": "produces" }, { - "source": 92, + "source": 91, "target": 3, "type": "consumes" }, { "source": 4, - "target": 92, + "target": 91, "type": "produces" }, { - "source": 93, + "source": 92, "target": 7, "type": "consumes" }, { "source": 7, - "target": 93, + "target": 92, "type": "produces" }, { - "source": 94, + "source": 93, "target": 2, "type": "consumes" }, { "source": 4, - "target": 94, + "target": 93, "type": "produces" }, { - "source": 95, + "source": 94, "target": 16, "type": "consumes" }, { - "source": 95, + "source": 94, "target": 3, "type": "consumes" }, { - "source": 95, - "target": 20, + "source": 94, + "target": 19, "type": "consumes" }, { "source": 2, - "target": 95, + "target": 94, "type": "produces" }, { "source": 3, - "target": 95, + "target": 94, "type": "produces" }, { - "source": 96, - "target": 70, + "source": 95, + "target": 69, "type": "consumes" }, { "source": 4, - "target": 96, + "target": 95, "type": "produces" }, { - "source": 97, + "source": 96, "target": 7, "type": "consumes" }, { "source": 7, - "target": 97, + "target": 96, "type": "produces" }, { - "source": 44, - "target": 97, + "source": 43, + "target": 96, "type": "produces" }, { - "source": 20, - "target": 97, + "source": 19, + "target": 96, "type": "produces" }, { - "source": 98, + "source": 97, "target": 3, "type": "consumes" }, { - "source": 74, - "target": 98, + "source": 73, + "target": 97, "type": "produces" }, { - "source": 99, + "source": 98, "target": 12, "type": "consumes" }, { - "source": 100, - "target": 99, + "source": 99, + "target": 98, "type": "produces" }, { - "source": 101, + "source": 100, "target": 12, "type": "consumes" }, { "source": 12, - "target": 101, + "target": 100, "type": "produces" }, { - "source": 102, + "source": 101, "target": 12, "type": "consumes" }, { - "source": 100, - "target": 102, + "source": 99, + "target": 101, "type": "produces" }, { - "source": 103, + "source": 102, "target": 10, "type": "consumes" }, { "source": 10, - "target": 103, + "target": 102, "type": "produces" }, { - "source": 104, + "source": 103, "target": 7, "type": "consumes" }, { "source": 7, - "target": 104, + "target": 103, "type": "produces" }, { - "source": 105, + "source": 104, "target": 3, "type": "consumes" }, { - "source": 105, - "target": 70, + "source": 104, + "target": 69, "type": "consumes" }, { "source": 4, - "target": 105, - "type": "produces" - }, - { - "source": 5, - "target": 105, + "target": 104, "type": "produces" }, { - "source": 106, - "target": 77, + "source": 105, + "target": 76, "type": "consumes" }, { - "source": 5, - "target": 106, + "source": 4, + "target": 105, "type": "produces" }, { - "source": 107, + "source": 106, "target": 7, "type": "consumes" }, { "source": 7, - "target": 107, + "target": 106, "type": "produces" }, { - "source": 108, + "source": 107, "target": 2, "type": "consumes" }, { "source": 4, - "target": 108, + "target": 107, "type": "produces" }, { - "source": 109, + "source": 108, "target": 7, "type": "consumes" }, { - "source": 109, + "source": 108, "target": 2, "type": "consumes" }, { - "source": 109, + "source": 108, "target": 12, "type": "consumes" }, { - "source": 109, + "source": 108, "target": 16, "type": "consumes" }, { - "source": 109, - "target": 77, + "source": 108, + "target": 76, "type": "consumes" }, { - "source": 110, + "source": 109, "target": 2, "type": "consumes" }, { - "source": 110, + "source": 109, "target": 3, "type": "consumes" }, { "source": 7, - "target": 110, + "target": 109, "type": "produces" }, { "source": 4, - "target": 110, + "target": 109, "type": "produces" }, { - "source": 111, + "source": 110, "target": 3, "type": "consumes" }, { "source": 4, - "target": 111, - "type": "produces" - }, - { - "source": 17, - "target": 111, + "target": 110, "type": "produces" }, { "source": 5, - "target": 111, + "target": 110, "type": "produces" }, { - "source": 112, + "source": 111, "target": 7, "type": "consumes" }, + { + "source": 111, + "target": 19, + "type": "consumes" + }, + { + "source": 7, + "target": 111, + "type": "produces" + }, { "source": 112, - "target": 20, + "target": 7, "type": "consumes" }, { @@ -1211,11 +1186,16 @@ }, { "source": 113, - "target": 7, + "target": 2, "type": "consumes" }, { - "source": 7, + "source": 113, + "target": 69, + "type": "consumes" + }, + { + "source": 69, "target": 113, "type": "produces" }, @@ -1226,16 +1206,11 @@ }, { "source": 114, - "target": 70, + "target": 69, "type": "consumes" }, { - "source": 4, - "target": 114, - "type": "produces" - }, - { - "source": 70, + "source": 69, "target": 114, "type": "produces" }, @@ -1246,31 +1221,21 @@ }, { "source": 115, - "target": 70, + "target": 69, "type": "consumes" }, { - "source": 4, - "target": 115, - "type": "produces" - }, - { - "source": 70, + "source": 69, "target": 115, "type": "produces" }, { "source": 116, - "target": 2, - "type": "consumes" - }, - { - "source": 116, - "target": 70, + "target": 7, "type": "consumes" }, { - "source": 70, + "source": 7, "target": 116, "type": "produces" }, @@ -1280,93 +1245,93 @@ "type": "consumes" }, { - "source": 7, + "source": 43, "target": 117, "type": "produces" }, { "source": 118, - "target": 7, - "type": "consumes" - }, - { - "source": 44, - "target": 118, - "type": "produces" - }, - { - "source": 119, "target": 16, "type": "consumes" }, { - "source": 119, + "source": 118, "target": 3, "type": "consumes" }, { - "source": 119, - "target": 20, + "source": 118, + "target": 19, "type": "consumes" }, { - "source": 120, + "source": 119, "target": 7, "type": "consumes" }, { - "source": 120, + "source": 119, "target": 12, "type": "consumes" }, { - "source": 120, - "target": 121, + "source": 119, + "target": 120, "type": "consumes" }, { "source": 16, - "target": 120, + "target": 119, "type": "produces" }, { - "source": 122, + "source": 121, + "target": 62, + "type": "consumes" + }, + { + "source": 121, "target": 63, "type": "consumes" }, + { + "source": 41, + "target": 121, + "type": "produces" + }, { "source": 122, - "target": 64, + "target": 41, "type": "consumes" }, { - "source": 42, + "source": 10, "target": 122, "type": "produces" }, { "source": 123, - "target": 42, + "target": 7, "type": "consumes" }, { - "source": 10, + "source": 7, "target": 123, "type": "produces" }, { "source": 124, - "target": 7, + "target": 69, "type": "consumes" }, { - "source": 7, + "source": 4, "target": 124, "type": "produces" }, { "source": 125, - "target": 70, + "target": 19, "type": "consumes" }, { @@ -1376,21 +1341,21 @@ }, { "source": 126, - "target": 20, + "target": 3, "type": "consumes" }, { - "source": 4, + "source": 19, "target": 126, "type": "produces" }, { "source": 127, - "target": 3, + "target": 7, "type": "consumes" }, { - "source": 20, + "source": 7, "target": 127, "type": "produces" }, @@ -1400,458 +1365,423 @@ "type": "consumes" }, { - "source": 7, + "source": 43, "target": 128, "type": "produces" }, { - "source": 129, - "target": 7, - "type": "consumes" - }, - { - "source": 44, - "target": 129, - "type": "produces" - }, - { - "source": 20, - "target": 129, + "source": 19, + "target": 128, "type": "produces" }, { - "source": 130, + "source": 129, "target": 7, "type": "consumes" }, { "source": 7, - "target": 130, + "target": 129, "type": "produces" }, { - "source": 131, + "source": 130, "target": 7, "type": "consumes" }, { - "source": 131, + "source": 130, "target": 12, "type": "consumes" }, { "source": 7, - "target": 131, + "target": 130, "type": "produces" }, { "source": 4, - "target": 131, + "target": 130, "type": "produces" }, { "source": 16, - "target": 131, - "type": "produces" - }, - { - "source": 17, - "target": 131, + "target": 130, "type": "produces" }, { "source": 5, - "target": 131, + "target": 130, "type": "produces" }, { - "source": 132, + "source": 131, "target": 7, "type": "consumes" }, { "source": 7, - "target": 132, + "target": 131, "type": "produces" }, { - "source": 133, + "source": 132, "target": 7, "type": "consumes" }, { - "source": 44, - "target": 133, + "source": 43, + "target": 132, "type": "produces" }, { - "source": 134, + "source": 133, "target": 3, "type": "consumes" }, { "source": 4, - "target": 134, + "target": 133, "type": "produces" }, { - "source": 135, - "target": 20, + "source": 134, + "target": 19, "type": "consumes" }, { - "source": 64, - "target": 135, + "source": 63, + "target": 134, "type": "produces" }, { - "source": 136, - "target": 137, + "source": 135, + "target": 136, "type": "consumes" }, { - "source": 136, + "source": 135, "target": 7, "type": "consumes" }, { - "source": 136, - "target": 23, + "source": 135, + "target": 22, "type": "consumes" }, { - "source": 136, + "source": 135, "target": 2, "type": "consumes" }, { - "source": 136, + "source": 135, "target": 12, "type": "consumes" }, { - "source": 136, - "target": 121, + "source": 135, + "target": 120, "type": "consumes" }, { - "source": 136, - "target": 64, + "source": 135, + "target": 63, "type": "consumes" }, { - "source": 136, - "target": 25, + "source": 135, + "target": 24, "type": "consumes" }, { - "source": 136, + "source": 135, "target": 3, "type": "consumes" }, { - "source": 136, - "target": 20, + "source": 135, + "target": 19, "type": "consumes" }, { - "source": 136, - "target": 47, + "source": 135, + "target": 46, "type": "consumes" }, { "source": 7, - "target": 136, + "target": 135, "type": "produces" }, { "source": 4, - "target": 136, + "target": 135, "type": "produces" }, { "source": 12, - "target": 136, + "target": 135, "type": "produces" }, { "source": 16, - "target": 136, + "target": 135, "type": "produces" }, { - "source": 63, - "target": 136, + "source": 62, + "target": 135, "type": "produces" }, { - "source": 138, + "source": 137, "target": 16, "type": "consumes" }, { "source": 7, - "target": 138, + "target": 137, "type": "produces" }, { - "source": 44, - "target": 138, + "source": 43, + "target": 137, "type": "produces" }, { - "source": 139, + "source": 138, "target": 7, "type": "consumes" }, { "source": 7, - "target": 139, + "target": 138, "type": "produces" }, { - "source": 140, + "source": 139, "target": 7, "type": "consumes" }, { "source": 7, - "target": 140, + "target": 139, "type": "produces" }, { - "source": 141, + "source": 140, "target": 7, "type": "consumes" }, { - "source": 141, - "target": 23, + "source": 140, + "target": 22, "type": "consumes" }, { - "source": 142, + "source": 141, "target": 2, "type": "consumes" }, { - "source": 142, + "source": 141, "target": 3, "type": "consumes" }, { "source": 4, - "target": 142, - "type": "produces" - }, - { - "source": 5, - "target": 142, + "target": 141, "type": "produces" }, { - "source": 143, + "source": 142, "target": 7, "type": "consumes" }, { "source": 7, - "target": 143, + "target": 142, "type": "produces" }, { - "source": 144, - "target": 42, + "source": 143, + "target": 41, "type": "consumes" }, { - "source": 144, + "source": 143, "target": 10, "type": "consumes" }, { - "source": 144, + "source": 143, "target": 2, "type": "consumes" }, { - "source": 144, - "target": 69, + "source": 143, + "target": 68, "type": "consumes" }, { "source": 4, - "target": 144, - "type": "produces" - }, - { - "source": 5, - "target": 144, + "target": 143, "type": "produces" }, { - "source": 145, + "source": 144, "target": 10, "type": "consumes" }, { "source": 10, - "target": 145, + "target": 144, "type": "produces" }, { - "source": 146, + "source": 145, "target": 3, "type": "consumes" }, { "source": 4, - "target": 146, + "target": 145, "type": "produces" }, { - "source": 147, + "source": 146, "target": 7, "type": "consumes" }, { "source": 7, - "target": 147, + "target": 146, "type": "produces" }, { - "source": 20, - "target": 147, + "source": 19, + "target": 146, "type": "produces" }, { - "source": 148, + "source": 147, "target": 3, "type": "consumes" }, { "source": 7, - "target": 148, + "target": 147, "type": "produces" }, { - "source": 149, - "target": 148, + "source": 148, + "target": 147, "type": "produces" }, { - "source": 150, + "source": 149, "target": 7, "type": "consumes" }, { "source": 7, - "target": 150, + "target": 149, "type": "produces" }, { - "source": 151, + "source": 150, "target": 7, "type": "consumes" }, { "source": 7, - "target": 151, + "target": 150, "type": "produces" }, { - "source": 152, + "source": 151, "target": 3, "type": "consumes" }, { - "source": 18, - "target": 152, + "source": 17, + "target": 151, "type": "produces" }, { - "source": 153, + "source": 152, "target": 2, "type": "consumes" }, { - "source": 17, - "target": 153, + "source": 5, + "target": 152, "type": "produces" }, { - "source": 154, + "source": 153, "target": 7, "type": "consumes" }, { "source": 7, - "target": 154, + "target": 153, "type": "produces" }, { - "source": 20, - "target": 154, + "source": 19, + "target": 153, "type": "produces" }, { - "source": 155, - "target": 70, + "source": 154, + "target": 69, "type": "consumes" }, { - "source": 156, + "source": 155, "target": 4, "type": "consumes" }, { - "source": 156, - "target": 17, + "source": 155, + "target": 5, "type": "consumes" }, { - "source": 156, + "source": 155, "target": 3, "type": "consumes" }, { - "source": 156, - "target": 149, + "source": 155, + "target": 148, "type": "consumes" }, { "source": 156, - "target": 5, - "type": "consumes" - }, - { - "source": 157, "target": 2, "type": "consumes" }, { - "source": 157, - "target": 17, + "source": 156, + "target": 5, "type": "consumes" }, { "source": 4, - "target": 157, + "target": 156, "type": "produces" }, { - "source": 17, - "target": 157, - "type": "produces" - }, - { - "source": 20, - "target": 157, + "source": 5, + "target": 156, "type": "produces" }, { - "source": 5, - "target": 157, + "source": 19, + "target": 156, "type": "produces" } ] \ No newline at end of file diff --git a/docs/modules/list_of_modules.md b/docs/modules/list_of_modules.md index 62148618b4..14632b1132 100644 --- a/docs/modules/list_of_modules.md +++ b/docs/modules/list_of_modules.md @@ -1,151 +1,157 @@ # List of Modules -| Module | Type | Needs API Key | Description | Flags | Consumed Events | Produced Events | Author | Created Date | -|-----------------------|----------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------|------------------|----------------| -| ajaxpro | scan | No | Check for potentially vulnerable Ajaxpro instances | active, safe, web-thorough | HTTP_RESPONSE, URL | FINDING, VULNERABILITY | @liquidsec | 2024-01-18 | -| aspnet_bin_exposure | scan | No | Check for ASP.NET Security Feature Bypasses (CVE-2023-36899 and CVE-2023-36560) | active, safe, web-thorough | URL | VULNERABILITY | @liquidsec | 2025-01-28 | -| baddns | scan | No | Check hosts for domain/subdomain takeovers | active, baddns, cloud-enum, safe, subdomain-hijack, web-basic | DNS_NAME, DNS_NAME_UNRESOLVED | FINDING, VULNERABILITY | @liquidsec | 2024-01-18 | -| baddns_direct | scan | No | Check for unusual subdomain / service takeover edge cases that require direct detection | active, baddns, cloud-enum, safe, subdomain-enum | STORAGE_BUCKET, URL | FINDING, VULNERABILITY | @liquidsec | 2024-01-29 | -| baddns_zone | scan | No | Check hosts for DNS zone transfers and NSEC walks | active, baddns, cloud-enum, safe, subdomain-enum | DNS_NAME | FINDING, VULNERABILITY | @liquidsec | 2024-01-29 | -| badsecrets | scan | No | Library for detecting known or weak secrets across many web frameworks | active, safe, web-basic | HTTP_RESPONSE | FINDING, TECHNOLOGY, VULNERABILITY | @liquidsec | 2022-11-19 | -| bucket_amazon | scan | No | Check for S3 buckets related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | -| bucket_azure | scan | No | Check for Azure storage blobs related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | -| bucket_digitalocean | scan | No | Check for DigitalOcean spaces related to target | active, cloud-enum, safe, slow, web-thorough | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-08 | -| bucket_firebase | scan | No | Check for open Firebase databases related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2023-03-20 | -| bucket_google | scan | No | Check for Google object storage related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | -| bypass403 | scan | No | Check 403 pages for common bypasses | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-07-05 | -| dnsbrute | scan | No | Brute-force subdomains with massdns + static wordlist | active, aggressive, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-04-24 | -| dnsbrute_mutations | scan | No | Brute-force subdomains with massdns + target-specific mutations | active, aggressive, slow, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-04-25 | -| dnscommonsrv | scan | No | Check for common SRV records | active, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-15 | -| dotnetnuke | scan | No | Scan for critical DotNetNuke (DNN) vulnerabilities | active, aggressive, web-thorough | HTTP_RESPONSE | TECHNOLOGY, VULNERABILITY | @liquidsec | 2023-11-21 | -| ffuf | scan | No | A fast web fuzzer written in Go | active, aggressive, deadly | URL | URL_UNVERIFIED | @liquidsec | 2022-04-10 | -| ffuf_shortnames | scan | No | Use ffuf in combination IIS shortnames | active, aggressive, iis-shortnames, web-thorough | URL_HINT | URL_UNVERIFIED | @liquidsec | 2022-07-05 | -| filedownload | scan | No | Download common filetypes such as PDF, DOCX, PPTX, etc. | active, download, safe, web-basic | HTTP_RESPONSE, URL_UNVERIFIED | FILESYSTEM | @TheTechromancer | 2023-10-11 | -| fingerprintx | scan | No | Fingerprint exposed services like RDP, SSH, MySQL, etc. | active, safe, service-enum, slow | OPEN_TCP_PORT | PROTOCOL | @TheTechromancer | 2023-01-30 | -| generic_ssrf | scan | No | Check for generic SSRFs | active, aggressive, web-thorough | URL | VULNERABILITY | @liquidsec | 2022-07-30 | -| git | scan | No | Check for exposed .git repositories | active, code-enum, safe, web-basic | URL | CODE_REPOSITORY, FINDING | @TheTechromancer | 2023-05-30 | -| gitlab_com | scan | No | Enumerate GitLab SaaS (gitlab.com/org) for projects and groups | active, code-enum, safe | SOCIAL | CODE_REPOSITORY | @TheTechromancer | 2024-03-11 | -| gitlab_onprem | scan | No | Detect self-hosted GitLab instances and query them for repositories | active, code-enum, safe | HTTP_RESPONSE, SOCIAL, TECHNOLOGY | CODE_REPOSITORY, FINDING, SOCIAL, TECHNOLOGY | @TheTechromancer | 2024-03-11 | -| gowitness | scan | No | Take screenshots of webpages | active, safe, web-screenshots | SOCIAL, URL | TECHNOLOGY, URL, URL_UNVERIFIED, WEBSCREENSHOT | @TheTechromancer | 2022-07-08 | -| graphql_introspection | scan | No | Perform GraphQL introspection on a target | active, safe, web-basic | URL | FINDING | @mukesh-dream11 | 2025-07-01 | -| host_header | scan | No | Try common HTTP Host header spoofing techniques | active, aggressive, web-thorough | HTTP_RESPONSE | FINDING | @liquidsec | 2022-07-27 | -| httpx | scan | No | Visit webpages. Many other modules rely on httpx | active, cloud-enum, safe, social-enum, subdomain-enum, web-basic | OPEN_TCP_PORT, URL, URL_UNVERIFIED | HTTP_RESPONSE, URL | @TheTechromancer | 2022-07-08 | -| hunt | scan | No | Watch for commonly-exploitable HTTP parameters | active, safe, web-thorough | WEB_PARAMETER | FINDING | @liquidsec | 2022-07-20 | -| iis_shortnames | scan | No | Check for IIS shortname vulnerability | active, iis-shortnames, safe, web-basic | URL | URL_HINT | @liquidsec | 2022-04-15 | -| lightfuzz | scan | No | Find Web Parameters and Lightly Fuzz them using a heuristic based scanner | active, aggressive, deadly, web-thorough | URL, WEB_PARAMETER | FINDING, VULNERABILITY | @liquidsec | 2024-06-28 | -| medusa | scan | No | Medusa SNMP bruteforcing with v1, v2c and R/W check. | active, aggressive, deadly | PROTOCOL | VULNERABILITY | @christianfl | 2025-05-16 | -| newsletters | scan | No | Searches for Newsletter Submission Entry Fields on Websites | active, safe | HTTP_RESPONSE | FINDING | @stryker2k2 | 2024-02-02 | -| ntlm | scan | No | Watch for HTTP endpoints that support NTLM authentication | active, safe, web-basic | HTTP_RESPONSE, URL | DNS_NAME, FINDING | @liquidsec | 2022-07-25 | -| nuclei | scan | No | Fast and customisable vulnerability scanner | active, aggressive, deadly | URL | FINDING, TECHNOLOGY, VULNERABILITY | @TheTechromancer | 2022-03-12 | -| oauth | scan | No | Enumerate OAUTH and OpenID Connect services | active, affiliates, cloud-enum, safe, subdomain-enum, web-basic | DNS_NAME, URL_UNVERIFIED | DNS_NAME | @TheTechromancer | 2023-07-12 | -| paramminer_cookies | scan | No | Smart brute-force to check for common HTTP cookie parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | FINDING, WEB_PARAMETER | @liquidsec | 2022-06-27 | -| paramminer_getparams | scan | No | Use smart brute-force to check for common HTTP GET parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | FINDING, WEB_PARAMETER | @liquidsec | 2022-06-28 | -| paramminer_headers | scan | No | Use smart brute-force to check for common HTTP header parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | WEB_PARAMETER | @liquidsec | 2022-04-15 | -| portscan | scan | No | Port scan with masscan. By default, scans top 100 ports. | active, portscan, safe | DNS_NAME, IP_ADDRESS, IP_RANGE | OPEN_TCP_PORT | @TheTechromancer | 2024-05-15 | -| reflected_parameters | scan | No | Highlight parameters that reflect their contents in response body | active, safe, web-thorough | WEB_PARAMETER | FINDING | @liquidsec | 2024-10-29 | -| retirejs | scan | No | Detect vulnerable/out-of-date JavaScript libraries | active, safe, web-thorough | URL_UNVERIFIED | FINDING | @liquidsec | 2025-08-19 | -| robots | scan | No | Look for and parse robots.txt | active, safe, web-basic | URL | URL_UNVERIFIED | @liquidsec | 2023-02-01 | -| securitytxt | scan | No | Check for security.txt content | active, cloud-enum, safe, subdomain-enum, web-basic | DNS_NAME | EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | -| smuggler | scan | No | Check for HTTP smuggling | active, aggressive, slow, web-thorough | URL | FINDING | @liquidsec | 2022-07-06 | -| sslcert | scan | No | Visit open ports and retrieve SSL certificates | active, affiliates, email-enum, safe, subdomain-enum, web-basic | OPEN_TCP_PORT | DNS_NAME, EMAIL_ADDRESS | @TheTechromancer | 2022-03-30 | -| telerik | scan | No | Scan for critical Telerik vulnerabilities | active, aggressive, web-thorough | HTTP_RESPONSE, URL | FINDING, VULNERABILITY | @liquidsec | 2022-04-10 | -| url_manipulation | scan | No | Attempt to identify URL parsing/routing based vulnerabilities | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-09-27 | -| vhost | scan | No | Fuzz for virtual hosts | active, aggressive, deadly, slow | URL | DNS_NAME, VHOST | @liquidsec | 2022-05-02 | -| wafw00f | scan | No | Web Application Firewall Fingerprinting Tool | active, aggressive | URL | WAF | @liquidsec | 2023-02-15 | -| wappalyzer | scan | No | Extract technologies from web responses | active, safe, web-basic | HTTP_RESPONSE | TECHNOLOGY | @liquidsec | 2022-04-15 | -| wpscan | scan | No | Wordpress security scanner. Highly recommended to use an API key for better results. | active, aggressive | HTTP_RESPONSE, TECHNOLOGY | FINDING, TECHNOLOGY, URL_UNVERIFIED, VULNERABILITY | @domwhewell-sage | 2024-05-29 | -| affiliates | scan | No | Summarize affiliate domains at the end of a scan | affiliates, passive, safe | * | | @TheTechromancer | 2022-07-25 | -| anubisdb | scan | No | Query jldc.me's database for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-10-04 | -| apkpure | scan | No | Download android applications from apkpure.com | code-enum, download, passive, safe | MOBILE_APP | FILESYSTEM | @domwhewell-sage | 2024-10-11 | -| asn | scan | No | Query ripe and bgpview.io for ASNs | passive, safe, subdomain-enum | IP_ADDRESS | ASN | @TheTechromancer | 2022-07-25 | -| azure_realm | scan | No | Retrieves the "AuthURL" from login.microsoftonline.com/getuserrealm | affiliates, cloud-enum, passive, safe, subdomain-enum, web-basic | DNS_NAME | URL_UNVERIFIED | @TheTechromancer | 2023-07-12 | -| azure_tenant | scan | No | Query Azure for tenant sister domains | affiliates, cloud-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-07-04 | -| bevigil | scan | Yes | Retrieve OSINT data from mobile applications using BeVigil | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @alt-glitch | 2022-10-26 | -| bucket_file_enum | scan | No | Works in conjunction with the filedownload module to download files from open storage buckets. Currently supported cloud providers: AWS, DigitalOcean | cloud-enum, passive, safe | STORAGE_BUCKET | URL_UNVERIFIED | @TheTechromancer | 2023-11-14 | -| bufferoverrun | scan | Yes | Query BufferOverrun's TLS API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-10-23 | -| builtwith | scan | Yes | Query Builtwith.com for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-23 | -| c99 | scan | Yes | Query the C99 API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-08 | -| certspotter | scan | No | Query Certspotter's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-28 | -| chaos | scan | Yes | Query ProjectDiscovery's Chaos API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-14 | -| code_repository | scan | No | Look for code repository links in webpages | code-enum, passive, safe | URL_UNVERIFIED | CODE_REPOSITORY | @domwhewell-sage | 2024-05-15 | -| credshed | scan | Yes | Send queries to your own credshed server to check for known credentials of your targets | passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | -| crt | scan | No | Query crt.sh (certificate transparency) for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-13 | -| crt_db | scan | No | Query crt.sh (certificate transparency) for subdomains via PostgreSQL | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2025-03-27 | -| dehashed | scan | Yes | Execute queries against dehashed.com for exposed credentials | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | -| digitorus | scan | No | Query certificatedetails.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-25 | -| dnsbimi | scan | No | Check DNS_NAME's for BIMI records to find image and certificate hosting URL's | cloud-enum, passive, safe, subdomain-enum | DNS_NAME | RAW_DNS_RECORD, URL_UNVERIFIED | @colin-stubbs | 2024-11-15 | -| dnscaa | scan | No | Check for CAA records | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | -| dnsdumpster | scan | No | Query dnsdumpster for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-03-12 | -| dnstlsrpt | scan | No | Check for TLS-RPT records | cloud-enum, email-enum, passive, safe, subdomain-enum | DNS_NAME | EMAIL_ADDRESS, RAW_DNS_RECORD, URL_UNVERIFIED | @colin-stubbs | 2024-07-26 | -| docker_pull | scan | No | Download images from a docker repository | code-enum, download, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-24 | -| dockerhub | scan | No | Search for docker repositories of discovered orgs/usernames | code-enum, passive, safe | ORG_STUB, SOCIAL | CODE_REPOSITORY, SOCIAL, URL_UNVERIFIED | @domwhewell-sage | 2024-03-12 | -| emailformat | scan | No | Query email-format.com for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-07-11 | -| extractous | scan | No | Module to extract data from files | passive, safe | FILESYSTEM | RAW_TEXT | @domwhewell-sage | 2024-06-03 | -| fullhunt | scan | Yes | Query the fullhunt.io API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | -| git_clone | scan | No | Clone code github repositories | code-enum, download, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-08 | -| gitdumper | scan | No | Download a leaked .git folder recursively or by fuzzing common names | code-enum, download, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2025-02-11 | -| github_codesearch | scan | Yes | Query Github's API for code containing the target domain name | code-enum, passive, safe, subdomain-enum | DNS_NAME | CODE_REPOSITORY, URL_UNVERIFIED | @domwhewell-sage | 2023-12-14 | -| github_org | scan | No | Query Github's API for organization and member repositories | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2023-12-14 | -| github_usersearch | scan | Yes | Query Github's API for users with emails matching in scope domains that may not be discoverable by listing members of the organization. | code-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS, SOCIAL | @domwhewell-sage | 2025-05-10 | -| github_workflows | scan | Yes | Download a github repositories workflow logs and workflow artifacts | code-enum, download, passive, safe | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-04-29 | -| google_playstore | scan | No | Search for android applications on play.google.com | code-enum, passive, safe | CODE_REPOSITORY, ORG_STUB | MOBILE_APP | @domwhewell-sage | 2024-10-08 | -| hackertarget | scan | No | Query the hackertarget.com API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-28 | -| hunterio | scan | Yes | Query hunter.io for emails | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @TheTechromancer | 2022-04-25 | -| ip2location | scan | Yes | Query IP2location.io's API for geolocation information. | passive, safe | IP_ADDRESS | GEOLOCATION | @TheTechromancer | 2023-09-12 | -| ipneighbor | scan | No | Look beside IPs in their surrounding subnet | aggressive, passive, subdomain-enum | IP_ADDRESS | IP_ADDRESS | @TheTechromancer | 2022-06-08 | -| ipstack | scan | Yes | Query IPStack's GeoIP API | passive, safe | IP_ADDRESS | GEOLOCATION | @tycoonslive | 2022-11-26 | -| jadx | scan | No | Decompile APKs and XAPKs using JADX | code-enum, passive, safe | FILESYSTEM | FILESYSTEM | @domwhewell-sage | 2024-11-04 | -| leakix | scan | No | Query leakix.net for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-11 | -| myssl | scan | No | Query myssl.com's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-10 | -| otx | scan | No | Query otx.alienvault.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | -| passivetotal | scan | Yes | Query the PassiveTotal API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-08 | -| pgp | scan | No | Query common PGP servers for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-08-10 | -| portfilter | scan | No | Filter out unwanted open ports from cloud/CDN targets | passive, safe | OPEN_TCP_PORT, URL, URL_UNVERIFIED | | @TheTechromancer | 2025-01-06 | -| postman | scan | No | Query Postman's API for related workspaces, collections, requests and download them | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2024-09-07 | -| postman_download | scan | No | Download workspaces, collections, requests from Postman | code-enum, download, passive, safe, subdomain-enum | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-09-07 | -| rapiddns | scan | No | Query rapiddns.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | -| securitytrails | scan | Yes | Query the SecurityTrails API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-03 | -| shodan_dns | scan | Yes | Query Shodan for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-03 | -| shodan_idb | scan | No | Query Shodan's InternetDB for open ports, hostnames, technologies, and vulnerabilities | passive, portscan, safe, subdomain-enum | DNS_NAME, IP_ADDRESS | DNS_NAME, FINDING, OPEN_TCP_PORT, TECHNOLOGY, VULNERABILITY | @TheTechromancer | 2023-12-22 | -| sitedossier | scan | No | Query sitedossier.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-08-04 | -| skymem | scan | No | Query skymem.info for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-07-11 | -| social | scan | No | Look for social media links in webpages | passive, safe, social-enum | URL_UNVERIFIED | SOCIAL | @TheTechromancer | 2023-03-28 | -| subdomaincenter | scan | No | Query subdomain.center's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-26 | -| subdomainradar | scan | Yes | Query the Subdomain API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-08 | -| trickest | scan | Yes | Query Trickest's API for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @amiremami | 2024-07-27 | -| trufflehog | scan | No | TruffleHog is a tool for finding credentials | code-enum, passive, safe | CODE_REPOSITORY, FILESYSTEM, HTTP_RESPONSE, RAW_TEXT | FINDING, VULNERABILITY | @domwhewell-sage | 2024-03-12 | -| urlscan | scan | No | Query urlscan.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @TheTechromancer | 2022-06-09 | -| viewdns | scan | No | Query viewdns.info's reverse whois for related domains | affiliates, passive, safe | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-04 | -| virustotal | scan | Yes | Query VirusTotal's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-25 | -| wayback | scan | No | Query archive.org's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @liquidsec | 2022-04-01 | -| asset_inventory | output | No | Merge hosts, open ports, technologies, findings, etc. into a single asset inventory CSV | | DNS_NAME, FINDING, HTTP_RESPONSE, IP_ADDRESS, OPEN_TCP_PORT, TECHNOLOGY, URL, VULNERABILITY, WAF | IP_ADDRESS, OPEN_TCP_PORT | @liquidsec | 2022-09-30 | -| csv | output | No | Output to CSV | | * | | @TheTechromancer | 2022-04-07 | -| discord | output | No | Message a Discord channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | -| emails | output | No | Output any email addresses found belonging to the target domain | email-enum | EMAIL_ADDRESS | | @domwhewell-sage | 2023-12-23 | -| http | output | No | Send every event to a custom URL via a web request | | * | | @TheTechromancer | 2022-04-13 | -| json | output | No | Output to Newline-Delimited JSON (NDJSON) | | * | | @TheTechromancer | 2022-04-07 | -| mysql | output | No | Output scan data to a MySQL database | | * | | @TheTechromancer | 2024-11-13 | -| neo4j | output | No | Output to Neo4j | | * | | @TheTechromancer | 2022-04-07 | -| nmap_xml | output | No | Output to Nmap XML | | DNS_NAME, HTTP_RESPONSE, IP_ADDRESS, OPEN_TCP_PORT, PROTOCOL | | @TheTechromancer | 2024-11-16 | -| postgres | output | No | Output scan data to a SQLite database | | * | | @TheTechromancer | 2024-11-08 | -| python | output | No | Output via Python API | | * | | @TheTechromancer | 2022-09-13 | -| slack | output | No | Message a Slack channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | -| splunk | output | No | Send every event to a splunk instance through HTTP Event Collector | | * | | @w0Tx | 2024-02-17 | -| sqlite | output | No | Output scan data to a SQLite database | | * | | @TheTechromancer | 2024-11-07 | -| stdout | output | No | Output to text | | * | | @TheTechromancer | 2024-04-03 | -| subdomains | output | No | Output only resolved, in-scope subdomains | subdomain-enum | DNS_NAME, DNS_NAME_UNRESOLVED | | @TheTechromancer | 2023-07-31 | -| teams | output | No | Message a Teams channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | -| txt | output | No | Output to text | | * | | @TheTechromancer | 2024-04-03 | -| web_parameters | output | No | Output WEB_PARAMETER names to a file | | WEB_PARAMETER | | @liquidsec | 2025-01-25 | -| web_report | output | No | Create a markdown report with web assets | | FINDING, TECHNOLOGY, URL, VHOST, VULNERABILITY | | @liquidsec | 2023-02-08 | -| websocket | output | No | Output to websockets | | * | | @TheTechromancer | 2022-04-15 | -| cloudcheck | internal | No | Tag events by cloud provider, identify cloud resources like storage buckets | | * | | @TheTechromancer | 2024-07-07 | -| dnsresolve | internal | No | Perform DNS resolution | | * | DNS_NAME, IP_ADDRESS, RAW_DNS_RECORD | @TheTechromancer | 2022-04-08 | -| aggregate | internal | No | Summarize statistics at the end of a scan | passive, safe | | | @TheTechromancer | 2022-07-25 | -| excavate | internal | No | Passively extract juicy tidbits from scan data | passive | HTTP_RESPONSE, RAW_TEXT | URL_UNVERIFIED, WEB_PARAMETER | @liquidsec | 2022-06-27 | -| speculate | internal | No | Derive certain event types from others by common sense | passive | AZURE_TENANT, DNS_NAME, DNS_NAME_UNRESOLVED, HTTP_RESPONSE, IP_ADDRESS, IP_RANGE, SOCIAL, STORAGE_BUCKET, URL, URL_UNVERIFIED, USERNAME | DNS_NAME, FINDING, IP_ADDRESS, OPEN_TCP_PORT, ORG_STUB | @liquidsec | 2022-05-03 | -| unarchive | internal | No | Extract different types of files into folders on the filesystem | passive, safe | FILESYSTEM | FILESYSTEM | @domwhewell-sage | 2024-12-08 | +| Module | Type | Needs API Key | Description | Flags | Consumed Events | Produced Events | Author | Created Date | +|-----------------------|----------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------|------------------|----------------| +| ajaxpro | scan | No | Check for potentially vulnerable Ajaxpro instances | active, safe, web-thorough | HTTP_RESPONSE, URL | FINDING, TECHNOLOGY | @liquidsec | 2024-01-18 | +| aspnet_bin_exposure | scan | No | Check for ASP.NET Security Feature Bypasses (CVE-2023-36899 and CVE-2023-36560) | active, safe, web-thorough | URL | FINDING | @liquidsec | 2025-01-28 | +| baddns | scan | No | Check hosts for domain/subdomain takeovers | active, baddns, cloud-enum, safe, subdomain-hijack, web-basic | DNS_NAME, DNS_NAME_UNRESOLVED | FINDING | @liquidsec | 2024-01-18 | +| baddns_direct | scan | No | Check for unusual subdomain / service takeover edge cases that require direct detection | active, baddns, cloud-enum, safe, subdomain-enum | STORAGE_BUCKET, URL | FINDING | @liquidsec | 2024-01-29 | +| baddns_zone | scan | No | Check hosts for DNS zone transfers and NSEC walks | active, baddns, cloud-enum, safe, subdomain-enum | DNS_NAME | FINDING | @liquidsec | 2024-01-29 | +| badsecrets | scan | No | Library for detecting known or weak secrets across many web frameworks | active, safe, web-basic | HTTP_RESPONSE | FINDING, TECHNOLOGY | @liquidsec | 2022-11-19 | +| bucket_amazon | scan | No | Check for S3 buckets related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | +| bucket_azure | scan | No | Check for Azure storage blobs related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | +| bucket_digitalocean | scan | No | Check for DigitalOcean spaces related to target | active, cloud-enum, safe, slow, web-thorough | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-08 | +| bucket_firebase | scan | No | Check for open Firebase databases related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2023-03-20 | +| bucket_google | scan | No | Check for Google object storage related to target | active, cloud-enum, safe, web-basic | DNS_NAME, STORAGE_BUCKET | FINDING, STORAGE_BUCKET | @TheTechromancer | 2022-11-04 | +| bypass403 | scan | No | Check 403 pages for common bypasses | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-07-05 | +| dnsbrute | scan | No | Brute-force subdomains with massdns + static wordlist | active, aggressive, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-04-24 | +| dnsbrute_mutations | scan | No | Brute-force subdomains with massdns + target-specific mutations | active, aggressive, slow, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-04-25 | +| dnscommonsrv | scan | No | Check for common SRV records | active, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-15 | +| dotnetnuke | scan | No | Scan for critical DotNetNuke (DNN) vulnerabilities | active, aggressive, web-thorough | HTTP_RESPONSE | FINDING, TECHNOLOGY | @liquidsec | 2023-11-21 | +| ffuf | scan | No | A fast web fuzzer written in Go | active, aggressive, deadly | URL | URL_UNVERIFIED | @liquidsec | 2022-04-10 | +| ffuf_shortnames | scan | No | Use ffuf in combination IIS shortnames | active, aggressive, iis-shortnames, web-thorough | URL_HINT | URL_UNVERIFIED | @liquidsec | 2022-07-05 | +| filedownload | scan | No | Download common filetypes such as PDF, DOCX, PPTX, etc. | active, download, safe, web-basic | HTTP_RESPONSE, URL_UNVERIFIED | FILESYSTEM | @TheTechromancer | 2023-10-11 | +| fingerprintx | scan | No | Fingerprint exposed services like RDP, SSH, MySQL, etc. | active, safe, service-enum, slow | OPEN_TCP_PORT | PROTOCOL | @TheTechromancer | 2023-01-30 | +| generic_ssrf | scan | No | Check for generic SSRFs | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-07-30 | +| git | scan | No | Check for exposed .git repositories | active, code-enum, safe, web-basic | URL | CODE_REPOSITORY, FINDING | @TheTechromancer | 2023-05-30 | +| gitlab_com | scan | No | Enumerate GitLab SaaS (gitlab.com/org) for projects and groups | active, code-enum, safe | SOCIAL | CODE_REPOSITORY | @TheTechromancer | 2024-03-11 | +| gitlab_onprem | scan | No | Detect self-hosted GitLab instances and query them for repositories | active, code-enum, safe | HTTP_RESPONSE, SOCIAL, TECHNOLOGY | CODE_REPOSITORY, FINDING, SOCIAL, TECHNOLOGY | @TheTechromancer | 2024-03-11 | +| gowitness | scan | No | Take screenshots of webpages | active, safe, web-screenshots | SOCIAL, URL | TECHNOLOGY, URL, URL_UNVERIFIED, WEBSCREENSHOT | @TheTechromancer | 2022-07-08 | +| graphql_introspection | scan | No | Perform GraphQL introspection on a target | active, safe, web-basic | URL | FINDING | @mukesh-dream11 | 2025-07-01 | +| host_header | scan | No | Try common HTTP Host header spoofing techniques | active, aggressive, web-thorough | HTTP_RESPONSE | FINDING | @liquidsec | 2022-07-27 | +| httpx | scan | No | Visit webpages. Many other modules rely on httpx | active, cloud-enum, safe, social-enum, subdomain-enum, web-basic | OPEN_TCP_PORT, URL, URL_UNVERIFIED | HTTP_RESPONSE, URL | @TheTechromancer | 2022-07-08 | +| hunt | scan | No | Watch for commonly-exploitable HTTP parameters | active, safe, web-thorough | WEB_PARAMETER | FINDING | @liquidsec | 2022-07-20 | +| iis_shortnames | scan | No | Check for IIS shortname vulnerability | active, iis-shortnames, safe, web-basic | URL | URL_HINT | @liquidsec | 2022-04-15 | +| lightfuzz | scan | No | Find Web Parameters and Lightly Fuzz them using a heuristic based scanner | active, aggressive, deadly, web-thorough | URL, WEB_PARAMETER | FINDING | @liquidsec | 2024-06-28 | +| medusa | scan | No | Medusa SNMP bruteforcing with v1, v2c and R/W check. | active, aggressive, deadly | PROTOCOL | FINDING | @christianfl | 2025-05-16 | +| newsletters | scan | No | Searches for Newsletter Submission Entry Fields on Websites | active, safe | HTTP_RESPONSE | FINDING | @stryker2k2 | 2024-02-02 | +| ntlm | scan | No | Watch for HTTP endpoints that support NTLM authentication | active, safe, web-basic | HTTP_RESPONSE, URL | DNS_NAME, FINDING | @liquidsec | 2022-07-25 | +| nuclei | scan | No | Fast and customisable vulnerability scanner | active, aggressive, deadly | URL | FINDING, TECHNOLOGY | @TheTechromancer | 2022-03-12 | +| oauth | scan | No | Enumerate OAUTH and OpenID Connect services | active, affiliates, cloud-enum, safe, subdomain-enum, web-basic | DNS_NAME, URL_UNVERIFIED | DNS_NAME | @TheTechromancer | 2023-07-12 | +| paramminer_cookies | scan | No | Smart brute-force to check for common HTTP cookie parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | WEB_PARAMETER | @liquidsec | 2022-06-27 | +| paramminer_getparams | scan | No | Use smart brute-force to check for common HTTP GET parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | WEB_PARAMETER | @liquidsec | 2022-06-28 | +| paramminer_headers | scan | No | Use smart brute-force to check for common HTTP header parameters | active, aggressive, slow, web-paramminer | HTTP_RESPONSE, WEB_PARAMETER | WEB_PARAMETER | @liquidsec | 2022-04-15 | +| portscan | scan | No | Port scan with masscan. By default, scans top 100 ports. | active, portscan, safe | DNS_NAME, IP_ADDRESS, IP_RANGE | OPEN_TCP_PORT | @TheTechromancer | 2024-05-15 | +| reflected_parameters | scan | No | Highlight parameters that reflect their contents in response body | active, safe, web-thorough | WEB_PARAMETER | FINDING | @liquidsec | 2024-10-29 | +| retirejs | scan | No | Detect vulnerable/out-of-date JavaScript libraries | active, safe, web-thorough | URL_UNVERIFIED | FINDING | @liquidsec | 2025-08-19 | +| robots | scan | No | Look for and parse robots.txt | active, safe, web-basic | URL | URL_UNVERIFIED | @liquidsec | 2023-02-01 | +| securitytxt | scan | No | Check for security.txt content | active, cloud-enum, safe, subdomain-enum, web-basic | DNS_NAME | EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | +| smuggler | scan | No | Check for HTTP smuggling | active, aggressive, slow, web-thorough | URL | FINDING | @liquidsec | 2022-07-06 | +| sslcert | scan | No | Visit open ports and retrieve SSL certificates | active, affiliates, email-enum, safe, subdomain-enum, web-basic | OPEN_TCP_PORT | DNS_NAME, EMAIL_ADDRESS | @TheTechromancer | 2022-03-30 | +| telerik | scan | No | Scan for critical Telerik vulnerabilities | active, aggressive, web-thorough | HTTP_RESPONSE, URL | FINDING | @liquidsec | 2022-04-10 | +| url_manipulation | scan | No | Attempt to identify URL parsing/routing based vulnerabilities | active, aggressive, web-thorough | URL | FINDING | @liquidsec | 2022-09-27 | +| vhost | scan | No | Fuzz for virtual hosts | active, aggressive, deadly, slow | URL | DNS_NAME, VHOST | @liquidsec | 2022-05-02 | +| wafw00f | scan | No | Web Application Firewall Fingerprinting Tool | active, aggressive | URL | WAF | @liquidsec | 2023-02-15 | +| wappalyzer | scan | No | Extract technologies from web responses | active, safe, web-basic | HTTP_RESPONSE | TECHNOLOGY | @liquidsec | 2022-04-15 | +| wpscan | scan | No | Wordpress security scanner. Highly recommended to use an API key for better results. | active, aggressive | HTTP_RESPONSE, TECHNOLOGY | FINDING, TECHNOLOGY, URL_UNVERIFIED | @domwhewell-sage | 2024-05-29 | +| affiliates | scan | No | Summarize affiliate domains at the end of a scan | affiliates, passive, safe | * | | @TheTechromancer | 2022-07-25 | +| anubisdb | scan | No | Query jldc.me's database for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-10-04 | +| apkpure | scan | No | Download android applications from apkpure.com | code-enum, download, passive, safe | MOBILE_APP | FILESYSTEM | @domwhewell-sage | 2024-10-11 | +| asn | scan | No | Query ripe and bgpview.io for ASNs | passive, safe, subdomain-enum | IP_ADDRESS | ASN | @TheTechromancer | 2022-07-25 | +| azure_realm | scan | No | Retrieves the "AuthURL" from login.microsoftonline.com/getuserrealm | affiliates, cloud-enum, passive, safe, subdomain-enum, web-basic | DNS_NAME | URL_UNVERIFIED | @TheTechromancer | 2023-07-12 | +| azure_tenant | scan | No | Query Azure for tenant sister domains | affiliates, cloud-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-07-04 | +| bevigil | scan | Yes | Retrieve OSINT data from mobile applications using BeVigil | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @alt-glitch | 2022-10-26 | +| bucket_file_enum | scan | No | Works in conjunction with the filedownload module to download files from open storage buckets. Currently supported cloud providers: AWS, DigitalOcean | cloud-enum, passive, safe | STORAGE_BUCKET | URL_UNVERIFIED | @TheTechromancer | 2023-11-14 | +| bufferoverrun | scan | Yes | Query BufferOverrun's TLS API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2024-10-23 | +| builtwith | scan | Yes | Query Builtwith.com for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-23 | +| c99 | scan | Yes | Query the C99 API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-08 | +| certspotter | scan | No | Query Certspotter's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-28 | +| chaos | scan | Yes | Query ProjectDiscovery's Chaos API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-14 | +| code_repository | scan | No | Look for code repository links in webpages | code-enum, passive, safe | URL_UNVERIFIED | CODE_REPOSITORY | @domwhewell-sage | 2024-05-15 | +| credshed | scan | Yes | Send queries to your own credshed server to check for known credentials of your targets | passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | +| crt | scan | No | Query crt.sh (certificate transparency) for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-13 | +| crt_db | scan | No | Query crt.sh (certificate transparency) for subdomains via PostgreSQL | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2025-03-27 | +| dehashed | scan | Yes | Execute queries against dehashed.com for exposed credentials | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | +| digitorus | scan | No | Query certificatedetails.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-25 | +| dnsbimi | scan | No | Check DNS_NAME's for BIMI records to find image and certificate hosting URL's | cloud-enum, passive, safe, subdomain-enum | DNS_NAME | RAW_DNS_RECORD, URL_UNVERIFIED | @colin-stubbs | 2024-11-15 | +| dnscaa | scan | No | Check for CAA records | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | +| dnsdumpster | scan | No | Query dnsdumpster for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-03-12 | +| dnstlsrpt | scan | No | Check for TLS-RPT records | cloud-enum, email-enum, passive, safe, subdomain-enum | DNS_NAME | EMAIL_ADDRESS, RAW_DNS_RECORD, URL_UNVERIFIED | @colin-stubbs | 2024-07-26 | +| docker_pull | scan | No | Download images from a docker repository | code-enum, download, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-24 | +| dockerhub | scan | No | Search for docker repositories of discovered orgs/usernames | code-enum, passive, safe | ORG_STUB, SOCIAL | CODE_REPOSITORY, SOCIAL, URL_UNVERIFIED | @domwhewell-sage | 2024-03-12 | +| emailformat | scan | No | Query email-format.com for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-07-11 | +| extractous | scan | No | Module to extract data from files | passive, safe | FILESYSTEM | RAW_TEXT | @domwhewell-sage | 2024-06-03 | +| fullhunt | scan | Yes | Query the fullhunt.io API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | +| git_clone | scan | No | Clone code github repositories | code-enum, download, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-08 | +| gitdumper | scan | No | Download a leaked .git folder recursively or by fuzzing common names | code-enum, download, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2025-02-11 | +| github_codesearch | scan | Yes | Query Github's API for code containing the target domain name | code-enum, passive, safe, subdomain-enum | DNS_NAME | CODE_REPOSITORY, URL_UNVERIFIED | @domwhewell-sage | 2023-12-14 | +| github_org | scan | No | Query Github's API for organization and member repositories | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2023-12-14 | +| github_usersearch | scan | Yes | Query Github's API for users with emails matching in scope domains that may not be discoverable by listing members of the organization. | code-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS, SOCIAL | @domwhewell-sage | 2025-05-10 | +| github_workflows | scan | Yes | Download a github repositories workflow logs and workflow artifacts | code-enum, download, passive, safe | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-04-29 | +| google_playstore | scan | No | Search for android applications on play.google.com | code-enum, passive, safe | CODE_REPOSITORY, ORG_STUB | MOBILE_APP | @domwhewell-sage | 2024-10-08 | +| hackertarget | scan | No | Query the hackertarget.com API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-28 | +| hunterio | scan | Yes | Query hunter.io for emails | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @TheTechromancer | 2022-04-25 | +| ip2location | scan | Yes | Query IP2location.io's API for geolocation information. | passive, safe | IP_ADDRESS | GEOLOCATION | @TheTechromancer | 2023-09-12 | +| ipneighbor | scan | No | Look beside IPs in their surrounding subnet | aggressive, passive, subdomain-enum | IP_ADDRESS | IP_ADDRESS | @TheTechromancer | 2022-06-08 | +| ipstack | scan | Yes | Query IPStack's GeoIP API | passive, safe | IP_ADDRESS | GEOLOCATION | @tycoonslive | 2022-11-26 | +| jadx | scan | No | Decompile APKs and XAPKs using JADX | code-enum, passive, safe | FILESYSTEM | FILESYSTEM | @domwhewell-sage | 2024-11-04 | +| leakix | scan | No | Query leakix.net for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-11 | +| myssl | scan | No | Query myssl.com's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-10 | +| otx | scan | No | Query otx.alienvault.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | +| passivetotal | scan | Yes | Query the PassiveTotal API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-08 | +| pgp | scan | No | Query common PGP servers for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-08-10 | +| portfilter | scan | No | Filter out unwanted open ports from cloud/CDN targets | passive, safe | OPEN_TCP_PORT, URL, URL_UNVERIFIED | | @TheTechromancer | 2025-01-06 | +| postman | scan | No | Query Postman's API for related workspaces, collections, requests and download them | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2024-09-07 | +| postman_download | scan | No | Download workspaces, collections, requests from Postman | code-enum, download, passive, safe, subdomain-enum | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-09-07 | +| rapiddns | scan | No | Query rapiddns.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | +| securitytrails | scan | Yes | Query the SecurityTrails API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-03 | +| shodan_dns | scan | Yes | Query Shodan for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-03 | +| shodan_idb | scan | No | Query Shodan's InternetDB for open ports, hostnames, technologies, and vulnerabilities | passive, portscan, safe, subdomain-enum | DNS_NAME, IP_ADDRESS | DNS_NAME, FINDING, OPEN_TCP_PORT, TECHNOLOGY | @TheTechromancer | 2023-12-22 | +| sitedossier | scan | No | Query sitedossier.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-08-04 | +| skymem | scan | No | Query skymem.info for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-07-11 | +| social | scan | No | Look for social media links in webpages | passive, safe, social-enum | URL_UNVERIFIED | SOCIAL | @TheTechromancer | 2023-03-28 | +| subdomaincenter | scan | No | Query subdomain.center's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-26 | +| subdomainradar | scan | Yes | Query the Subdomain API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-08 | +| trickest | scan | Yes | Query Trickest's API for subdomains | affiliates, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @amiremami | 2024-07-27 | +| trufflehog | scan | No | TruffleHog is a tool for finding credentials | code-enum, passive, safe | CODE_REPOSITORY, FILESYSTEM, HTTP_RESPONSE, RAW_TEXT | FINDING | @domwhewell-sage | 2024-03-12 | +| urlscan | scan | No | Query urlscan.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @TheTechromancer | 2022-06-09 | +| viewdns | scan | No | Query viewdns.info's reverse whois for related domains | affiliates, passive, safe | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-07-04 | +| virustotal | scan | Yes | Query VirusTotal's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-25 | +| wayback | scan | No | Query archive.org's API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, URL_UNVERIFIED | @liquidsec | 2022-04-01 | +| asset_inventory | output | No | Merge hosts, open ports, technologies, findings, etc. into a single asset inventory CSV | | DNS_NAME, FINDING, HTTP_RESPONSE, IP_ADDRESS, OPEN_TCP_PORT, TECHNOLOGY, URL, WAF | IP_ADDRESS, OPEN_TCP_PORT | @liquidsec | 2022-09-30 | +| csv | output | No | Output to CSV | | * | | @TheTechromancer | 2022-04-07 | +| discord | output | No | Message a Discord channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | +| elastic | output | No | Send scan results to Elasticsearch | | * | | @TheTechromancer | 2022-11-21 | +| emails | output | No | Output any email addresses found belonging to the target domain | email-enum | EMAIL_ADDRESS | | @domwhewell-sage | 2023-12-23 | +| http | output | No | Send every event to a custom URL via a web request | | * | | @TheTechromancer | 2022-04-13 | +| json | output | No | Output to Newline-Delimited JSON (NDJSON) | | * | | @TheTechromancer | 2022-04-07 | +| kafka | output | No | Output scan data to a Kafka topic | | * | | @TheTechromancer | 2024-11-22 | +| mongo | output | No | Output scan data to a MongoDB database | | * | | @TheTechromancer | 2024-11-17 | +| mysql | output | No | Output scan data to a MySQL database | | * | | @TheTechromancer | 2024-11-13 | +| nats | output | No | Output scan data to a NATS subject | | * | | @TheTechromancer | 2024-11-22 | +| neo4j | output | No | Output to Neo4j | | * | | @TheTechromancer | 2022-04-07 | +| nmap_xml | output | No | Output to Nmap XML | | DNS_NAME, HTTP_RESPONSE, IP_ADDRESS, OPEN_TCP_PORT, PROTOCOL | | @TheTechromancer | 2024-11-16 | +| postgres | output | No | Output scan data to a SQLite database | | * | | @TheTechromancer | 2024-11-08 | +| python | output | No | Output via Python API | | * | | @TheTechromancer | 2022-09-13 | +| rabbitmq | output | No | Output scan data to a RabbitMQ queue | | * | | @TheTechromancer | 2024-11-22 | +| slack | output | No | Message a Slack channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | +| splunk | output | No | Send every event to a splunk instance through HTTP Event Collector | | * | | @w0Tx | 2024-02-17 | +| sqlite | output | No | Output scan data to a SQLite database | | * | | @TheTechromancer | 2024-11-07 | +| stdout | output | No | Output to text | | * | | @TheTechromancer | 2024-04-03 | +| subdomains | output | No | Output only resolved, in-scope subdomains | subdomain-enum | DNS_NAME, DNS_NAME_UNRESOLVED | | @TheTechromancer | 2023-07-31 | +| teams | output | No | Message a Teams channel when certain events are encountered | | * | | @TheTechromancer | 2023-08-14 | +| txt | output | No | Output to text | | * | | @TheTechromancer | 2024-04-03 | +| web_parameters | output | No | Output WEB_PARAMETER names to a file | | WEB_PARAMETER | | @liquidsec | 2025-01-25 | +| web_report | output | No | Create a markdown report with web assets | | FINDING, TECHNOLOGY, URL, VHOST | | @liquidsec | 2023-02-08 | +| websocket | output | No | Output to websockets | | * | | @TheTechromancer | 2022-04-15 | +| zeromq | output | No | Output scan data to a ZeroMQ socket (PUB) | | * | | @TheTechromancer | 2024-11-22 | +| cloudcheck | internal | No | Tag events by cloud provider, identify cloud resources like storage buckets | | * | | @TheTechromancer | 2024-07-07 | +| dnsresolve | internal | No | Perform DNS resolution | | * | DNS_NAME, IP_ADDRESS, RAW_DNS_RECORD | @TheTechromancer | 2022-04-08 | +| aggregate | internal | No | Summarize statistics at the end of a scan | passive, safe | | | @TheTechromancer | 2022-07-25 | +| excavate | internal | No | Passively extract juicy tidbits from scan data | passive | HTTP_RESPONSE, RAW_TEXT | URL_UNVERIFIED, WEB_PARAMETER | @liquidsec | 2022-06-27 | +| speculate | internal | No | Derive certain event types from others by common sense | passive | AZURE_TENANT, DNS_NAME, DNS_NAME_UNRESOLVED, HTTP_RESPONSE, IP_ADDRESS, IP_RANGE, SOCIAL, STORAGE_BUCKET, URL, URL_UNVERIFIED, USERNAME | DNS_NAME, FINDING, IP_ADDRESS, OPEN_TCP_PORT, ORG_STUB | @liquidsec | 2022-05-03 | +| unarchive | internal | No | Extract different types of files into folders on the filesystem | passive, safe | FILESYSTEM | FILESYSTEM | @domwhewell-sage | 2024-12-08 | For a list of module config options, see [Module Options](../scanning/configuration.md#module-config-options). diff --git a/docs/scanning/advanced.md b/docs/scanning/advanced.md index 3af6daf74b..65aa953738 100644 --- a/docs/scanning/advanced.md +++ b/docs/scanning/advanced.md @@ -32,22 +32,11 @@ if __name__ == "__main__": ```text -usage: bbot [-h] [-t TARGET [TARGET ...]] [-w WHITELIST [WHITELIST ...]] - [-b BLACKLIST [BLACKLIST ...]] [--strict-scope] - [-p [PRESET ...]] [-c [CONFIG ...]] [-lp] - [-m MODULE [MODULE ...]] [-l] [-lmo] [-em MODULE [MODULE ...]] - [-f FLAG [FLAG ...]] [-lf] [-rf FLAG [FLAG ...]] - [-ef FLAG [FLAG ...]] [--allow-deadly] [-n SCAN_NAME] [-v] [-d] - [-s] [--force] [-y] [--fast-mode] [--dry-run] - [--current-preset] [--current-preset-full] [-mh MODULE] - [-o DIR] [-om MODULE [MODULE ...]] [-lo] [--json] [--brief] - [--event-types EVENT_TYPES [EVENT_TYPES ...]] [--exclude-cdn] - [--no-deps | --force-deps | --retry-deps | - --ignore-failed-deps | --install-all-deps] [--version] - [--proxy HTTP_PROXY] [-H CUSTOM_HEADERS [CUSTOM_HEADERS ...]] - [-C CUSTOM_COOKIES [CUSTOM_COOKIES ...]] - [--custom-yara-rules CUSTOM_YARA_RULES] - [--user-agent USER_AGENT] +usage: bbot [-h] [-t TARGET [TARGET ...]] [-w WHITELIST [WHITELIST ...]] [-b BLACKLIST [BLACKLIST ...]] [--strict-scope] [-p [PRESET ...]] [-c [CONFIG ...]] [-lp] + [-m MODULE [MODULE ...]] [-l] [-lmo] [-em MODULE [MODULE ...]] [-f FLAG [FLAG ...]] [-lf] [-rf FLAG [FLAG ...]] [-ef FLAG [FLAG ...]] [--allow-deadly] [-n SCAN_NAME] [-v] + [-d] [-s] [--force] [-y] [--fast-mode] [--dry-run] [--current-preset] [--current-preset-full] [-mh MODULE] [-o DIR] [-om MODULE [MODULE ...]] [-lo] [--json] [--brief] + [--event-types EVENT_TYPES [EVENT_TYPES ...]] [--exclude-cdn] [--no-deps | --force-deps | --retry-deps | --ignore-failed-deps | --install-all-deps] [--version] + [--proxy HTTP_PROXY] [-H CUSTOM_HEADERS [CUSTOM_HEADERS ...]] [-C CUSTOM_COOKIES [CUSTOM_COOKIES ...]] [--custom-yara-rules CUSTOM_YARA_RULES] [--user-agent USER_AGENT] Bighuge BLS OSINT Tool @@ -61,7 +50,7 @@ Target: What's considered in-scope (by default it's the same as --targets) -b, --blacklist BLACKLIST [BLACKLIST ...] Don't touch these things - --strict-scope Don't consider subdomains of target/whitelist to be in-scope + --strict-scope Don't consider subdomains of target/whitelist to be in-scope - exact matches only Presets: -p, --preset [PRESET ...] @@ -105,7 +94,7 @@ Scan: Output: -o, --output-dir DIR Directory to output scan results -om, --output-modules MODULE [MODULE ...] - Output module(s). Choices: asset_inventory,csv,discord,emails,http,json,mysql,neo4j,nmap_xml,postgres,python,slack,splunk,sqlite,stdout,subdomains,teams,txt,web_parameters,web_report,websocket + Output module(s). Choices: asset_inventory,csv,discord,elastic,emails,http,json,kafka,mongo,mysql,nats,neo4j,nmap_xml,postgres,python,rabbitmq,slack,splunk,sqlite,stdout,subdomains,teams,txt,web_parameters,web_report,websocket,zeromq -lo, --list-output-modules List available output modules --json, -j Output scan data in JSON format diff --git a/docs/scanning/configuration.md b/docs/scanning/configuration.md index fd1397251e..6b3346ca32 100644 --- a/docs/scanning/configuration.md +++ b/docs/scanning/configuration.md @@ -59,6 +59,15 @@ Below is a full list of the config options supported, along with their defaults. ```yaml title="defaults.yml" ### BASIC OPTIONS ### +# NOTE: If used in a preset, these options must be nested underneath "config:" like so: +# config: +# home: ~/.bbot +# keep_scans: 20 +# scope: +# strict: true +# dns: +# minimal: true + # BBOT working directory home: ~/.bbot # How many scan results to keep before cleaning up the older ones @@ -74,7 +83,7 @@ folder_blobs: false scope: # strict scope means only exact DNS names are considered in-scope - # subdomains are not included unless they are explicitly provided in the target list + # their subdomains are not included unless explicitly whitelisted strict: false # Filter by scope distance which events are displayed in the output # 0 == show only in-scope events (affiliates are always shown) @@ -565,25 +574,37 @@ In addition to the stated options for each module, the following universal optio | modules.asset_inventory.summary_netmask | int | Subnet mask to use when summarizing IP addresses at end of scan | 16 | | modules.asset_inventory.use_previous | bool |` Emit previous asset inventory as new events (use in conjunction with -n ) `| False | | modules.csv.output_file | str | Output to CSV file | | -| modules.discord.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| modules.discord.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | +| modules.discord.event_types | list | Types of events to send | ['FINDING'] | +| modules.discord.min_severity | str | Only allow FINDING events of this severity or higher | LOW | | modules.discord.retries | int | Number of times to retry sending the message before skipping the event | 10 | | modules.discord.webhook_url | str | Discord webhook URL | | +| modules.elastic.password | str | Elastic password | bbotislife | +| modules.elastic.timeout | int | HTTP timeout | 10 | +| modules.elastic.url | str |` Elastic URL (e.g. https://localhost:9200//_doc) `| https://localhost:9200/bbot_events/_doc | +| modules.elastic.username | str | Elastic username | elastic | | modules.emails.output_file | str | Output to file | | | modules.http.bearer | str | Authorization Bearer token | | +| modules.http.headers | dict | Additional headers to send with the request | {} | | modules.http.method | str | HTTP method | POST | | modules.http.password | str | Password (basic auth) | | -| modules.http.siem_friendly | bool | Format JSON in a SIEM-friendly way for ingestion into Elastic, Splunk, etc. | False | | modules.http.timeout | int | HTTP timeout | 10 | | modules.http.url | str | Web URL | | | modules.http.username | str | Username (basic auth) | | | modules.json.output_file | str | Output to file | | -| modules.json.siem_friendly | bool | Output JSON in a SIEM-friendly format for ingestion into Elastic, Splunk, etc. | False | +| modules.kafka.bootstrap_servers | str | A comma-separated list of Kafka server addresses | localhost:9092 | +| modules.kafka.topic | str | The Kafka topic to publish events to | bbot_events | +| modules.mongo.collection_prefix | str | Prefix the name of each collection with this string | | +| modules.mongo.database | str | The name of the database to use | bbot | +| modules.mongo.password | str | The password to use to connect to the database | | +| modules.mongo.uri | str | The URI of the MongoDB server | mongodb://localhost:27017 | +| modules.mongo.username | str | The username to use to connect to the database | | | modules.mysql.database | str | The database name to connect to | bbot | | modules.mysql.host | str | The server running MySQL | localhost | | modules.mysql.password | str | The password to connect to MySQL | bbotislife | | modules.mysql.port | int | The port to connect to MySQL | 3306 | | modules.mysql.username | str | The username to connect to MySQL | root | +| modules.nats.servers | list | A list of NATS server addresses | [] | +| modules.nats.subject | str | The NATS subject to publish events to | bbot_events | | modules.neo4j.password | str | Neo4j password | bbotislife | | modules.neo4j.uri | str | Neo4j server + port | bolt://localhost:7687 | | modules.neo4j.username | str | Neo4j username | neo4j | @@ -592,8 +613,10 @@ In addition to the stated options for each module, the following universal optio | modules.postgres.password | str | The password to connect to Postgres | bbotislife | | modules.postgres.port | int | The port to connect to Postgres | 5432 | | modules.postgres.username | str | The username to connect to Postgres | postgres | -| modules.slack.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| modules.slack.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | +| modules.rabbitmq.queue | str | The RabbitMQ queue to publish events to | bbot_events | +| modules.rabbitmq.url | str | The RabbitMQ connection URL | amqp://guest:guest@localhost/ | +| modules.slack.event_types | list | Types of events to send | ['FINDING'] | +| modules.slack.min_severity | str | Only allow FINDING events of this severity or higher | LOW | | modules.slack.retries | int | Number of times to retry sending the message before skipping the event | 10 | | modules.slack.webhook_url | str | Discord webhook URL | | | modules.splunk.hectoken | str | HEC Token | | @@ -609,8 +632,8 @@ In addition to the stated options for each module, the following universal optio | modules.stdout.in_scope_only | bool | Whether to only show in-scope events | False | | modules.subdomains.include_unresolved | bool | Include unresolved subdomains in output | False | | modules.subdomains.output_file | str | Output to file | | -| modules.teams.event_types | list | Types of events to send | ['VULNERABILITY', 'FINDING'] | -| modules.teams.min_severity | str | Only allow VULNERABILITY events of this severity or higher | LOW | +| modules.teams.event_types | list | Types of events to send | ['FINDING'] | +| modules.teams.min_severity | str | Only allow FINDING events of this severity or higher | LOW | | modules.teams.retries | int | Number of times to retry sending the message before skipping the event | 10 | | modules.teams.webhook_url | str | Teams webhook URL | | | modules.txt.output_file | str | Output to file | | @@ -622,6 +645,7 @@ In addition to the stated options for each module, the following universal optio | modules.websocket.preserve_graph | bool | Preserve full chains of events in the graph (prevents orphans) | True | | modules.websocket.token | str | Authorization Bearer token | | | modules.websocket.url | str | Web URL | | +| modules.zeromq.zmq_address | str | The ZeroMQ socket address to publish events to (e.g. tcp://localhost:5555) | | | modules.excavate.custom_yara_rules | str | Include custom Yara rules | | | modules.excavate.speculate_params | bool | Enable speculative parameter extraction from JSON and XML content | False | | modules.excavate.yara_max_match_data | int | Sets the maximum amount of text that can extracted from a YARA regex | 2000 | diff --git a/docs/scanning/events.md b/docs/scanning/events.md index 297d3e2186..33bc33705d 100644 --- a/docs/scanning/events.md +++ b/docs/scanning/events.md @@ -106,7 +106,7 @@ Below is a full list of event types along with which modules produce/consume the | Event Type | # Consuming Modules | # Producing Modules | Consuming Modules | Producing Modules | |---------------------|-----------------------|-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| * | 18 | 0 | affiliates, cloudcheck, csv, discord, dnsresolve, http, json, mysql, neo4j, postgres, python, slack, splunk, sqlite, stdout, teams, txt, websocket | | +| * | 24 | 0 | affiliates, cloudcheck, csv, discord, dnsresolve, elastic, http, json, kafka, mongo, mysql, nats, neo4j, postgres, python, rabbitmq, slack, splunk, sqlite, stdout, teams, txt, websocket, zeromq | | | ASN | 0 | 1 | | asn | | AZURE_TENANT | 1 | 0 | speculate | | | CODE_REPOSITORY | 7 | 8 | docker_pull, git_clone, gitdumper, github_workflows, google_playstore, postman_download, trufflehog | code_repository, dockerhub, git, github_codesearch, github_org, gitlab_com, gitlab_onprem, postman | @@ -114,7 +114,7 @@ Below is a full list of event types along with which modules produce/consume the | DNS_NAME_UNRESOLVED | 3 | 0 | baddns, speculate, subdomains | | | EMAIL_ADDRESS | 1 | 11 | emails | credshed, dehashed, dnscaa, dnstlsrpt, emailformat, github_usersearch, hunterio, pgp, securitytxt, skymem, sslcert | | FILESYSTEM | 4 | 9 | extractous, jadx, trufflehog, unarchive | apkpure, docker_pull, filedownload, git_clone, gitdumper, github_workflows, jadx, postman_download, unarchive | -| FINDING | 2 | 31 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, git, gitlab_onprem, graphql_introspection, host_header, hunt, lightfuzz, newsletters, ntlm, nuclei, paramminer_cookies, paramminer_getparams, reflected_parameters, retirejs, shodan_idb, smuggler, speculate, telerik, trufflehog, url_manipulation, wpscan | +| FINDING | 2 | 33 | asset_inventory, web_report | ajaxpro, aspnet_bin_exposure, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dotnetnuke, generic_ssrf, git, gitlab_onprem, graphql_introspection, host_header, hunt, lightfuzz, medusa, newsletters, ntlm, nuclei, reflected_parameters, retirejs, shodan_idb, smuggler, speculate, telerik, trufflehog, url_manipulation, wpscan | | GEOLOCATION | 0 | 2 | | ip2location, ipstack | | HASHED_PASSWORD | 0 | 2 | | credshed, dehashed | | HTTP_RESPONSE | 19 | 1 | ajaxpro, asset_inventory, badsecrets, dotnetnuke, excavate, filedownload, gitlab_onprem, host_header, newsletters, nmap_xml, ntlm, paramminer_cookies, paramminer_getparams, paramminer_headers, speculate, telerik, trufflehog, wappalyzer, wpscan | httpx | @@ -129,13 +129,12 @@ Below is a full list of event types along with which modules produce/consume the | RAW_TEXT | 2 | 1 | excavate, trufflehog | extractous | | SOCIAL | 7 | 4 | dockerhub, github_org, gitlab_com, gitlab_onprem, gowitness, postman, speculate | dockerhub, github_usersearch, gitlab_onprem, social | | STORAGE_BUCKET | 8 | 5 | baddns_direct, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, speculate | bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google | -| TECHNOLOGY | 4 | 8 | asset_inventory, gitlab_onprem, web_report, wpscan | badsecrets, dotnetnuke, gitlab_onprem, gowitness, nuclei, shodan_idb, wappalyzer, wpscan | +| TECHNOLOGY | 4 | 9 | asset_inventory, gitlab_onprem, web_report, wpscan | ajaxpro, badsecrets, dotnetnuke, gitlab_onprem, gowitness, nuclei, shodan_idb, wappalyzer, wpscan | | URL | 24 | 2 | ajaxpro, aspnet_bin_exposure, asset_inventory, baddns_direct, bypass403, ffuf, generic_ssrf, git, gowitness, graphql_introspection, httpx, iis_shortnames, lightfuzz, ntlm, nuclei, portfilter, robots, smuggler, speculate, telerik, url_manipulation, vhost, wafw00f, web_report | gowitness, httpx | | URL_HINT | 1 | 1 | ffuf_shortnames | iis_shortnames | | URL_UNVERIFIED | 8 | 18 | code_repository, filedownload, httpx, oauth, portfilter, retirejs, social, speculate | azure_realm, bevigil, bucket_file_enum, dnsbimi, dnscaa, dnstlsrpt, dockerhub, excavate, ffuf, ffuf_shortnames, github_codesearch, gowitness, hunterio, robots, securitytxt, urlscan, wayback, wpscan | | USERNAME | 1 | 2 | speculate | credshed, dehashed | | VHOST | 1 | 1 | web_report | vhost | -| VULNERABILITY | 2 | 15 | asset_inventory, web_report | ajaxpro, aspnet_bin_exposure, baddns, baddns_direct, baddns_zone, badsecrets, dotnetnuke, generic_ssrf, lightfuzz, medusa, nuclei, shodan_idb, telerik, trufflehog, wpscan | | WAF | 1 | 1 | asset_inventory | wafw00f | | WEBSCREENSHOT | 0 | 1 | | gowitness | | WEB_PARAMETER | 7 | 4 | hunt, lightfuzz, paramminer_cookies, paramminer_getparams, paramminer_headers, reflected_parameters, web_parameters | excavate, paramminer_cookies, paramminer_getparams, paramminer_headers |