BBOT: A Must-Have OSINT Tool for Bug Bounty Hunters and Pentesters
bbot
BBOT (Bighuge BLS OSINT Tool) is a recursive internet scanner inspired by Spiderfoot, but designed to be faster, more reliable, and friendlier to pentesters, bug bounty hunters, and developers.
Special features include:
- Support for Multiple Targets
- Web Screenshots
- Suite of Offensive Web Modules
- AI-powered Subdomain Mutations
- Native Output to Neo4j (and more)
- Python API + Developer Documentation
BBOT is a system of individual modules that interchange data recursively. Every module (e.g. nmap) consumes a type of data (e.g. a DNS_NAME) and emits another kind, (an OPEN_TCP_PORT). These bits of data, called events, become the output of the tool, but are also redistributed to all the other modules, prompting them to dig deeper, and feeding the recursive cycle of discovery.
What It Isn’t
It’s important to understand that BBOT has a fundamentally different philosophy from most tools. Its discovery process does not have “phases”, or “stages”; i.e. it does not work like this:
This is a traditional OSINT process, where you start with a target and you work in stages. Each stage gets you a little more data and requires more cleaning/deduplication, until finally you reach the end. The problem with this approach is that it misses things.
Imagine if, on the last step of this process, you discovered a new subdomain. Awesome! But shouldn’t you go back and check that one the same way you did the others? Shouldn’t you port-scan it and SSL-mine it, extract its web contents, and so on? Let’s assume you do that, and maybe during that process, you even discover another subdomain!
Recursion
Recursion is at the heart of BBOT’s design. Each newly-discovered piece of data is fed it back into the machine, fueling the discovery process. This continues until there is no new data to discover.
