On the eve of the Def Con 32 conference, a new release of the BBOT tool has been unveiled, known as bbot 2.0 . This updated version promises to enhance the tool’s capabilities and speed up the scanning process. BBOT (BIGHUGE BLS Osint Tool) has gained popularity for its ability to discover more subdomains compared to other similar tools. With over 400 thousand downloads to date, BBOT has proven to be in high demand, particularly in the realm of vulnerability scanning.
BBOT was created two years ago with the primary objective of aiding in the discovery of vulnerabilities, particularly in Bug Bounty programs. The tool has garnered support from the community, leading to the development of new modules and features. The project repository has seen over 4000 commits, surpassing its predecessor Spiderfoot, which was developed over a ten-year period.
One of the key features of BBOT 2.0 is the introduction of three new functions: PRESETS, a DNS vulnerability identification tool called Baddns, and optimization for increased speed.
PRESETS (Presets)
One of the standout features of BBOT 2.0 is the introduction of pre-installed configurations known as PRESETS. Users can now maintain their scan settings in a YAML file, streamlining the scanning process. Previous versions of BBOT offered high customization, providing extensive options but also making it complex to create commands. With PRESETS, users can easily initiate scans by combining various settings and modules.
To use PRESETS, users simply need to execute the BBOT -P command followed by the desired pre-installation. Additionally, users have the flexibility to create their own configurations incorporating multiple pre-installations simultaneously.
The Baddns tool, developed by @paulmmueller, replaces the previous Subdomain_Hijack module, expanding BBOT’s capabilities in identifying DNS vulnerabilities. This tool can uncover various vulnerabilities, including risky configurations that could lead to potential security breaches.
Integrated into BBOT 2.0, Baddns has become a crucial component of the updated tool. This module not only detects vulnerabilities but also provides analysis, offering valuable insights for security professionals.
BBOT 2.0 includes various optimizations that have made scanning nearly 10 times faster than its predecessor. This speed enhancement was achieved through the integration of Yara and updated engines for DNS and HTTP query processing.
Previously, BBOT relied on