BBOT (Bighuge BLS OSINT Tool)

Presented at DEF CON 31 (2023), Aug. 12, 2023, noon (115 minutes)

BBOT (Bighuge BLS OSINT Tool) is a new recursive OSINT scanner inspired by Spiderfoot, but designed and optimized for bigger targets and faster scan times. BBOT is open-source and written in Python. Its 80+ modules range in function from subdomain enumeration to cryptographic exploitation. BBOT can map the attack surface of an organization (and sometimes get you RCE) in a single command. Features include: - multiple targets - automatic dependencies w/ ansible - python API - subdomain enumeration - email enumeration - cloud bucket enumeration - port scanning - web service enumeration - web screenshots - web spidering - vulnerability scanning (with nuclei and more)

Presenters:

• Paul Mueller
  Paul Mueller is a Principal Operator at Black Lantern Security (BLS). He specializes in web application testing and application security. He loves finding complex hard-to-find web bugs, especially when they involve cryptography. He is also one of the developers for the BLS tools Writehat and BBOT (Bighuge BLS OSINT Tool). Prior to working with BLS, he spent over a decade as a DoD contractor providing both penetration testing and security analysis/incident handling. He got his start in the field as a systems administrator and later as a Signals Intelligence Analyst with the US Marine Corps.
• TheTechromancer (Joel Moore)
  TheTechromancer is a hacker at Black Lantern Security (BLS). He loves coding in Python, and is the creator of several security tools including ManSpider, TrevorSpray, and BBOT (Bighuge BLS OSINT Tool). He has also made contributions to other open-source projects such as Spiderfoot.

Similar Presentations:

• ToorCon San Diego 12 (2010) / SSLSmart - Smart SSL Cipher Enumeration
• Disobey 2020 / Basics of Penetration Workshop
• DEF CON 30 (2022) / Vajra - Your Weapon To Cloud Demo