From 5803c510239b31a0aa61a91e062c8b71370b7e09 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 10 Jan 2025 12:50:07 -0500 Subject: [PATCH] baddns logic bug fix --- bbot/modules/baddns.py | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/bbot/modules/baddns.py b/bbot/modules/baddns.py index d0e4c6c1be..48da5066d0 100644 --- a/bbot/modules/baddns.py +++ b/bbot/modules/baddns.py @@ -87,10 +87,12 @@ async def handle_event(self, event): for r in results: r_dict = r.to_dict() - if r_dict["confidence"] in ["CONFIRMED", "PROBABLE"]: + confidence = r_dict["confidence"] + + if confidence in ["CONFIRMED", "PROBABLE"]: data = { "severity": "MEDIUM", - "description": f"{r_dict['description']}. Confidence: [{r_dict['confidence']}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]", + "description": f"{r_dict['description']}. Confidence: [{confidence}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]", "host": str(event.host), } await self.emit_event( @@ -101,20 +103,24 @@ async def handle_event(self, event): context=f'{{module}}\'s "{r_dict["module"]}" module found {{event.type}}: {r_dict["description"]}', ) - elif r_dict["confidence"] in ["UNLIKELY", "POSSIBLE"] and not self.only_high_confidence: - data = { - "description": f"{r_dict['description']} Confidence: [{r_dict['confidence']}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]", - "host": str(event.host), - } - await self.emit_event( - data, - "FINDING", - event, - tags=[f"baddns-{module_instance.name.lower()}"], - context=f'{{module}}\'s "{r_dict["module"]}" module found {{event.type}}: {r_dict["description"]}', - ) + elif confidence in ["UNLIKELY", "POSSIBLE"]: + if not self.only_high_confidence: + data = { + "description": f"{r_dict['description']} Confidence: [{confidence}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]", + "host": str(event.host), + } + await self.emit_event( + data, + "FINDING", + event, + tags=[f"baddns-{module_instance.name.lower()}"], + context=f'{{module}}\'s "{r_dict["module"]}" module found {{event.type}}: {r_dict["description"]}', + ) + else: + self.debug(f"Skipping low-confidence result due to only_high_confidence setting: {confidence}") + else: - self.warning(f"Got unrecognized confidence level: {r_dict['confidence']}") + self.warning(f"Got unrecognized confidence level: {confidence}") found_domains = r_dict.get("found_domains", None) if found_domains: