Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1388 commits
Select commit Hold shift + click to select a range
ad83aaf
Merge dev, resolve conflicts in wayback pydantic Config, kitchen-sink…
liquidsec Jun 9, 2026
75bf826
Fix keystream-reuse FP, cmdi octal bug, type mutation leak, connectiv…
liquidsec Jun 9, 2026
d6017e7
Fix TestCRT_DB_Reconnect: match result domain to query
liquidsec Jun 9, 2026
ad6fc0e
Merge branch 'dev' into add-virtualhost-module
liquidsec Jun 9, 2026
451d14d
virtualhost: migrate options to Config(BaseModuleConfig)
liquidsec Jun 9, 2026
491c2d3
Handle malformed YAML gracefully instead of crashing
liquidsec Jun 9, 2026
847be24
Merge branch 'dev' into dependabot/pip/dev/griffe-gte-1-and-lt-3
liquidsec Jun 9, 2026
b01d44f
Merge branch 'dev' into dependabot/github_actions/dev/github-actions-…
liquidsec Jun 9, 2026
47707ae
Use dotnetnuke instead of nuclei for invasive flag test
liquidsec Jun 9, 2026
162dca5
Merge pull request #3062 from blacklanternsecurity/dependabot/pip/dev…
liquidsec Jun 9, 2026
0966bb8
Merge pull request #3159 from blacklanternsecurity/graceful-yaml-errors
liquidsec Jun 9, 2026
17b88f9
Merge pull request #3151 from blacklanternsecurity/dependabot/github_…
liquidsec Jun 9, 2026
6fb2a10
Merge pull request #3160 from blacklanternsecurity/fix-cli-nuclei-test
liquidsec Jun 9, 2026
f66c0db
Merge pull request #2967 from blacklanternsecurity/lightfuzz-improvem…
liquidsec Jun 9, 2026
0bbd57e
Upgrade baddns to 2.4, badsecrets to 1.1
liquidsec Jun 9, 2026
8088ab2
Fix duplicate-inflation false-negative in _collapse
liquidsec Jun 9, 2026
d207be7
Merge pull request #3115 from blacklanternsecurity/chaos-collapse-flood
liquidsec Jun 9, 2026
065286e
Fix preset path resolution clobbering default search paths
liquidsec Jun 9, 2026
f256ec3
Merge pull request #3162 from blacklanternsecurity/fix-path-nonsense
liquidsec Jun 9, 2026
8a16cb6
Bump yara-python from ==4.5.2 to >=4.5.4
liquidsec Jun 10, 2026
376d2bd
Merge dev, resolve conflicts in event tags, WAF strings, and excavate…
liquidsec Jun 10, 2026
f0f2a4b
Fix JWTIdentifyOnly test to scope assertion to badsecrets module
liquidsec Jun 10, 2026
571ee75
Gate SPF IP extraction on v=spf1, fix silently dropped CIDR children
thunderstornX Jun 10, 2026
5524da2
Use subset asserts in SPF tests to satisfy CodeQL
thunderstornX Jun 10, 2026
cc7b892
Merge pull request #3161 from blacklanternsecurity/upgrade-baddns-bad…
liquidsec Jun 10, 2026
059510b
Merge branch 'dev' into cloudcheck-optimizations
liquidsec Jun 11, 2026
c487305
Fix _minimize() race in forward_event stripping WEB_PARAMETER fields
liquidsec Jun 11, 2026
23b2563
Merge pull request #3163 from blacklanternsecurity/fix-minimize-race-…
liquidsec Jun 11, 2026
d2fb595
Add HTTP wildcard host detection to prevent SPA spider traps
liquidsec Jun 12, 2026
b386ce3
Use event.parsed_url instead of manual urlparse in excavate wildcard …
liquidsec Jun 12, 2026
4bf0dbf
Rename cmp to descriptive names, drop unnecessary per-event memo
liquidsec Jun 12, 2026
b87e5ae
Fix lightfuzz false positives on decimal IDs and CDN cookies
liquidsec Jun 12, 2026
0d2f266
Mock wildcard detection in special URL scope test
liquidsec Jun 12, 2026
b04f2bc
Fix wildcard check for non-URL events, mock in test base
liquidsec Jun 12, 2026
3d9fb23
Skip IP_RANGE enumeration for out-of-scope ranges in speculate
liquidsec Jun 12, 2026
a1963cc
Merge branch 'dev' into dnsspf-module
liquidsec Jun 12, 2026
8faf12e
Replace CLA workflow with centralized reusable workflow
aconite33 Jun 12, 2026
dfd4a38
Merge pull request #3168 from aconite33/fix/cla-reusable-workflow
liquidsec Jun 12, 2026
aaae002
Merge branch 'dev' into dnsspf-module
liquidsec Jun 12, 2026
55527a7
Merge pull request #3144 from thunderstornX/dnsspf-module
liquidsec Jun 12, 2026
bda1115
Fix WAF filter Apache FP, junk-URL YARA hyphen FP, finish() guard
liquidsec Jun 13, 2026
826406a
Add _cloudcheck_done to __slots__, copy types list, fix csv default type
liquidsec Jun 13, 2026
d096437
Merge pull request #3165 from blacklanternsecurity/lightfuzz-tuning
liquidsec Jun 13, 2026
c225d62
Fix version updater workflow for pydantic config format
liquidsec Jun 13, 2026
28f2296
Merge pull request #3129 from blacklanternsecurity/cloudcheck-optimiz…
liquidsec Jun 13, 2026
e19e73d
Merge pull request #3171 from blacklanternsecurity/fix-version-update…
liquidsec Jun 13, 2026
e6709c8
Merge pull request #2909 from blacklanternsecurity/wayback-upgrade
liquidsec Jun 13, 2026
7582909
Update nuclei
blsaccess Jun 13, 2026
f6f326d
Merge branch 'dev' into http-wildcard-detection
liquidsec Jun 13, 2026
56316cf
Update pyjwt to 2.13.0 in uv.lock
liquidsec Jun 13, 2026
6ec615b
Replace CLA workflow with reusable workflow from CLA repo
aconite33 Jun 13, 2026
cde3277
Merge pull request #3175 from aconite33/fix/cla-use-cla-repo-dev
liquidsec Jun 13, 2026
404bbbc
Merge pull request #3173 from blacklanternsecurity/update-nuclei
liquidsec Jun 13, 2026
8286bc0
Bump trufflehog to 3.95.5, stop removing .git/index in sanitize_git_repo
liquidsec Jun 13, 2026
9846f95
Bump ruff from 0.15.16 to 0.15.17
dependabot[bot] Jun 14, 2026
b3cc9fe
Centralize HTTP wildcard host check, gate lightfuzz + paramminer
liquidsec Jun 14, 2026
b1f2f8e
http: add 429 rate-limit handling with host-level cooldowns
liquidsec Jun 6, 2026
dfc98f1
Fix 429 handler: dedup deferral, wakeup guard, per-event retry count,…
liquidsec Jun 6, 2026
3fcd2bf
aspnet_bin_exposure: fan out probes concurrently, bump module threads…
liquidsec Jun 14, 2026
05f1251
Merge pull request #3178 from blacklanternsecurity/dependabot/pip/dev…
liquidsec Jun 14, 2026
d325985
Merge pull request #3176 from blacklanternsecurity/bump-trufflehog
liquidsec Jun 15, 2026
46e9e97
Split ssl_verify into target vs infrastructure settings
liquidsec Jun 15, 2026
4c791d1
Bump blasthttp to >=0.9.0 and regenerate uv.lock
liquidsec Jun 15, 2026
48a79c3
Clean up webbrute filter_event returns, document wildcard https-only …
liquidsec Jun 15, 2026
536241c
Merge pull request #3186 from blacklanternsecurity/ssl-verify-split
liquidsec Jun 15, 2026
af97086
Replace webbrute baseline with HttpCompare (DeepDiff)
liquidsec Jun 12, 2026
9be8cb7
Add webbrute defensive layers: WAF avoidance, host blocking, hit cap
liquidsec Jun 12, 2026
90f17e9
Fix webbrute_shortnames for new execute_fuzz signature
liquidsec Jun 12, 2026
b0169f5
Add canary + baseline-drift tests, clean up filter_event returns
liquidsec Jun 15, 2026
edff9b6
Merge pull request #3164 from blacklanternsecurity/http-wildcard-dete…
liquidsec Jun 15, 2026
061620e
paramminer: dedup by endpoint + param keys, not full URL string
liquidsec Jun 14, 2026
b94f583
Fix recycle-words collapse, harden dedup hash, add name-swap test
liquidsec Jun 15, 2026
a7a9ef7
Merge pull request #3180 from blacklanternsecurity/paramminer-dedup-b…
liquidsec Jun 15, 2026
2983a9b
add 2.x -> 3.0 migration guide
liquidsec May 22, 2026
f840391
drop generic_ssrf claim from migration doc
liquidsec May 22, 2026
7229b2b
Note preset/config validation and ${env:} removal
liquidsec Jun 3, 2026
b4985d3
Update blasthttp to >=0.8.0, add http_proxy_exclude
liquidsec Jun 10, 2026
cfb4dc3
Update migration doc: ssl_verify split, blasthttp 0.9.0, wildcard det…
liquidsec Jun 15, 2026
9add59a
feat: add _avoid_duplicate_content flag for content-based dedup
liquidsec Jun 14, 2026
cfffe31
Harden content-dedup: sha256, port-aware key, safer hash access
liquidsec Jun 15, 2026
d68d5bc
Skip URL dedup for POST responses, skip content dedup for empty bodies
liquidsec Jun 15, 2026
4d4a76d
ruff format
liquidsec Jun 15, 2026
3f0df4d
Add OOM test, broaden except tuple to catch PostgresConnectionError
liquidsec Jun 15, 2026
8bb2291
Merge pull request #3166 from blacklanternsecurity/webbrute-rework
liquidsec Jun 16, 2026
a55105d
Merge pull request #3179 from blacklanternsecurity/content-dedup
liquidsec Jun 16, 2026
c07e3e7
Merge pull request #3124 from blacklanternsecurity/crt-resilience
liquidsec Jun 16, 2026
5980d83
Add dead-host and false-positive tests for aspnet_bin_exposure
liquidsec Jun 16, 2026
f99261a
Fix -lp scanning arbitrary directories when -p is also specified (#3189)
liquidsec Jun 16, 2026
455178a
Fix dnscaa crash on unrecognized CAA properties (e.g. contactemail)
liquidsec Jun 16, 2026
d4ea12f
Merge pull request #3192 from blacklanternsecurity/preset-path-listable
liquidsec Jun 16, 2026
3a3337f
Fix distro test failures (Fedora SSL, Parrot mirror retries)
liquidsec Jun 16, 2026
ded2ede
Bump asndb to 1.1.0
liquidsec Jun 16, 2026
b795c7c
Remove parrotsec from distro tests
liquidsec Jun 16, 2026
14cb8c0
Merge pull request #3193 from blacklanternsecurity/dnscaa-unknown-pro…
liquidsec Jun 16, 2026
f0dcb45
Merge pull request #3009 from blacklanternsecurity/dependabot/pip/pyj…
liquidsec Jun 16, 2026
5261569
Merge pull request #3194 from blacklanternsecurity/test-failure-fixes
liquidsec Jun 16, 2026
b34f1b4
Merge branch 'dev' into add-virtualhost-module
liquidsec Jun 16, 2026
ae20fe3
Merge branch 'dev' into add-waf-bypass-module
liquidsec Jun 16, 2026
1c75f30
Merge branch 'dev' into aspnet-bin-concurrent-probes
liquidsec Jun 16, 2026
4125b05
Merge branch 'dev' into http-429-handling
liquidsec Jun 16, 2026
4d308a6
Merge branch 'dev' into docs-3.0-breaking-changes
liquidsec Jun 16, 2026
015020c
Merge pull request #3195 from blacklanternsecurity/bump-asndb
liquidsec Jun 16, 2026
b41c634
Harden docker_pull WWW-Authenticate parsing and realm validation
liquidsec Jun 15, 2026
30df58e
Add path traversal check to unarchive module
liquidsec Jun 15, 2026
ffbb745
Reject symlinks in github_workflows output path before mkdir
liquidsec Jun 15, 2026
5caf3cb
Fix github_workflows symlink test: use blasthttp_mock
liquidsec Jun 16, 2026
2bdec88
Add defense-in-depth hardenings for security fixes
liquidsec Jun 16, 2026
544311e
Remove dead neighbor_cidr validation in setup()
liquidsec Jun 16, 2026
3b43e43
Merge pull request #3196 from blacklanternsecurity/dev-security-patches
liquidsec Jun 16, 2026
734e400
Strengthen aspnet_bin_exposure test for tracker correlation
liquidsec Jun 16, 2026
b547718
Merge remote-tracking branch 'origin/dev' into add-virtualhost-module
liquidsec Jun 16, 2026
1f3adf1
Address review findings for virtualhost module
liquidsec Jun 16, 2026
28dc314
Merge pull request #3182 from blacklanternsecurity/aspnet-bin-concurr…
liquidsec Jun 16, 2026
c346ead
Merge pull request #2993 from blacklanternsecurity/add-virtualhost-mo…
liquidsec Jun 16, 2026
960fa77
Retrigger CI
liquidsec Jun 16, 2026
37352ca
Merge branch 'dev' into add-waf-bypass-module
liquidsec Jun 16, 2026
a3be56f
Merge remote-tracking branch 'origin/dev' into shodan-cve-enrichment
liquidsec Jun 16, 2026
825ac1f
Merge pull request #2994 from blacklanternsecurity/add-waf-bypass-module
liquidsec Jun 16, 2026
7a4b430
Address review findings for shodan_idb CVE enrichment
liquidsec Jun 16, 2026
d19106e
Merge pull request #3082 from blacklanternsecurity/shodan-cve-enrichment
liquidsec Jun 16, 2026
36013dd
Address review findings for 429 rate-limit handling
liquidsec Jun 16, 2026
9cc4809
Merge pull request #3145 from blacklanternsecurity/http-429-handling
liquidsec Jun 17, 2026
0687a3a
Add optional API key + cursor pagination to certspotter
liquidsec Jun 17, 2026
f75d23d
Merge branch 'dev' into certspotter-api-key
liquidsec Jun 17, 2026
283ab14
Merge stable into dev, resolve conflicts
liquidsec Jun 17, 2026
44a8037
Harden pickle unpickler in webbrute_shortnames
liquidsec Jun 17, 2026
ed9f6a4
Allow numpy classes in shortnames pickle unpickler
liquidsec Jun 17, 2026
a74da8a
Merge pull request #3198 from blacklanternsecurity/dev-stable-conflic…
liquidsec Jun 17, 2026
6cb750a
Fix arbitrary file write in postman_download via path traversal
liquidsec Jun 17, 2026
8c30522
Defense-in-depth hardening for git and apkpure modules
liquidsec Jun 17, 2026
933d3b8
Harden gitdumper against CVE-2025-10283 index poisoning
liquidsec Jun 17, 2026
85ab2e5
Fix postman_download test for tagified workspace name
liquidsec Jun 17, 2026
a9dedeb
Harden preload cache pickle and unarchive extraction
liquidsec Jun 17, 2026
35e1692
Fix unarchive decompression bomb: pre-check size, cumulative budget
liquidsec Jun 17, 2026
24e956a
Merge pull request #3200 from blacklanternsecurity/harden-shortnames-…
liquidsec Jun 17, 2026
ca89657
Write safe .git/config in sanitize_git_repo for trufflehog compat
liquidsec Jun 17, 2026
2c65087
Merge pull request #3201 from blacklanternsecurity/dev-security-patch…
liquidsec Jun 17, 2026
5388881
Merge stable into dev
liquidsec Jun 17, 2026
c907ab3
Merge pull request #3204 from blacklanternsecurity/dev-stable-conflic…
liquidsec Jun 17, 2026
91fece0
Merge stable into dev
liquidsec Jun 17, 2026
82df903
Merge pull request #3205 from blacklanternsecurity/dev-stable-conflic…
liquidsec Jun 17, 2026
388ba58
Set PR_SET_PDEATHSIG on process pool workers to prevent zombie accumu…
liquidsec Jun 17, 2026
8f05837
Fix test: avoid bbot import in subprocess, remove Linux-only skip
liquidsec Jun 17, 2026
8c2167f
Fix pool worker test for Python 3.14
liquidsec Jun 17, 2026
5ef9d02
Fix pool worker test: unique PIDs + zombie-aware alive check
liquidsec Jun 17, 2026
efa6db6
Add __main__ guard for Python 3.14 forkserver compatibility
liquidsec Jun 17, 2026
15d061f
Remove stale poetry.lock re-introduced by dependabot merges
liquidsec Jun 17, 2026
7b62d63
Update scanning docs: consolidate targets/seeds/blacklists, add ASN +…
liquidsec Jun 16, 2026
0471e49
Update scanning docs: presets, events, output, tips, config, navigati…
liquidsec Jun 16, 2026
9bbe8bf
Rewrite contribution guide, add CONTRIBUTIONS.md repo pointer
liquidsec Jun 17, 2026
5539196
Add dev branch guidance, fix typo in contribution guide
liquidsec Jun 17, 2026
f0780bc
Add 2.8.1-2.8.6 to release history, fix duplicate 1.0.5
liquidsec Jun 17, 2026
9ec1797
Fix dev reference page, update troubleshooting
liquidsec Jun 17, 2026
b184270
Fix dev environment setup: git URL, dev branch, ruff check
liquidsec Jun 17, 2026
c34ca1a
Update module howto and architecture docs for current codebase
liquidsec Jun 17, 2026
5a2ec93
Update dev docs: tests, core deps page, architecture, discord bot exa…
liquidsec Jun 17, 2026
916cd4e
Remove dead engine code, reparent WebError/DNSError to BBOTError
liquidsec Jun 17, 2026
aa99643
Fix helper docs: stale DNS methods, syntax error, engine reference
liquidsec Jun 17, 2026
0ab5e54
Update README: Python 3.10+, blastdns, sync presets, fix TOC
liquidsec Jun 17, 2026
215b4a1
Fix DNS resolver thread counts in tips and tricks
liquidsec Jun 17, 2026
6d04d26
Fix PID collection for forkserver: hold workers with a 1s sleep
liquidsec Jun 17, 2026
852258a
Switch dependabot from pip to uv ecosystem
liquidsec Jun 17, 2026
f8197cb
Use fork context in pool test to avoid forkserver hang on 3.14
liquidsec Jun 18, 2026
ef65b09
Merge pull request #3209 from blacklanternsecurity/remove-poetry-lock
liquidsec Jun 18, 2026
3165dc0
Add E2E tests, bump cloudcheck to 11.x
liquidsec Jun 18, 2026
5e998c9
Fix lint errors in E2E tests
liquidsec Jun 18, 2026
a5b5f7c
Find repo root via pyproject.toml instead of git
liquidsec Jun 18, 2026
6de8c81
Reduce memory allocation pressure in HttpCompare, wayback, and paramm…
liquidsec Jun 18, 2026
367f171
Merge branch 'dev' into docs-3.0-breaking-changes
liquidsec Jun 18, 2026
045fb9c
Fix zeromq test hang by capturing sends instead of PUB/SUB recv
liquidsec Jun 18, 2026
58f1603
Fix benchmark CI: tolerate test failures, remove invalid config keys
liquidsec Jun 18, 2026
6e25cb9
Merge branch 'dev' into docs-update
liquidsec Jun 19, 2026
b942be0
Graceful asndb API failure handling with circuit breaker
liquidsec Jun 19, 2026
0e1a2ea
Make output_modules additive, move python to internal
liquidsec Jun 19, 2026
b2f53f8
Don't exclude output modules being tested
liquidsec Jun 19, 2026
8b1de5e
Migration guide: add JSON before/after, output module rules, omit_eve…
liquidsec Jun 19, 2026
1213913
Consolidate http_timeout and blasthttp_timeout into target/infrastruc…
liquidsec Jun 19, 2026
df81eb3
Update docs for timeout consolidation and ssl_verify split
liquidsec Jun 19, 2026
f3575cc
Update migration guide for timeout consolidation and ssl_verify split
liquidsec Jun 19, 2026
e66182d
Tighten lightfuzz false positives
liquidsec Jun 19, 2026
4330326
Restore description in VIRTUAL_HOST event display
liquidsec Jun 19, 2026
59f4e70
Fix ASN report-phase cache miss and redundant network calls
liquidsec Jun 20, 2026
316f4c6
Bump actions/checkout from 6 to 7 in the github-actions group
dependabot[bot] Jun 21, 2026
006feea
Bump ruff from 0.15.17 to 0.15.18
dependabot[bot] Jun 21, 2026
d2e6b37
Merge pull request #3232 from blacklanternsecurity/dependabot/pip/dev…
liquidsec Jun 22, 2026
4701a5d
Merge branch 'dev' into dependabot/github_actions/dev/github-actions-…
liquidsec Jun 22, 2026
617dac2
Update fastapi requirement from <0.137.0,>=0.115.5 to >=0.115.5,<0.139.0
dependabot[bot] Jun 22, 2026
03b00cb
Skip mismatched protocol/port probes for well-known ports
liquidsec Jun 22, 2026
1655d72
Route ASN seed expansion through shared ASNHelper
liquidsec Jun 23, 2026
c533e63
Use make_netloc for http port probes, add url_metadata test
liquidsec Jun 23, 2026
e310d5f
Require helpers param in generate_children; fix ASN target test callers
liquidsec Jun 23, 2026
99693cb
Merge branch 'dev' into fix-benchmark-ci
liquidsec Jun 23, 2026
4e1e744
Fix wayback YARA junk-filter byte offsets and wire up baseline snapsh…
liquidsec Jun 23, 2026
f1485d6
Merge pull request #3234 from blacklanternsecurity/skip-mismatched-po…
liquidsec Jun 23, 2026
8a49b45
Merge pull request #3214 from blacklanternsecurity/fix-problematic-ze…
liquidsec Jun 23, 2026
222c3d3
Merge pull request #3224 from blacklanternsecurity/virtualhost-event-…
liquidsec Jun 23, 2026
6e27452
Merge pull request #3219 from blacklanternsecurity/asndb-fallback
liquidsec Jun 23, 2026
8e0431a
Guard prctl behind Linux check, skip pool death test elsewhere
liquidsec Jun 23, 2026
b40d683
Merge branch 'dev' into fix-benchmark-ci
liquidsec Jun 23, 2026
d6ce231
Merge pull request #3221 from blacklanternsecurity/additive-output-mo…
liquidsec Jun 23, 2026
9cd2601
Merge pull request #3216 from blacklanternsecurity/fix-benchmark-ci
liquidsec Jun 23, 2026
3bc8e9c
Merge pull request #3207 from blacklanternsecurity/pool-pdeathsig
liquidsec Jun 23, 2026
07eec1b
Merge branch 'dev' into more-memory-improvements
liquidsec Jun 23, 2026
5224d45
Bump badsecrets to 1.2.1
liquidsec Jun 24, 2026
5727446
graceful cloudcheck error handling + SSL verify passthrough
liquidsec Jun 24, 2026
e9b8f5b
Merge branch 'dev' into dependabot/pip/dev/fastapi-gte-0.115.5-and-lt…
liquidsec Jun 24, 2026
048b08e
Merge branch 'dev' into dependabot/github_actions/dev/github-actions-…
liquidsec Jun 24, 2026
ec7527a
Add --reset-config and stale-config detection
liquidsec Jun 24, 2026
fb4daca
Make config/secrets reset independent; harden secrets writes
liquidsec Jun 24, 2026
6003211
gowitness: use ephemeral per-batch database
liquidsec Jun 24, 2026
76fe1be
Remove wpscan module
liquidsec Jun 24, 2026
96c0765
Merge pull request #3231 from blacklanternsecurity/dependabot/github_…
liquidsec Jun 24, 2026
e381ee5
gowitness: warn when a batch produces no results
liquidsec Jun 24, 2026
c785b97
Merge pull request #3243 from blacklanternsecurity/remove-wpscan-module
liquidsec Jun 24, 2026
8bc0640
Replace stale-config nag with a validation-driven reset hint
liquidsec Jun 24, 2026
1d83df1
Merge pull request #3233 from blacklanternsecurity/dependabot/pip/dev…
liquidsec Jun 24, 2026
5f29c5b
Reword reset-config hint as informative warning
liquidsec Jun 25, 2026
48e1e02
Merge pull request #3213 from blacklanternsecurity/more-memory-improv…
liquidsec Jun 25, 2026
983a672
Merge pull request #3240 from blacklanternsecurity/reset-config
liquidsec Jun 25, 2026
47513df
Merge branch 'dev' into e2e-tests
liquidsec Jun 25, 2026
b2caf50
Bump cloudcheck to 11.1
liquidsec Jun 25, 2026
8693741
Merge pull request #3241 from blacklanternsecurity/gowitness-per-batc…
liquidsec Jun 25, 2026
4b0f54c
Merge pull request #3237 from blacklanternsecurity/bump-badsecrets-1.2.1
liquidsec Jun 25, 2026
e25792d
Merge pull request #3223 from blacklanternsecurity/lightfuzz-fp-jun-26
liquidsec Jun 25, 2026
15e884c
Merge pull request #3239 from blacklanternsecurity/cloudcheck-ssl-gra…
liquidsec Jun 25, 2026
2802c97
Merge pull request #3222 from blacklanternsecurity/consolidate-http-t…
liquidsec Jun 25, 2026
cf92ce9
Merge branch 'dev' into e2e-tests
liquidsec Jun 25, 2026
edf7c7d
Merge pull request #3210 from blacklanternsecurity/e2e-tests
liquidsec Jun 25, 2026
e2f4847
Merge pull request #3197 from blacklanternsecurity/certspotter-api-key
liquidsec Jun 25, 2026
cdc2771
Migration guide: stale-config reset flags, vhost rename, wpscan removal
liquidsec Jun 26, 2026
3a538a9
Bump ruff from 0.15.18 to 0.15.20
dependabot[bot] Jun 28, 2026
333f87a
Bump actions/cache from 5 to 6 in the github-actions group
dependabot[bot] Jun 28, 2026
1380c6a
Merge pull request #3248 from blacklanternsecurity/dependabot/github_…
liquidsec Jun 29, 2026
0d98f35
Merge branch 'dev' into docs-update
liquidsec Jun 29, 2026
fea6405
Remove dead engine code
liquidsec Jun 29, 2026
72b4120
Merge pull request #3249 from blacklanternsecurity/remove-dead-engine
liquidsec Jun 29, 2026
d06e9d5
Merge branch 'dev' into docs-update
liquidsec Jun 29, 2026
f26b6b1
Regenerate docs from current module roster
liquidsec Jun 29, 2026
b909889
Fix stale 2.x references in prose docs
liquidsec Jun 29, 2026
353318a
Keep metavar placeholders in CLI help
liquidsec Jun 29, 2026
508b7f5
Point docs links at Stable instead of Dev
liquidsec Jun 29, 2026
6166dd7
Migration guide: engine framework removal, redact_secrets, waf_bypass
liquidsec Jun 30, 2026
e7b008c
Merge docs-update into docs-3.0-breaking-changes
liquidsec Jun 30, 2026
98bb96c
Merge pull request #3128 from blacklanternsecurity/docs-3.0-breaking-…
liquidsec Jun 30, 2026
6d33cb0
Fix event.md cross-link and add webbrute to nav
liquidsec Jun 30, 2026
591c25a
Add internal modules page to nav
liquidsec Jun 30, 2026
a07e750
Merge pull request #3247 from blacklanternsecurity/dependabot/pip/dev…
liquidsec Jun 30, 2026
7eb718b
Merge pull request #3208 from blacklanternsecurity/docs-update
liquidsec Jun 30, 2026
3d1338e
asn: filter non-global IPs and serialize asndb lookups
liquidsec Jul 2, 2026
5243115
Merge pull request #3251 from blacklanternsecurity/asn-lookup-hardening
liquidsec Jul 3, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
version: 2
updates:
- package-ecosystem: "pip"
- package-ecosystem: "uv"
directory: "/"
schedule:
interval: "weekly"
Expand Down
147 changes: 66 additions & 81 deletions .github/workflows/benchmark.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ permissions:
jobs:
benchmark:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
with:
fetch-depth: 0 # Need full history for branch comparison

Expand All @@ -29,10 +29,11 @@ jobs:
with:
python-version: "3.11"

- name: Install uv
uses: astral-sh/setup-uv@v7

- name: Install dependencies
run: |
pip install poetry
poetry install --with dev
run: uv sync --group dev

- name: Install system dependencies
run: |
Expand All @@ -42,7 +43,7 @@ jobs:
# Generate benchmark comparison report using our branch-based script
- name: Generate benchmark comparison report
run: |
poetry run python bbot/scripts/benchmark_report.py \
uv run python bbot/scripts/benchmark_report.py \
--base ${{ github.base_ref }} \
--current ${{ github.head_ref }} \
--output benchmark_report.md \
Expand All @@ -51,7 +52,7 @@ jobs:

# Upload benchmark results as artifacts
- name: Upload benchmark results
uses: actions/upload-artifact@v6
uses: actions/upload-artifact@v7
with:
name: benchmark-results
path: |
Expand All @@ -62,105 +63,89 @@ jobs:

# Comment on PR with benchmark results
- name: Comment benchmark results on PR
uses: actions/github-script@v8
uses: actions/github-script@v9
with:
script: |
const fs = require('fs');

try {
const report = fs.readFileSync('benchmark_report.md', 'utf8');

// Find existing benchmark comment (with pagination)

// Helper: find existing benchmark comments on this PR
async function findBenchmarkComments() {
const comments = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
per_page: 100, // Get more comments per page
per_page: 100,
});

// Debug: log all comments to see what we're working with

console.log(`Found ${comments.data.length} comments on this PR`);
comments.data.forEach((comment, index) => {
console.log(`Comment ${index}: user=${comment.user.login}, body preview="${comment.body.substring(0, 100)}..."`);
});

const existingComments = comments.data.filter(comment =>

const benchmarkComments = comments.data.filter(comment =>
comment.body.toLowerCase().includes('performance benchmark') &&
comment.user.login === 'github-actions[bot]'
);

console.log(`Found ${existingComments.length} existing benchmark comments`);

if (existingComments.length > 0) {
// Sort comments by creation date to find the most recent
const sortedComments = existingComments.sort((a, b) =>

console.log(`Found ${benchmarkComments.length} existing benchmark comments`);
return benchmarkComments;
}

// Helper: post or update the benchmark comment
async function upsertComment(body) {
const existing = await findBenchmarkComments();

if (existing.length > 0) {
const sorted = existing.sort((a, b) =>
new Date(b.created_at) - new Date(a.created_at)
);

const mostRecentComment = sortedComments[0];
console.log(`Updating most recent benchmark comment: ${mostRecentComment.id} (created: ${mostRecentComment.created_at})`);


await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: mostRecentComment.id,
body: report
comment_id: sorted[0].id,
body: body
});
console.log('Updated existing benchmark comment');

// Delete any older duplicate comments
if (existingComments.length > 1) {
console.log(`Deleting ${existingComments.length - 1} older duplicate comments`);
for (let i = 1; i < sortedComments.length; i++) {
const commentToDelete = sortedComments[i];
console.log(`Attempting to delete comment ${commentToDelete.id} (created: ${commentToDelete.created_at})`);

try {
await github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: commentToDelete.id
});
console.log(`Successfully deleted duplicate comment: ${commentToDelete.id}`);
} catch (error) {
console.error(`Failed to delete comment ${commentToDelete.id}: ${error.message}`);
console.error(`Error details:`, error);
}
console.log(`Updated benchmark comment: ${sorted[0].id}`);

// Clean up older duplicates
for (let i = 1; i < sorted.length; i++) {
try {
await github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: sorted[i].id
});
console.log(`Deleted duplicate comment: ${sorted[i].id}`);
} catch (e) {
console.error(`Failed to delete comment ${sorted[i].id}: ${e.message}`);
}
}
} else {
// Create new comment
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: report
body: body
});
console.log('Created new benchmark comment');
}
} catch (error) {
console.error('Failed to post benchmark results:', error);

// Post a fallback comment
const fallbackMessage = [
'## Performance Benchmark Report',
'',
'> ⚠️ **Failed to generate detailed benchmark comparison**',
'> ',
'> The benchmark comparison failed to run. This might be because:',
'> - Benchmark tests don\'t exist on the base branch yet',
'> - Dependencies are missing',
'> - Test execution failed',
'> ',
'> Please check the [workflow logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.',
'> ',
'> 📁 Benchmark artifacts may be available for download from the workflow run.'
].join('\\n');

await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: fallbackMessage
});
}
}

let report;
try {
report = fs.readFileSync('benchmark_report.md', 'utf8');
} catch (e) {
console.error('Failed to read benchmark report:', e.message);
report = `## Performance Benchmark Report

> **Failed to generate detailed benchmark comparison**
>
> The benchmark comparison failed to run. This might be because:
> - Benchmark tests don't exist on the base branch yet
> - Dependencies are missing
> - Test execution failed
>
> Please check the [workflow logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
>
> Benchmark artifacts may be available for download from the workflow run.`;
}

await upsertComment(report);
2 changes: 1 addition & 1 deletion .github/workflows/cla.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ permissions:

jobs:
cla:
uses: blacklanternsecurity/.github/.github/workflows/cla-reusable.yml@main
uses: blacklanternsecurity/CLA/.github/workflows/cla-reusable.yml@main
secrets: inherit
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@v7

# Add any setup steps before running the `github/codeql-action/init` action.
# This includes steps like installing compilers or runtimes (`actions/setup-node`
Expand Down
40 changes: 14 additions & 26 deletions .github/workflows/distro_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,14 @@ jobs:
strategy:
fail-fast: false
matrix:
os: ["ubuntu:22.04", "ubuntu:24.04", "debian", "archlinux", "fedora", "kalilinux/kali-rolling", "parrotsec/security"]
os: ["ubuntu:22.04", "ubuntu:24.04", "debian", "archlinux", "fedora", "kalilinux/kali-rolling"]
steps:
- uses: actions/checkout@v6
- name: Install Python and Poetry
- uses: actions/checkout@v7
- name: Install Python and uv
run: |
if [ -f /etc/os-release ]; then
. /etc/os-release
if [ "$ID" = "ubuntu" ] || [ "$ID" = "debian" ] || [ "$ID" = "kali" ] || [ "$ID" = "parrotsec" ]; then
if [ "$ID" = "ubuntu" ] || [ "$ID" = "debian" ] || [ "$ID" = "kali" ]; then
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get -y install curl git bash build-essential docker.io libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev
Expand All @@ -38,35 +38,23 @@ jobs:
fi
fi

# Re-run the script with bash
exec bash -c "
curl https://pyenv.run | bash
export PATH=\"$HOME/.pyenv/bin:\$PATH\"
export PATH=\"$HOME/.local/bin:\$PATH\"
eval \"\$(pyenv init --path)\"
eval \"\$(pyenv init -)\"
eval \"\$(pyenv virtualenv-init -)\"
pyenv install 3.11
pyenv global 3.11
pyenv rehash
python3.11 -m pip install --user pipx
python3.11 -m pipx ensurepath
pipx install poetry
"
# Install uv (standalone binary, no Python prerequisite)
curl -LsSf https://astral.sh/uv/install.sh | sh
- name: Set OS Environment Variable
run: echo "OS_NAME=${{ matrix.os }}" | sed 's|[:/]|_|g' >> $GITHUB_ENV
- name: Run tests
run: |
export PATH="$HOME/.local/bin:$PATH"
export PATH="$HOME/.pyenv/bin:$PATH"
export PATH="$HOME/.pyenv/shims:$PATH"
export PATH="/github/home/.local/bin:$PATH"
# Fix HOME to match euid (root) so rustup/cargo don't refuse to build
export HOME="$(getent passwd $(whoami) | cut -d: -f6)"
export BBOT_DISTRO_TESTS=true
poetry env use python3.11
poetry install
poetry run pytest --reruns 2 --exitfirst -o timeout_func_only=true --timeout 1200 --disable-warnings --log-cli-level=INFO .
uv python install 3.12
uv python pin 3.12
uv sync --group dev
uv run pytest --reruns 2 --exitfirst -o timeout_func_only=true --timeout 1200 --disable-warnings --log-cli-level=INFO .
- name: Upload Debug Logs
if: always()
uses: actions/upload-artifact@v6
uses: actions/upload-artifact@v7
with:
name: pytest-debug-logs-${{ env.OS_NAME }}
path: pytest_debug.log
10 changes: 5 additions & 5 deletions .github/workflows/docs_updater.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,21 +9,21 @@ jobs:
update_docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
with:
token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }}
ref: dev # Checkout the dev branch
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: "3.x"
- name: Install uv
uses: astral-sh/setup-uv@v7
- name: Install dependencies
run: |
pip install poetry
poetry install
run: uv sync --frozen --group dev
- name: Generate docs
run: |
poetry run bbot/scripts/docs.py
uv run --no-sync bbot/scripts/docs.py
- name: Create or Update Pull Request
uses: peter-evans/create-pull-request@v8
with:
Expand Down
Loading
Loading