Meet BBOT: Your New Favorite Recon Tool
BBOT (short for BeeĀ·bot) is a powerful, multipurpose Python-based scanner designed to automate recon, bug bounty hunting, and attack surface management (ASM). Inspired by tools like Spiderfoot but modernized for today’s needs, BBOT delivers speed, modularity, and scalability for cybersecurity professionals and hobbyists alike.
With native support for multiple targets, extensive output options, and seamless integration with popular APIs, BBOT is more than a tool-it’s a full-fledged recon framework that adapts to your workflow.
Why BBOT?
Reconnaissance is the foundation of offensive security. BBOT streamlines this critical phase with:
- Subdomain enumeration that consistently outperforms other tools
- Web spidering and email harvesting
- Light and aggressive web scanning presets
- YAML-driven customization with modular architecture
- Support for over a dozen output formats including Neo4j, CSV, JSON, and Splunk
Installation Made Simple
To get started with BBOT, simply run:
pipx install bbotFor the latest development version:
pipx install --pip-args '--pre' bbotDocker images and advanced installation options are available via the official Getting Started guide.
Core Features & Usage Examples
Subdomain Enumeration
Discover subdomains using passive APIs and brute-force techniques:
bbot -t evilcorp.com -p subdomain-enumBBOT finds 20-50% more subdomains than other tools, especially on larger domains.
Web Spidering
Extract emails and files by crawling target websites:
bbot -t evilcorp.com -p spiderEmail Harvesting
Scrape email addresses from web content and APIs:
bbot -t evilcorp.com -p email-enumWeb Scanning
Run lightweight or aggressive web scans:
bbot -t www.evilcorp.com -p web-basic
bbot -t www.evilcorp.com -p web-thoroughEverything at Once
For comprehensive recon in one go:
bbot -t evilcorp.com -p kitchen-sink --allow-deadlyTargets and Scope
BBOT accepts a wide range of target types, including:
- Domains (e.g. evilcorp.com)
- IP ranges (e.g. 1.2.3.0/24)
- URLs, emails, organizations, usernames
- Even mobile app package names and file paths
Define scope via command-line or config files to keep scans focused and efficient.
Output Options
BBOT can export scan data to:
- Neo4j, Elasticsearch, and Splunk for advanced querying
- Slack, Discord, and Microsoft Teams for real-time alerts
- SQL databases and CSV/JSON files for storage and analysis
Security and Dependencies
BBOT supports API key configuration for services like Shodan, VirusTotal, and SecurityTrails. Keys can be added to your ~/.config/bbot/bbot.yml file or passed directly via the command line.
All dependencies are auto-installed, and Ansible scripts are provided for streamlined environment setup.
Python API for Developers
Use BBOT as a library for custom applications. Both synchronous and asynchronous scanning are supported:
from bbot.scanner import Scanner
scan = Scanner("evilcorp.com", presets=["subdomain-enum"])Community & Contributions
BBOT thrives on community contributions-from module ideas to code enhancements. Check out the developer docs to get involved.
Final Thoughts
BBOT isn’t just another recon tool. It’s a flexible, extensible framework built for modern offensive security workflows. Whether you’re working on bug bounties or managing enterprise attack surfaces, BBOT gives you the power to automate and innovate your reconnaissance efforts.