BBOT: The Swiss Army Knife for Recon, Bug Bounties, and ASM

Meet BBOT: Your New Favorite Recon Tool

BBOT (short for Bee·bot) is a powerful, multipurpose Python-based scanner designed to automate recon, bug bounty hunting, and attack surface management (ASM). Inspired by tools like Spiderfoot but modernized for today’s needs, BBOT delivers speed, modularity, and scalability for cybersecurity professionals and hobbyists alike.

With native support for multiple targets, extensive output options, and seamless integration with popular APIs, BBOT is more than a tool-it’s a full-fledged recon framework that adapts to your workflow.

Why BBOT?

Reconnaissance is the foundation of offensive security. BBOT streamlines this critical phase with:

• Subdomain enumeration that consistently outperforms other tools
• Web spidering and email harvesting
• Light and aggressive web scanning presets
• YAML-driven customization with modular architecture
• Support for over a dozen output formats including Neo4j, CSV, JSON, and Splunk

Installation Made Simple

To get started with BBOT, simply run:

pipx install bbot

For the latest development version:

pipx install --pip-args '--pre' bbot

Docker images and advanced installation options are available via the official Getting Started guide.

Core Features & Usage Examples

Subdomain Enumeration

Discover subdomains using passive APIs and brute-force techniques:

bbot -t evilcorp.com -p subdomain-enum

BBOT finds 20-50% more subdomains than other tools, especially on larger domains.

Web Spidering

Extract emails and files by crawling target websites:

bbot -t evilcorp.com -p spider

Email Harvesting

Scrape email addresses from web content and APIs:

bbot -t evilcorp.com -p email-enum

Web Scanning

Run lightweight or aggressive web scans:

bbot -t www.evilcorp.com -p web-basic
bbot -t www.evilcorp.com -p web-thorough

Everything at Once

For comprehensive recon in one go:

bbot -t evilcorp.com -p kitchen-sink --allow-deadly

Targets and Scope

BBOT accepts a wide range of target types, including:

• Domains (e.g. evilcorp.com)
• IP ranges (e.g. 1.2.3.0/24)
• URLs, emails, organizations, usernames
• Even mobile app package names and file paths

Define scope via command-line or config files to keep scans focused and efficient.

Output Options

BBOT can export scan data to:

• Neo4j, Elasticsearch, and Splunk for advanced querying
• Slack, Discord, and Microsoft Teams for real-time alerts
• SQL databases and CSV/JSON files for storage and analysis

Security and Dependencies

BBOT supports API key configuration for services like Shodan, VirusTotal, and SecurityTrails. Keys can be added to your ~/.config/bbot/bbot.yml file or passed directly via the command line.

All dependencies are auto-installed, and Ansible scripts are provided for streamlined environment setup.

Python API for Developers

Use BBOT as a library for custom applications. Both synchronous and asynchronous scanning are supported:

from bbot.scanner import Scanner
scan = Scanner("evilcorp.com", presets=["subdomain-enum"])

Community & Contributions

BBOT thrives on community contributions-from module ideas to code enhancements. Check out the developer docs to get involved.

Final Thoughts

BBOT isn’t just another recon tool. It’s a flexible, extensible framework built for modern offensive security workflows. Whether you’re working on bug bounties or managing enterprise attack surfaces, BBOT gives you the power to automate and innovate your reconnaissance efforts.

Ready to scan smarter? Explore BBOT now.