AI Hub Icon
AIBit Discover Open Source Projects
Home / Practical Open Source Projects

BBOT: Ultimate OSINT & Recon Scanner for Hackers

April 09, 2026
Category: Practical Open Source Projects
Tags:
bug bounty OSINT BBOT Recon Security Scanner

BBOT: The Ultimate Recursive OSINT Scanner for Modern Hackers

In the world of cybersecurity, reconnaissance is king. Enter BBOT - a multipurpose scanner inspired by Spiderfoot but built for the modern era of bug bounties, attack surface management (ASM), and automated reconnaissance.

What Makes BBOT Different?

BBOT isn't just another scanner. It consistently finds 20-50% more subdomains than competing tools, especially on large targets. This isn't magic - it's smart recursion, NLP-powered mutations, and comprehensive module coverage.

# Install stable version
pipx install bbot

# Find subdomains of evilcorp.com
bbot -t evilcorp.com -p subdomain-enum

# Passive sources only
bbot -t evilcorp.com -p subdomain-enum -rf passive

Ready-to-Use Presets

BBOT ships with battle-tested profiles:

1. Subdomain Enumeration (subdomain-enum)

  • Passive APIs + recursive DNS brute-force
  • Target-specific subdomain mutations

2. Web Spidering (spider)

  • Extracts emails, URLs, and juicy data
  • Configurable depth and link following

3. Email Gathering (email-enum)

  • Free APIs + web scraping
  • Perfect companion to subdomain enum

4. Web Scanning (web-basic/web-thorough)

  • Lightweight to aggressive vulnerability scanning

5. Kitchen Sink (everything everywhere all at once)

bbot -t evilcorp.com -p kitchen-sink --allow-deadly

Key Features

βœ… Multiple Target Types: Domains, IPs, URLs, emails, orgs, users

βœ… Rich Output Options: Neo4j, Discord, Slack, Postgres, CSV, JSON

βœ… Python Library: Use synchronously or asynchronously

βœ… API Key Support: Shodan, VirusTotal, SecurityTrails, and more

βœ… Web Screenshots & YARA Rules: Complete attack surface visibility

βœ… Docker Ready: bbot-docker.sh for instant deployment

Real-World Example

bbot -t evilcorp.com -p subdomain-enum cloud-enum email-enum spider web-basic

This single command discovers: - All subdomains (passive + brute-force) - Cloud buckets and storage - Employee emails - Web app attack surface - Basic vulnerabilities

Why Security Pros Love BBOT

  • 9.6k GitHub stars, 51 contributors
  • DEF CON Recon Village 2024 featured
  • Active Discord community
  • AGPL-3.0 licensed (community-driven)

Get Started Today

pipx install bbot
bbot -t example.com -p subdomain-enum

BBOT turns hours of manual recon into minutes of automated discovery. Whether you're hunting bugs, mapping attack surfaces, or conducting threat intelligence, BBOT delivers results other tools miss.

πŸš€ GitHub Repo | πŸ“– Documentation

Original Article: View Original

Share this article