Skip to main content

OSINT automation for hackers.

Project description



OSINT automation for hackers.

Python Version Black License DEF CON Demo Labs 2023 Tests Codecov Pypi Downloads Discord

BBOT (Bighuge BLS OSINT Tool) is a modular, recursive OSINT framework that can execute the entire OSINT workflow in a single command.

BBOT is inspired by Spiderfoot but takes it to the next level with features like multi-target scans, lightning-fast asyncio performance, and NLP-powered subdomain mutations. It offers a wide range of functionality, including subdomain enumeration, port scanning, web screenshots, vulnerability scanning, and much more.


BBOT typically outperforms other subdomain enumeration tools by 20-25%. To learn how this is possible, see How It Works.

Full Documentation Here.

Installation (pip)

For more installation methods including Docker, see Installation.

# Prerequisites:
# - Linux (Windows and macOS are *not* supported)
# - Python 3.9 or newer

# stable version
pipx install bbot

# bleeding edge (dev branch)
pipx install --pip-args '\--pre' bbot

bbot --help

Example Commands

Scan output, logs, etc. are saved to ~/.bbot. For more detailed examples and explanations, see Scanning.


# Perform a full subdomain enumeration on
bbot -t -f subdomain-enum

Subdomains (passive only):

# Perform a passive-only subdomain enumeration on
bbot -t -f subdomain-enum -rf passive

Subdomains + port scan + web screenshots:

# Port-scan every subdomain, screenshot every webpage, output to current directory
bbot -t -f subdomain-enum -m nmap gowitness -n my_scan -o .

Subdomains + basic web scan:

# A basic web scan includes wappalyzer, robots.txt, and other non-intrusive web modules
bbot -t -f subdomain-enum web-basic

Web spider:

# Crawl up to a max depth of 2, automatically extracting emails, secrets, etc.
bbot -t -m httpx robots badsecrets secretsdb -c web_spider_distance=2 web_spider_depth=2

Everything everywhere all at once:

# Subdomains, emails, cloud buckets, port scan, basic web, web screenshots, nuclei
bbot -t -f subdomain-enum email-enum cloud-enum web-basic -m nmap gowitness nuclei --allow-deadly


BBOT accepts an unlimited number of targets. You can specify targets either directly on the command line or in files (or both!). Targets can be any of the following:

  • DNS_NAME (
  • IP_RANGE (
  • URL (

For more information, see Targets. To learn how BBOT handles scope, see Scope.

BBOT as a Python library


from bbot.scanner import Scanner

# any number of targets can be specified
scan = Scanner("", "", modules=["nmap", "sslcert"])
for event in scan.start():


from bbot.scanner import Scanner

async def main():
    scan = Scanner("", "", modules=["nmap", "sslcert"])
    async for event in scan.async_start():

import asyncio



Thanks to these amazing people for contributing to BBOT! :heart:

If you're interested in contributing to BBOT, or just curious how it works under the hood, see Contribution.

Special thanks to the following people who made BBOT possible:

  • @TheTechromancer for creating BBOT
  • @liquidsec for his extensive work on BBOT's web hacking features, including badsecrets
  • Steve Micallef (@smicallef) for creating Spiderfoot
  • @kerrymilan for his Neo4j and Ansible expertise
  • Aleksei Kornev (@alekseiko) for allowing us ownership of the bbot Pypi repository <3

Project details

Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bbot- (1.3 MB view hashes)

Uploaded source

Built Distribution

bbot- (1.4 MB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page