blacklanternsecurity
`self.timeout` unused in gowitness module
Describe the bug In the gowitness module a timeout config is allowed but never used in the command. https://github.com/blacklanternsecurity/bbot/blob/stable/bbot/modules/gowitness.py#L83
def construct_command(self):
# base executable
command = ["gowitness"]
# chrome path
if self.chrome_path is not None:
command += ["--chrome-path", str(self.chrome_path)]
# db path
command += ["--db-path", str(self.db_path)]
# screenshot path
command += ["--screenshot-path", str(self.screenshot_path)]
# user agent
command += ["--user-agent", f"{self.scan.useragent}"]
# proxy
if self.proxy:
command += ["--proxy", str(self.proxy)]
# resolution
command += ["--resolution-x", str(self.resolution_x)]
command += ["--resolution-y", str(self.resolution_y)]
# input
command += ["file", "-f", "-"]
# threads
command += ["--threads", str(self.threads)]
return command
As httpx is raising the URL events its timeouts are inherited by this module. But it would be good if this was configurable as mentioned here
Nice catch, thanks for reporting. It's a good point and also I think we could be setting a timeout on the gowitness command in case it gets stuck.
Actually something else we could do is automatically scale the threads based on the number of CPUs. I'll see about making a quick PR.
Added a new timeout feature for subprocesses, and set gowitness to time out after 30 minutes. If it times out, it will log the offending URLs.
https://github.com/blacklanternsecurity/bbot/pull/1379
After this PR: https://github.com/blacklanternsecurity/bbot/pull/1384, gowitness will default to a thread count of 2x the number of CPU cores on the system.