Merge pull request #2760 from blacklanternsecurity/dev

Dev -> Stable 2.8.0

Author: TheTechromancer

.github/workflows/benchmark.yml

@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
       with:
         fetch-depth: 0  # Need full history for branch comparison
 
@@ -51,7 +51,7 @@ jobs:
 
     # Upload benchmark results as artifacts
     - name: Upload benchmark results
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: benchmark-results
         path: |

.github/workflows/codeql.yml

@@ -55,7 +55,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
 
     # Add any setup steps before running the `github/codeql-action/init` action.
     # This includes steps like installing compilers or runtimes (`actions/setup-node`

.github/workflows/distro_tests.yml

@@ -16,7 +16,7 @@ jobs:
       matrix:
         os: ["ubuntu:22.04", "ubuntu:24.04", "debian", "archlinux", "fedora", "kalilinux/kali-rolling", "parrotsec/security"]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Install Python and Poetry
         run: |
           if [ -f /etc/os-release ]; then
@@ -66,7 +66,7 @@ jobs:
           poetry run pytest --reruns 2 --exitfirst -o timeout_func_only=true --timeout 1200 --disable-warnings --log-cli-level=INFO .
       - name: Upload Debug Logs
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: pytest-debug-logs-${{ env.OS_NAME }}
           path: pytest_debug.log

.github/workflows/docs_updater.yml

@@ -9,7 +9,7 @@ jobs:
   update_docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }}
           ref: dev  # Checkout the dev branch
@@ -25,7 +25,7 @@ jobs:
         run: |
           poetry run bbot/scripts/docs.py
       - name: Create or Update Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v8
         with:
           token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }}
           branch: update-docs

.github/workflows/tests.yml

@@ -19,7 +19,7 @@ jobs:
       matrix:
         python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Set up Python
         uses: actions/setup-python@v6
         with:
@@ -39,7 +39,7 @@ jobs:
           poetry run pytest -vv --reruns 2 -o timeout_func_only=true --timeout 1200 --disable-warnings --log-cli-level=INFO --cov-config=bbot/test/coverage.cfg --cov-report xml:cov.xml --cov=bbot .
       - name: Upload Debug Logs
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: pytest-debug-logs-${{ env.PYTHON_VERSION }}
           path: pytest_debug.log
@@ -55,9 +55,16 @@ jobs:
     if: github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/stable')
     continue-on-error: true
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Set up Python
         uses: actions/setup-python@v6
         with:
@@ -77,44 +84,111 @@ jobs:
           password: ${{ secrets.PYPI_API_TOKEN }}
       - name: Get BBOT version
         id: version
-        run: echo "BBOT_VERSION=$(poetry version | cut -d' ' -f2)" >> $GITHUB_OUTPUT
+        run: |
+          FULL_VERSION=$(poetry version | cut -d' ' -f2)
+          echo "BBOT_VERSION=$FULL_VERSION" >> $GITHUB_OUTPUT
+          # Extract major.minor (e.g., 2.7 from 2.7.1)
+          MAJOR_MINOR=$(echo "$FULL_VERSION" | cut -d'.' -f1-2)
+          echo "BBOT_VERSION_MAJOR_MINOR=$MAJOR_MINOR" >> $GITHUB_OUTPUT
+          # Extract major (e.g., 2 from 2.7.1)
+          MAJOR=$(echo "$FULL_VERSION" | cut -d'.' -f1)
+          echo "BBOT_VERSION_MAJOR=$MAJOR" >> $GITHUB_OUTPUT
       - name: Publish to Docker Hub (dev)
         if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
-        uses: elgohr/Publish-Docker-Github-Action@v5
+        uses: docker/build-push-action@v6
         with:
-          name: blacklanternsecurity/bbot
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-          tags: "latest,dev,${{ steps.version.outputs.BBOT_VERSION }}"
+          push: true
+          context: .
+          tags: |
+            blacklanternsecurity/bbot:latest
+            blacklanternsecurity/bbot:dev
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION }}
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR_MINOR }}
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR }}
       - name: Publish to Docker Hub (stable)
         if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
-        uses: elgohr/Publish-Docker-Github-Action@v5
+        uses: docker/build-push-action@v6
         with:
-          name: blacklanternsecurity/bbot
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-          tags: "stable,${{ steps.version.outputs.BBOT_VERSION }}"
+          push: true
+          context: .
+          tags: |
+            blacklanternsecurity/bbot:stable
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION }}
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR_MINOR }}
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR }}
+      - name: Publish Full Docker Image to Docker Hub (dev)
+        if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          file: Dockerfile.full
+          context: .
+          tags: |
+            blacklanternsecurity/bbot:latest-full
+            blacklanternsecurity/bbot:dev-full
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION }}-full
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR_MINOR }}-full
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR }}-full
+      - name: Publish Full Docker Image to Docker Hub (stable)
+        if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          file: Dockerfile.full
+          context: .
+          tags: |
+            blacklanternsecurity/bbot:stable-full
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION }}-full
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR_MINOR }}-full
+            blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR }}-full
       - name: Docker Hub Description
         if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
         uses: peter-evans/dockerhub-description@v5
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
           repository: blacklanternsecurity/bbot
+      - name: Clean up old Docker Hub tags (up to 50 most recent tags plus 'latest')
+        if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
+        run: |
+          # Install jq for JSON processing
+          sudo apt-get update && sudo apt-get install -y jq
+
+          IMAGE="blacklanternsecurity/bbot"
+
+          # Clean up dev tags (keep 50 most recent)
+          for tag_pattern in "rc$" "rc-full$"; do
+            echo "Cleaning up tags ending with $tag_pattern..."
+
+            tags_response=$(curl -s -H "Authorization: Bearer ${{ secrets.DOCKER_TOKEN }}" \
+              "https://hub.docker.com/v2/repositories/$IMAGE/tags/?page_size=100")
+
+            tags_to_delete=$(echo "$tags_response" | jq -r --arg pattern "$tag_pattern" \
+              '.results[] | select(.name | test($pattern)) | [.last_updated, .name] | @tsv' | \
+              sort -r | tail -n +51 | cut -f2)
+
+            for tag in $tags_to_delete; do
+              echo "Deleting $IMAGE tag: $tag"
+              curl -X DELETE -H "Authorization: Bearer ${{ secrets.DOCKER_TOKEN }}" \
+                "https://hub.docker.com/v2/repositories/$IMAGE/tags/$tag/"
+            done
+
+            echo "Cleanup completed for tags ending with $tag_pattern. Kept 50 most recent."
+          done
     outputs:
       BBOT_VERSION: ${{ steps.version.outputs.BBOT_VERSION }}
   publish_docs:
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && (github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev')
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }}
       - uses: actions/setup-python@v6
         with:
           python-version: "3.11"
       - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
-      - uses: actions/cache@v4
+      - uses: actions/cache@v5
         with:
           key: mkdocs-material-${{ env.cache_id }}
           path: .cache
@@ -151,7 +225,7 @@ jobs:
   #   runs-on: ubuntu-latest
   #   if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
   #   steps:
-  #     - uses: actions/checkout@v5
+  #     - uses: actions/checkout@v6
   #       with:
   #         ref: ${{ github.head_ref }}
   #         fetch-depth: 0 # Fetch all history for all tags and branches

.github/workflows/version_updater.yml

@@ -9,7 +9,7 @@ jobs:
   update-nuclei-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           ref: dev
           fetch-depth: 0
@@ -44,7 +44,7 @@ jobs:
         run: "sed -i '0,/\"version\": \".*\",/ s/\"version\": \".*\",/\"version\": \"${{ env.latest_version }}\",/g' bbot/modules/nuclei.py"
       - name: Create pull request to update the version
         if: steps.update-version.outcome == 'success'
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v8
         with:
           token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }}
           commit-message: "Update nuclei"
@@ -61,7 +61,7 @@ jobs:
   update-trufflehog-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           ref: dev
           fetch-depth: 0
@@ -96,7 +96,7 @@ jobs:
         run: "sed -i '0,/\"version\": \".*\",/ s/\"version\": \".*\",/\"version\": \"${{ env.latest_version }}\",/g' bbot/modules/trufflehog.py"
       - name: Create pull request to update the version
         if: steps.update-version.outcome == 'success'
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v8
         with:
           token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }}
           commit-message: "Update trufflehog"

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.10-slim
+FROM python:3.11-slim
 
 ENV LANG=C.UTF-8
 ENV LC_ALL=C.UTF-8

Dockerfile.full

@@ -0,0 +1,19 @@
+FROM python:3.11-slim
+
+ENV LANG=C.UTF-8
+ENV LC_ALL=C.UTF-8
+ENV PIP_NO_CACHE_DIR=off
+
+WORKDIR /usr/src/bbot
+
+RUN apt-get update && apt-get install -y openssl gcc git make unzip curl wget vim nano sudo
+
+COPY . .
+
+RUN pip install .
+
+RUN bbot --install-all-deps
+
+WORKDIR /root
+
+ENTRYPOINT [ "bbot" ]