Automic VaultAutomic Vault

brew

Install bbot with Homebrew, Nix

OSINT automation tool. Version 2.8.4 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install bbot

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#bbot

nixpkgs package indexes · pkgs/by-name/bb/bbot/package.nix · source: api.github.com

overview

Package summary

OSINT automation tool

Commands and aliases

  • bbot

history

Project history and usage

BBOT is Black Lantern Security's OSINT, reconnaissance, bug-bounty, and attack-surface-management automation tool. It packages many passive and active discovery modules behind a single `bbot` scanner and preset system.

Project history

The upstream README describes BBOT as inspired by SpiderFoot and built to automate recon, bug bounties, and ASM. Its examples emphasize repeatable presets for subdomain enumeration, web crawling, email gathering, and web scanning.

The PyPI release metadata shows a 1.0.0 package upload on 2022-08-18. By the current upstream README, the project has stable and development installation tracks, Docker distribution, a public documentation site, and a community Discord.

Adoption history

BBOT's adoption follows the modern Python security-tool path: PyPI and pipx for primary installation, Docker for isolated runs, GitHub for development, and Homebrew/Nix formulas for users who expect security tooling in system package managers.

How it is used

Operators use BBOT by giving it targets and presets such as `subdomain-enum`, `spider`, `email-enum`, `web-basic`, or `web-thorough`. Configuration stores module options and API keys, so the same scan recipes can be repeated across assessments.

Why package nerds care

BBOT is interesting in package history because it is a high-churn security automation tool that still reaches general package managers. It shows how OSINT tooling has moved from one-off scripts toward modular scanners with presets, docs, containers, PyPI packages, and native package-manager entries.

Timeline

  • 2022-08-18: PyPI metadata records BBOT 1.0.0 uploads.
  • 2023: Upstream README advertises a DEF CON Recon Village/Demo Labs appearance.
  • Current: README documents stable installation with `pipx install bbot`, Docker, and the official documentation site.
  • 2026-06-09: PyPI metadata records 3.0.0.986rc0 release-candidate uploads.

Related projects

  • Related projects include SpiderFoot, Amass, Subfinder, httpx, Nuclei, and other reconnaissance and attack-surface-management tools.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for bbot. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 7 runtime dependencies.
  • Build metadata lists 5 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.config/bbot/bbot.yml

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.config/bbot/bbot.yml

executables

Installed executables

CommandKindExposureNote
bbotcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.8.4
manager updated2026-06-15
local dataok
upstreamnot checked
latest detectednot detected

https://www.blacklanternsecurity.com/bbot/

install metadata

Package metadata

Package keybrew:bbot
Version2.8.4
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/bbot
Homepagehttps://www.blacklanternsecurity.com/bbot/
Repositoryhttps://github.com/blacklanternsecurity/bbot
Upstream docshttps://www.blacklanternsecurity.com/bbot/Stable
LicenseAGPL-3.0-only
Source archivehttps://files.pythonhosted.org/packages/6a/83/24a0087894d853703f64ab2044927ef56c831edb379295a873b05f34eb92/bbot-2.8.4.tar.gz
Last updated2026-06-15T10:20:10-04:00
Pulseupdated
Dependenciescertifi, cryptography, libyaml, openssl@3, pydantic, python@3.14, zeromq
Build dependenciescmake, ninja, openjdk, pkgconf, rust
Uses from macOSlibxml2, libxslt
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namebbot
Version Scheme0
Revision6
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

bbot

nix profile install nixpkgs#bbot
  • normalized package name match
  • Matched by: Bbot
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/bb/bbot/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment